Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12

Thread: Coreboot Improvements Land For Lenovo Laptops

  1. #11
    Join Date
    Feb 2013
    Posts
    275

    Default

    Quote Originally Posted by pgeorgi View Post
    The "turn a screw" model (which is an adaptation of the old "use jumper to unlock write-protect") really gets a bad rap these days, even though it's the only way to keep the firmware safe from unintended modification (be it corruption or malware). As a vendor they don't want people to brick their systems in large numbers by using joe random's m0dding tool ("makes your computer 2% faster!!!11") found on some obscure website. And as the go-to guy for computer issues for people in my peer group, I agree...
    Not trying to criticize, but you kinda make it sound like the screw is there to scare people who don't know what they're doing. That is not really the purpose. The real purpose is to increase the time it takes to unlock the boot process. The idea is that if an attacker gets physical access to your machine while you step away from it to get a cup of coffee, he or she won't be able to compromise it in the five minutes it takes for you to come back. For ideal security, you wouldn't be able to unlock the boot process at all. However, Google sees "hackability" as a selling point, and they want people to know they can hack the boot process and install something else on the machine ((hacker as in computing enthusiast, not hacker as in security penetrator). That's why they've come up with this security screw compromise.

  2. #12
    Join Date
    Jan 2013
    Posts
    25

    Default

    Quote Originally Posted by Serge View Post
    Not trying to criticize, but you kinda make it sound like the screw is there to scare people who don't know what they're doing. That is not really the purpose.
    True, they have their "5 minutes unsupervised" rule.

    But it really goes hand in hand: The only way to reliably protect flash from being written is in hardware (no matter if the fault vector is persistent malware, a local attacker or local user stupidity). The only comfortable way to do so (that preserves freedom) is to use a jumper. And there we are...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •