[coreboot] Dead links - missing information?

[Timothy Pearson]

On 08/05/2015 06:42 PM, Karl Schmidt wrote:
> On 08/05/2015 01:15 PM, Timothy Pearson wrote:
>> The climate has changed drastically.  I ported coreboot to the ASUS
>> KFSN4-DRE and KGPE-D16 boards for the same reason (secure computing),
>> but I think x86 is now end of line for this task given that AMD is
>> building a mandatory Platform Security Processor (PSP) into the next
>> generation of Opterons, and that Intel has been forcing the Management
>> Engine (ME) down everyone's throats.
> 
> My understanding of what is going on - it is claimed that this is about
> DRM, but that doesn't seem true as there has to be a lot of people that
> are also interested in keeping things secure for business reasons. 
> Having a supervising closed source OS obviously makes things less secure
> (just the added complexity opens a bunch of attack vectors).
> 
> My hunch, from having managed and worked with EEs and programmers that
> are smarter than me - these guys have one flaw - they think there is no
> one else that can see what they see and find the flaws(or back-doors
> depending on who you ask). (I can imagine other countries have high
> level automated disassembly capabilities that remain unpublished).
> 
> So I think that the people that have to keep secrets in government -
> either have totally different hardware or our national security is
> totally exposed due to incompetence (I think the latter).
> 
> I'm at the point where I think the lack of physical write-protect on
> hard-drive BIOS, BIOS's of USB-drives, microcode - etc is probably
> purposeful - instead of getting closer to a system that is user
> audit-able - we are headed in the opposite direction.

It is indeed purposeful, but intended primarily for "convenience".  Then
certain bad actors (e.g. hackers, unethical corporations, and many
nation states) abuse this for their own ends.

> I'm an aging assembly programmer/hardware guy among other things - I
> understand what actually happens in these chips - but I think the folks
> that are steering this ship just might be dangerously clueless. If we
> can't build truly secure business platforms, there is a real risk of a 
> business collapse. We can air-gap design production computers at a huge
> cost - but computers where people exchange money, by definition can't be
> disconnected.

Air-gapping will not protect against a truly malicious low-level
firmware.  You may slow data transfer somewhat and make initial access
harder, but that's about it.  For an example I refer you to the recent
hacking of drive firmware to store interesting data in a hidden
"partition" for later physical (non-network) retrieval.

> 
>> We are currently exploring migrating to IBM POWER8 in our next upgrade
>> cycle.  The hardware is expensive, but is at least as powerful as Intel
>> and much more secure.
> 
> Might need to head to FPGA based processors instead.

FPGAs are nowhere near powerful enough, and likely will never be
compared to current generation processors in existence at the same time.
 IMHO the best path at this time is to find a non-consumer oriented
platform where security outweighs convenience in the minds of the
designers, and right now POWER8 appears to be the only remaining
candidate.  If IBM also goes to the "dark side" then custom silicon
would be required, probably via licensing an existing core (ARM, POWER,
SPARC, etc.) and removing the objectionable parts, however we would need
to get a lot of companies on board for each run before that would be
feasible.

Once thing is for sure, if no one supports the companies that make truly
secure hardware and lets those companies know _why_ their hardware is
being used over Intel and AMD then they will eventually make the same
mistake...

-- 
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645
http://www.raptorengineeringinc.com