[coreboot] Rettungsboot
Trammell Hudson
hudson at trmm.net
Sun Nov 27 00:19:27 CET 2016
On Sat, Nov 26, 2016 at 10:46:33PM +0000, ron minnich wrote:
> [...]
> Every bootloader starts simple, and becomes an OS. Every single one starts
> with the intent of being small and compact and only supporting some needed
> subset of file systems/devices/protocols and ends up implementing
> everything.
And these bootloader filesystem/device/protocol implementations won't
receive the same battle-testing that the drivers in Linux receive,
since the bootloader versions are only used for such a short period of
time during the system bring up. So in addition to greatly increasing
the TCB, they also potentially introduce security vulnerabilities.
I'm in agreedment with Ron that the boot part of coreboot should have
as few drivers as possible (basically only a TPM and maybe a 0x3f8
serial port). This reduces the TCB and makes more space available
for the payload.
> [...] Today's flash parts are more than large enough to do
> a good environment -- tinycore linux could be used, for example, once it
> was trimmed a bit. It's only about 12M today with a full X environment.
The 4MB flash in the older thinkpads is a little tight, but still
sufficient for a text-based modern Linux kernel -- the biggest issue is
the cryptsetup tool brings in quite a few dependencies right now,
which complicates using it with a fully encrypted drive.
With 8-16 MB you can have a write-protected, interactive shell version
that can mount a USB drive and run spiflash tools to recover from
failures, and a second, read-write version that can be reflashed by the
system's owner with all the fancy features.
--
Trammell
More information about the coreboot
mailing list