[SeaBIOS] [PATCH 1/2] Add an option to only execute option ROMs contained in CBFS
Peter Stuge
peter at stuge.se
Sat Feb 14 03:15:42 CET 2015
Kevin O'Connor wrote:
> > This patch in particular guarantees that no matter what devices
> > are plugged in (e.g. long after the BIOS has been flashed) they
> > will not have their option ROMs executed.
>
> That makes sense, but I think it needs to be a runtime setting.
Timothy's original approach is appealing more and more to me. It's a
good way to know that the system will stay as it was when flashed.
Runtime setting - the argument there would be that if someone can
change the flash contents to create a new CBFS file they could also
replace the SeaBIOS payload, right?
It is sortof true, but it *is* slightly easier to write data into
erased flash than to erase existing and then write something new.
//Peter
More information about the SeaBIOS
mailing list