[coreboot] Remote security exploit in all 2008+ Intel platforms
Nico Huber
nico.huber at secunet.com
Tue May 2 13:02:00 CEST 2017
On 02.05.2017 04:52, Youness Alaoui wrote:
> Ron couldn't be more right when he says that you can't appreciate how much
> work it is to go from a "it works" to a "it's tested/verified and made into
> a *product* for actual users". It took me 6 months of work to finish the 4
> days of work that Duncan Laurie did (I believe it took him 4 days to do the
> initial port, feel free to correct me if I'm mistaken, and yes of course, I
> am totally new to the coreboot world, so a lot/most of that time was spent
> on the learning curve).
Well, I interpret Ron very differently... I think you are at the "it
works" state. 6 months of coding are the easy part where you don't have
to convince other entities to use your code. Let's wait until you have
made it into a shipping product and reflect then. I guess the really
tricky part comes when you ask your contractor not to license the UEFI
they usually ship (i.e. don't let your coreboot customers pay for the
other side).
Nico
More information about the coreboot
mailing list