[coreboot] Trusting coreboot versus trusting the FSP

David Hendricks dhendrix at google.com
Mon Jan 9 22:40:18 CET 2017


On Mon, Jan 9, 2017 at 11:30 AM, Nico Huber <nico.h at gmx.de> wrote:
> Without pro-
> per, public documentation and the promise by the vendor that this docu-
> mentation is correct _and_ comprehensive, we can't tell anything about
> the state of the hardware...
>
> beside the RAM contents and the program we are executing. And this is
> where coreboot does a much better job, IMO. Given that most host firm-
> ware stays active during runtime of the OS, I don't see any point in
> running open-source software for security reasons if there's proprie-
> tary software running on the same CPU in a higher privilege level.

And at the very least we can verify that the blobs are what we
think they are ("good enough" if we can trust the blob's origin) and
maintain some semblance of control in privileged mode.

Obviously full documentation and source are best. But in our imperfect
world with blobs I think the more relevant question to ask is what can
be done before and after the blobs are run. Being able to build a full
image with coreboot gives us some options, and having a relatively
simple codebase with a decent eyeball-to-code ratio helps. As Nico
said it's pointless to run OSS for security if the best you can do is
run in less privileged mode with proprietary software in full control.

-- 
David Hendricks (dhendrix)
Systems Software Engineer, Google Inc.



More information about the coreboot mailing list