[coreboot] Support for student project

[Peter Stuge]

Hi Tobias,

Tobias Wegner wrote:
> 'badusb'
> One of our main security targets is to stop boot sector attacks.

Then use a payload which ignores MBR, such as FILO, Linux or GRUB.
Almost anything except SeaBIOS.

Given your focus on USB, a Linux payload with custom initramfs is
especially interesting. Then you can do this as part of the boot
process:

for bus in /sys/bus/usb/devices/usb*; do echo 0 > $bus/authorized_default; done

And of course use standard utilities both to interact with TPM if you
like, and to check signatures of follow-up code executed after the
initramfs.


//Peter