[coreboot] GSoC 2010
Stefan Reinauer
stepan at coresystems.de
Sat Mar 6 23:57:32 CET 2010
On 3/6/10 8:28 PM, Carl-Daniel Hailfinger wrote:
> On 06.03.2010 19:52, ron minnich wrote:
>
>> It would be nice, if a flashrom is in there, to also have some sort of
>> security too I think.
>>
>> Something that is not as easily compromised as the stuff that's out
>> there now, which relies on security through obscurity.
>>
>> Is it even possible?
>>
>>
> Well, I implemented signature checking for coreboot (so that only signed
> payloads would be executed).
>
When coresystems developed our first version of hard crypto signature
checking for firmware in 2007/2008 we explicitly decided to not check
the payload but only let the payload check further stages. The reason
was that if you're able to compromise the flash chip, you're able to
reprogram coreboot just as well as the payload. Also, we didn't want
feel comfortable to duplicate the amount of crypto code in the flash,
and there is no serious mechanism around that protects only the
bootblock, at least not on commonly used systems.
So I'm interested to hear your reasons to do this in coreboot itself...
Is your code publically available somewhere?
Regards,
Stefan
More information about the coreboot
mailing list