On Mon, Feb 25, 2019 at 03:42:41PM -0500, taii...@gmx.com wrote:
I'm reasonably sure that this is not true and security-conscious users
can disable internal flashing, but I haven't been able to find any
mention of such a setting in the documentation.
Isn't it possible to set the flash chip writ
On 02/16/2019 07:31 AM, Frank Beuth wrote:
> On Thu, Feb 14, 2019 at 12:21:36PM -0500, Matt B wrote:
>> For Coreboot afaik the only two methods available are to flash with a
>> programmer or to flash internally from linux with iomem=relaxed.
>
> On another mailing list, someone commented "I would
Would it make the most sense to put locking option in coreboot's
board-specific code, since the method varies between boards? Could a common
ACPI call for it be provided that could be called by a payload or OS later
if it's present?
-Matt
On Sun, Feb 17, 2019 at 8:48 PM Frank Beuth wrote:
> On
On Sun, Feb 17, 2019 at 12:24:38PM +0100, Nico Huber wrote:
I'm not sure if I quite follow. You mean the locking that prevents you
from installing a retrofitted coreboot? That's not a lock that prevents
malware from anything (because of existing exploits). There are ways to
install coreboot on su
>
> Again, you seem to imply a retrofitted coreboot. If you can tell me any
> model with a firmware lock in particular, I can try to compare it to the
> coreboot situation for that model.
>
I think the most common retrofitted coreboot solution that people use is
for older thinkpads. So it seems re
在 2019/2/17 下午5:02, Nico Huber 写道:
> When you are sure that you want a lock, you still have to decide what
> kind of lock. And that depends on what you actually want to protect
> against (e.g. online attack by a compromised OS) and how much flexi-
> bility you are willing to sacrifice (e.g. online
On 17.02.19 11:12, Frank Beuth wrote:
> On Sun, Feb 17, 2019 at 10:02:42AM +0100, Nico Huber wrote:
>> What, why? Did you just say "SeaBIOS" because I said "sometimes ...
>> payload"?
>>
>> SeaBIOS is a very generic payload, trying not to be board specific. And
>> I just said it depends on the hard
On Sun, Feb 17, 2019 at 10:02:42AM +0100, Nico Huber wrote:
What, why? Did you just say "SeaBIOS" because I said "sometimes ...
payload"?
SeaBIOS is a very generic payload, trying not to be board specific. And
I just said it depends on the hardware. Also, all generic, one-fits-all-
scenarios sol
在 2019/2/17 下午5:02, Nico Huber 写道:
> When you are sure that you want a lock, you still have to decide what
> kind of lock. And that depends on what you actually want to protect
> against (e.g. online attack by a compromised OS) and how much flexi-
> bility you are willing to sacrifice (e.g. online
On 17.02.19 02:35, Frank Beuth wrote:
> On Sat, Feb 16, 2019 at 06:00:26PM +0100, Nico Huber wrote:
>> Generally, what locking options you have depend much on your hardware.
>> Hence, there is no generic solution in coreboot. Plus, coreboot is more
>> a firmware framework than a firmware. It can on
On Sat, Feb 16, 2019 at 06:00:26PM +0100, Nico Huber wrote:
Generally, what locking options you have depend much on your hardware.
Hence, there is no generic solution in coreboot. Plus, coreboot is more
a firmware framework than a firmware. It can only "boot" programs from
flash and not your OS f
On Sat, Feb 16, 2019 at 4:31 AM Frank Beuth wrote:
> On another mailing list, someone commented "I would never use Coreboot,
> because
> it would let malware flash your bios from within Linux." (paraphrased)
well, send them here, and we can try to explain the world as it is.
But this particula
On 16.02.19 16:08, Frank Beuth wrote:
> On Sat, Feb 16, 2019 at 05:23:40PM +0300, Sergej Ivanov wrote:
>> To make a real write protection on your spi flash you may go two ways
>> after
>> setting region protection and configuration bits in your flash
>
> Where are the write protection bits for the
On Sat, Feb 16, 2019 at 05:23:40PM +0300, Sergej Ivanov wrote:
To make a real write protection on your spi flash you may go two ways after
setting region protection and configuration bits in your flash
Where are the write protection bits for the flash set, in which menu / config
file? That is
To make a real write protection on your spi flash you may go two ways after
setting region protection and configuration bits in your flash
1) Write a SMM handler, that will prevent software to set high level on SPI
#WP/WE pin (that can be done it it connected to chipset) absolute
chipset-specific,
15 matches
Mail list logo