Hi! how can I verify the non-execution of option roms? I recently
noticed that I had somehow turned that on with one of my latest compiles
(without yabel secure mode either)
The idea is that a hostile firmware update could flash a PCI-e card
assigned to a VM and then mess with the host after the PC is rebooted
(can be solved by using SR-IOV devices, but KGPE-D16/KCMA-D8 lacks
SR-IOV support in coreboot despite the chipset supporting ARI)
I realize that I am a nobody and this is very unlikely to happen but OFC
I still want max security >:3
--
coreboot mailing list: coreboot@coreboot.org
https://mail.coreboot.org/mailman/listinfo/coreboot
