[coreboot] How to protect binary in flash chip? OTP?

Patrick Georgi pgeorgi at google.com
Fri May 6 08:19:46 CEST 2016

2016-05-06 6:49 GMT+02:00 Persmule <persmule at gmail.com>:
> DRM methods cannot "protect" anything. They can only do harm to end users.
That's an interesting statement for a political outreach discussion
group (although the relevant activist groups probably beat that
particular horse to death several times over.)
Please note that coreboot@ isn't that kind of place.

To go back to the original question, any such approach fails here (at
least on somewhat regular x86/arm designs on the market):
> The data in OTP is readable

Since the CPU needs to read the flash at some point, you can't avoid
it to read it (without breaking the legitimate use case). Sounds
circular - because it is.
The only scheme that could allow you to figure out sales numbers would
be some remote attestation scheme - but they'd need to be interested
in using it in the first place (plus, there's the assumption that the
device is networked).


More information about the coreboot mailing list