Announcement

Collapse
No announcement yet.

"Why not just use Coreboot?"

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    "Why not just use Coreboot?"

    http://mjg59.dreamwidth.org/12745.html

    Why not just avoid the entire Secure Boot problem by using Coreboot? Because the reason we have the Secure Boot problem is because Microsoft's Windows 8 certification requirements mean vendors have to ship a UEFI implementation with Secure Boot. You could satisfy that by using Coreboot with a Tiano payload, but it'll still have Secure Boot enabled so you still have the same set of problems. But maybe you could just reflash your system with Coreboot? No, because another part of the requirements states that all firmware updates have to be cryptographically signed now. The only way to reflash will be to attach a flash programmer directly to your motherboard.

    So why not just use Coreboot? Because it doesn't help solve this problem in any way.
    Translation: As long as PC OEMs are putting out mobo's with UEFI burned in there is no way to overwrite it with Coreboot.

    What would be needed is a mobo maker who burned Coreboot or made a mobo which allowed retailers to burn Coreboot on a naked EPROM. Only one out of a million users could burn Coreboot onto a naked EPROM, IF they had an EPROM burner.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    #2
    Seems to me this will backfire on itself. The desktop/laptop market is shrinking and vendors are more likely to offer versions of hardware to keep our growing 2-3 percent share.

    Comment


      #3
      I keep reading about this and I keep coming back to the fact that it appears to me that just turning off Secure Boot would allow me to use whatever software I wanted to use on my computer.
      So:
      I guess I'm just stupid because if UEFI and Secure Boot are implemented the way I understand they're supposed to be I'd just turn it off.
      So am I mentally challenged or is this a non-issue?
      GigaByte GA-965G-DS3, Core2Duo at 2.1 GHz, 4 GB RAM, ASUS DRW-24B1ST, LiteOn iHAS 324 A, NVIDIA 7300 GS, 500 GB and 80 GB WD HDD

      Comment


        #4
        My recommendation is to disable secure boot. It is an extremely large and cumbersome hammer for a risk with limited exploitability. If a bad guy is able to get sufficiently deep into your computer to replace your kernel, he's already exploited several other vulnerabilities first and zeroed out your bank accounts while you were still sleeping.

        Comment

        Working...
        X