Hi Ivan,
On 21.02.19 07:24, Ivan Ivanov wrote:
> Tianocore, being a standard UEFI, is vulnerable to UEFI-targeting
> malware whose functionality is based on UEFI architecture.
can you give an example of a malware (or exploit) that targets the
UEFI architecture in general (and not specific
UEFI is a specification; exploits are necessarily against implementations
thereof, not the spec itself. Tianocore is a partial reference
implementation of the UEFI spec, and the package built for use with
coreboot an even smaller subset of that (since it completely skips the PEI
phase). So
Tianocore, being a standard UEFI, is vulnerable to UEFI-targeting
malware whose functionality is based on UEFI architecture.
"Traditional" payloads are not UEFI - and therefore are not vulnerable
to UEFI-targeting malware. It does not take a genius to realize that.
do you have any evidence to support that Tianocore is vulnerable to this
type of malware (given that it doesn't support module
injection/persistence, as implemented), or in any way less secure than a
"traditional" payload? If not, then your warning strikes me as nothing more
than FUD
On Wed, Feb
Sorry if that's off-topic, but by using a Tianocore payload you could
be exposing yourself to the new UEFI-targeting NSA-grade malware. Of
course the coreboot is more secure when paired with more traditional
payloads. But I don't know about your setup, maybe the security is not
your primary
Hi Alex,
On 20.02.19 15:56, Alex Feinman wrote:
> I think I almost got to the bottom of it. I thought, incorrectly, that
> the VBT on my system is not accessible because I trusted intelvbttool
> from utils/ to dump it.
ah, quite some misunderstanding. You said initially the "VBT cannot be
: [coreboot] Re: VBIOS/VBT in Coreboot
since you're using Tianocore, you'll need to set a VESA/hi-res framebuffer; VGA
text mode doesn't work IIRC. You can set that under the Display options, but a
better option than using/running a VBIOS would be to use the FSP/GOP init,
since it automatically
gt;
>
> From: Matt DeVillier
> Sent: Monday, February 18, 2019 10:10 PM
> To: Alex Feinman
> Cc: Nico Huber; coreboot@coreboot.org
> Subject: Re: [coreboot] Re: VBIOS/VBT in Coreboot
>
> what payload is being used here? If SeaBIOS, you'd ideally want SeaBIOS to
> run th
I amĀ using Tianocore payload because I require UEFI support. PCI ID for the
option ROM is set to 8086:591e (KBL-Y)
config file is attached
From: Matt DeVillier
Sent: Monday, February 18, 2019 10:10 PM
To: Alex Feinman
Cc: Nico Huber; coreboot@coreboot.org
Subject: Re: [coreboot] Re: VBIOS/VBT
ebruary 16, 2019 11:05 AM
> To: Alex Feinman; coreboot@coreboot.org
> Subject: Re: [coreboot] VBIOS/VBT in Coreboot
>
> Hello Alex,
>
> On 16.02.19 18:39, Alex Feinman wrote:
> > In my Coreboot build I provide both VBIOS and VBT blobs via appropriate
> > configurati
there is a remaining issue - the video on boot is not
present and only comes up when Linux boots. I feel like I need the GOP driver
after all.
Best regards
Alex
From: Nico Huber
Sent: Saturday, February 16, 2019 11:05 AM
To: Alex Feinman; coreboot@coreboot.org
Subject: Re: [coreboot] VBIOS/VBT
Hello Alex,
On 16.02.19 18:39, Alex Feinman wrote:
> In my Coreboot build I provide both VBIOS and VBT blobs via appropriate
> configuration items. The VBIOS blob contains expected signature at the
> top and VBT is valid as confirmed by running intelvbttool against it.
> The platform is slightly
12 matches
Mail list logo