Well said about open and auditable, On Thu, Oct 4, 2018 at 10:53 AM <secli...@boxdan.com> wrote:
> If there are any mailing lists which are more suitable to this discussion, > please mention them so we may subscribe to them and discuss this there. > > > > David Hendricks <david.hendri...@gmail.com> hat am 4. Oktober 2018 um > 19:00 geschrieben: > > > > > > On Thu, Oct 4, 2018 at 9:22 AM Patrick Georgi via coreboot < > > coreboot@coreboot.org> wrote: > > > > > But generally speaking: that discussion is rather off topic for this > > > mailing list. > > > Please look for some more suitable venue to discuss "people potentially > > > tampering other people's devices (with no obvious connection to > coreboot)". > > > > > > > Patrick is right that the Bloomberg article is not particularly > well-suited > > for the coreboot mailing list. > > > > However, it's still worth pointing out that supply chain attacks are a > > serious threat. This could be in the form of added hardware (like the > > Bloomberg article suggests) or it could be in the form of firmware that > > contains malicious code from any of the many parties involved in creating > > it. > > > > Traditionally, firmware contains modules from the silicon vendor, a > > software vendor (IBV/ISV) who packages it with their SDK and value-add > > software, and ODMs/OEMs who make further product-specific additions. > Modern > > firmware can easily contain over a million lines (or multiple millions of > > lines) of code from several parties, and this code runs at the highest > > privilege level before any OS-based security mechanism comes into play. > > Anyone in that part of the supply chain can slip in malicious code, and > the > > customer usually doesn't have any way of viewing the code or tracing > where > > it came from due to its closed nature. > > > > That is relevant to coreboot insofar as coreboot has been leading the > > charge (with varying levels of success) for open and auditable firmware > on > > x86 platforms for nearly two decades. > > -- > > coreboot mailing list: coreboot@coreboot.org > > https://mail.coreboot.org/mailman/listinfo/coreboot > > -- > coreboot mailing list: coreboot@coreboot.org > https://mail.coreboot.org/mailman/listinfo/coreboot >
-- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot
