[coreboot] GSoC 2010

Carl-Daniel Hailfinger c-d.hailfinger.devel.2006 at gmx.net
Sun Mar 7 01:26:21 CET 2010 

On 07.03.2010 00:02, Stefan Reinauer wrote:
> On 3/6/10 9:17 PM, ron minnich wrote:
>   
>> On Sat, Mar 6, 2010 at 11:28 AM, Carl-Daniel Hailfinger wrote:
>>     
>>> Well, I implemented signature checking for coreboot (so that only signed
>>> payloads would be executed).
>>>
>>> The big question is: Do you want to protect against
>>> 1. someone with full hardware access (developer),
>>> 2. someone sitting in front of the machine but without hardware access
>>> (computer pool),
>>> 3. against evil malware (including rootkits)?
>>> I'd say the first category is pointless with current x86 hardware.
>>>
>>>       
>> I agree completely.
>>   
>>     
> Also, the question is what kind of privilege escalation can be caused by
> a security breach. While you can always solder a new flash chip on an
> x86 system these days you can still encrypt your data in order to
> protect (read) access.
>   

It depends on the security model. If you store the encryption key in the
ROM, people can read it out if they have hardware access. If there are
protections in place against such readout, there is still the chance to
rig something with the help of SerialICE.


>> 3 is the biggest concern. For me, anyway. (2) is close however.
>>   
>>     
> Someone sitting in front of the machine usually does have hardware
> access, so the differentiation is kind of artificial unless you count
> the people forgetting to bring soldering irons and screw drivers.
>   

I hope someone questions/stops you if you decide to bring screwdrivers
and a soldering iron to a shared student computer room and start taking
apart one of the machines. Then again, doing this is basic social
engineering, and if you are bold enough and ask loudly in that computer
room for someone to assist you, most people will think the operation is
entirely legit.

In the end, what we need is a detailed security model which includes a
good understanding of the threat we want to protect against. Doing many
"security things" is not a fix for anything, but a hand-tailored
solution has the chance of addressing one given problem.

Regards,
Carl-Daniel

-- 
"I do consider assignment statements and pointer variables to be among
computer science's most valuable treasures."
-- Donald E. Knuth

More information about the coreboot mailing list