On Sun, Feb 17, 2019 at 10:02:42AM +0100, Nico Huber wrote:
What, why? Did you just say "SeaBIOS" because I said "sometimes ...
payload"?
SeaBIOS is a very generic payload, trying not to be board specific. And
I just said it depends on the hardware. Also, all generic, one-fits-all-
scenarios solutions for flash locking that I've heard about failed (ex-
ploits, exploits, exploits).
SeaBIOS being the most commonly used one, and you seemed to imply locking
should/must be done by the payload.
It sounds like you are saying the locking which one is used to with
proprietary/manufacturers' firmwares, the locking which often requires a
hardware programmer, is possible because those firmwares are board specific.
And therefore not really possible for an open source firmware like
Coreboot+$PAYLOAD.
Before you ask somebody to implement a lock, you should ask yourself
why.
The "why" here is "so that Coreboot is at least as secure as the original
firmware in this respect."
_______________________________________________
coreboot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
