[coreboot] Trusting coreboot versus trusting the FSP
Trammell Hudson
hudson at trmm.net
Mon Jan 9 17:38:40 CET 2017
At 33c3 a question came up about "how can we trust and audit coreboot?"
compared to things like the Intel Firmware Support Package (FSP).
I'm relaying it to the list for discussion.
The FSP is a x86 binary blob that has an init function that writes magic
values to magic registers to bring up the mainboard, the DRAM controller
and other devices in the SOC.
Meanwhile, many of the coreboot mainboard_init() functions write magic
values to magic registers to bring up the mainboard, the DRAM controller
and attached devices. For example, x230/mainboard.c:
static void mainboard_init(device_t dev)
{
RCBA32(0x38c8) = 0x00002005;
RCBA32(0x38c4) = 0x00802005;
RCBA32(0x38c0) = 0x00000007;
}
Do we trust the coreboot version because the C is easier to read than
disassembly of the FSP, even though there is about the same level of
documentation? What can we do to improve the auditability of coreboot
if we don't understand the security implications of these magic values?
--
Trammell
More information about the coreboot
mailing list