UEFI is a specification; exploits are necessarily against implementations
thereof, not the spec itself. Tianocore is a partial reference
implementation of the UEFI spec, and the package built for use with
coreboot an even smaller subset of that (since it completely skips the PEI
phase). So
Tianocore, being a standard UEFI, is vulnerable to UEFI-targeting
malware whose functionality is based on UEFI architecture.
"Traditional" payloads are not UEFI - and therefore are not vulnerable
to UEFI-targeting malware. It does not take a genius to realize that.
So, if one does not have a dGPU, one should not set
CONFIG_MULTIPLE_VGA_ADAPTERS and the appropriate tables will be filled in
with the vbios for the iGPU. And the dGPU will not be initialized. (or
attempted, since it doesn't exist)
If one does have a dGPU, then only information for the dGPU will
>
> Early 16h systems (Jaguar) are safe because they don't have a
> PSP
Safe yes, but not helpful in coming to grips with the PSP.
> > On Sun, Feb 17, 2019 at 12:18 AM Matt B
> wrote:
> >
> > As for the patching, afaik AMD has released patches for all of these,
> but I haven't seen any
Hi Michal,
Your detailed answer is highly appreciated !
The output I got on the console is:
...
Memory Down Data Existed : Enabled
- Speed (0: 800, 1: 1066, 2: 1333, 3: 1600): 2
- Type (0: DDR3, 1: DDR3L) : 1
- DIMM0: Disabled
- DIMM1: Disabled
- Width: x8
- Density
do you have any evidence to support that Tianocore is vulnerable to this
type of malware (given that it doesn't support module
injection/persistence, as implemented), or in any way less secure than a
"traditional" payload? If not, then your warning strikes me as nothing more
than FUD
On Wed, Feb
Hi Wim,
Thank you very much for your reply.
Best regards.
Zvika
On Wed, Feb 20, 2019 at 10:14 AM Wim Vervoorn wrote:
> Hello Zvi,
>
>
>
> The Baytrail FSP doesn’t support the debug levels.
>
>
>
> So unfortunately this will not help you.
>
>
>
> Most likely your issue is in the memory
Sorry if that's off-topic, but by using a Tianocore payload you could
be exposing yourself to the new UEFI-targeting NSA-grade malware. Of
course the coreboot is more secure when paired with more traditional
payloads. But I don't know about your setup, maybe the security is not
your primary
Hi Alex,
On 20.02.19 15:56, Alex Feinman wrote:
> I think I almost got to the bottom of it. I thought, incorrectly, that
> the VBT on my system is not accessible because I trusted intelvbttool
> from utils/ to dump it.
ah, quite some misunderstanding. You said initially the "VBT cannot be
There are existing configurations for KBL RVP3/7/8 and a couple of KBL-based
google boards (Fizz, Poppy)
find -name board_info.txt|xargs grep -i kaby
./src/mainboard/google/poppy/board_info.txt:Board name: Poppy Kabylake
Reference Board
./src/mainboard/google/fizz/board_info.txt:Board name:
I think I almost got to the bottom of it. I thought, incorrectly, that the VBT
on my system is not accessible because I trusted intelvbttool from utils/ to
dump it. It is outdated as it relies on VGA option ROM. If I use the
intel_vbt_decode from intel-gpu-tools package (Ubuntu), I can see the
There are Intel reference boards. You can find them in the code under:
src/mainboard/intel/
A Kaby Lake reference board should be kblrvp.
On 20.02.19 11:29, Mayuri Tendulkar wrote:
>
> Thanks for quick response.
>
>
>
> I see below release- this support is added.
>
>
>
>
Thanks for quick response.
I see below release- this support is added.
https://coreboot.org/releases/coreboot-4.8.1-relnotes.txt
Is there any reference board used with this chipset , which can be referred as
some POC?
From: Angel Pons
Sent: 20 February 2019 15:55
To: Mayuri Tendulkar
Cc:
Hello,
On Wed, Feb 20, 2019, 11:23 Mayuri Tendulkar Is there support for Intel Cabylake chipset in latest coreboot?
>
Kaby Lake? Yes.
>
___
coreboot mailing list -- coreboot@coreboot.org
To unsubscribe send an email to coreboot-le...@coreboot.org
Hi Team
Is there support for Intel Cabylake chipset in latest coreboot?
[cid:image001.png@01D4C934.5B4BE590]
Regards
Mayuri
=
Please refer to http://www.aricent.com/email-disclaimer
for important disclosures regarding this electronic
Hello Zvi,
The Baytrail FSP doesn’t support the debug levels.
So unfortunately this will not help you.
Most likely your issue is in the memory configuration. What you can do is have
a look at the port 80 codes. This provides an indication of where the problem
is in the FSP.
Best regards,
16 matches
Mail list logo