[coreboot] Remote security exploit in all 2008+ Intel platforms
Nico Huber
nico.huber at secunet.com
Tue May 2 12:54:03 CEST 2017
On 02.05.2017 00:44, ron minnich wrote:
> On Mon, May 1, 2017 at 1:17 PM Rene Shuster <rene.shuster at bcsemail.org>
> wrote:
>
>> Yes Puri.sm has been debunked.
>>
>
> I disagree. I've seen the systems. From what I can see, Puri.sm has made a
> good faith effort to go as far possible *with modern x86 chipsets* toward
> getting rid of the blobs. They can't get to 100%, but they're trying to get
> as close as possible.
You sound much like their advertisement.
But that's just not true. They haven't made any effort, they just star-
ted it. Even if this effort brings us a machine that ships with coreboot
in the future, you seem to forget all the 1st generation machines that
were promised an open coreboot + open ME firmware. These were a fraud.
People paid for something they didn't get and still nobody is working
on it (at least I don't know about any coreboot effort for the Librem
15 gen1, or any 15 or 11 at all).
I guess things are moving towards the right direction. But denying that
the first Purism customers were scammed won't help Purism's reputation
in the community. (Not to mention that their advertisement still scams
a lot.)
Regarding the started effort: AFAIK, it's not (yet) about shipping with
coreboot. The current port uses a blob that Purism can't license so the
users only get a script to gather blobs and put it together into a blob-
boot that they have to install themselves. And even the effort for the
next gen doesn't come close to the possible for Intel's x86. Reversing
FSP seems pretty easy compared to the ME stuff going on, yet they will
ship a fully blobbed coreboot.
Nico
More information about the coreboot
mailing list