It was more a proof of concept. The priority isnt very high for me atm. If nobody needs it is even lower. Then I will work on it if I have a lot of spare time and boredom. It isnt worth working on it only for using by one person, me.
If someone says: "Hey, I replace the blob with open bios.", this is a right motivation.
This is not a motivation: "Why does the guy this?" "It isnt better then blob." "It relies on atombios." "Waste of time" "..."

Its flashable to a card, a replacement for ATI/AMD video bios. Like this http://www.techpowerup.com/vgabios/
Ideally same functionality, but open. You dont get a faster or better card. There is still a video driver in OS.
Maybe you can change some values, but it is not a goal.

I think I should write a FAQ.

It was more a proof of concept. The priority isnt very high for me atm. If nobody needs it is even lower. Then I will work on it if I have a lot of spare time and boredom. It isnt worth working on it only for using by one person, me.
If someone says: "Hey, I replace the blob with open bios.", this is a right motivation.
This is not a motivation: "Why does the guy this?" "It isnt better then blob." "It relies on atombios." "Waste of time" "..."

Its flashable to a card, a replacement for ATI/AMD video bios. Like this http://www.techpowerup.com/vgabios/
Ideally same functionality, but open. You dont get a faster or better card. There is still a video driver in OS.
Maybe you can change some values, but it is not a goal.

I think I should write a FAQ.

You mean as a todo for you?

While I'm not entirely sure what it all does, is it flashable to a card? Or is it a replacement for the files in /lib/firmare. If so, does it do the stuff normal firmware does? E.g. video decoding acceleration?

Btw, if its a replacement for /lib/firmware, it's not a bios replacement, but a firmware replacement?

All still very exciting.

Is there a demand for further development?
If I look to comments, not much.

No I disagree with you here, you can hack some high-priority targets with new security holes... but not massive of them. only if every single company every service provider every hoster worldwide would work together with them, they could hack everything.

Basicly its a point of how expensive you do make it for them. as example if everybody uses pgp emails... they could not record all mail in a readable way. ok they would still get meta-data. who has contacts with whom... and when and wheres the location of him.

So I try to make it as secure as possible and I do most stuff luke said in his post. But I want at least that such a organisation has to hack me, instead of just having a open backdoor installed. so a person has to invest at least 5-10 mins to hack me, instead a programm that automaticly does that on nearly every maschine worldwide by just logging in...

I agree with you, I was just saying that if they really want to intercept our communications, there is nothing we can do. They have the money, they have the most talented brains, and they have the power to do anything they want thanks to the false flag operations they use to change the laws.

I still have a motherboard from BIOSTAR whose only available BIOS is considered beta, and you have to hit a key to continue on boot every time. o_o

Edit: actually, even better, coreboot is meant to get rid of the bios, and allow all hardware initialization (or as much as possible) to occur in software (via the kernel, userspace, or whatever).

You really have not got a clue, do you?

You are talking about changing default initialization values. This is just hex editing and changing some values, call it tweaking. While it could be useful to fix certain bugs, you are still left with many many possible bugs that aren't triggered by a simple change in value.

The big difference between RadeonHD and radeon was, that radeon relied on the atombios to change things, while radeonHD ignored the bios and talked to the registers directly. E.g. a bios in software

Just look at any phoronix article talking about RadeonHD. But I kinda gave you that in the reply above. So yes, yes you can reimplement a bios in software. Besides the fact that a bios is just software too, getting loaded by the CPU from flash instead of a harddisk, what do you think coreboot is? A bios-replacement, written in C.

No it doesn't have to stay there, and no, no communications have to go through the bios. All hardware, every single bit of hardware works based on registers. You write a value to a register and the devices changes its behavior. A small example: Lets say you have 1 pin on the CPU, a GPIO pin. That GPIO pin is controlled and configured via a few registers. Register 1 makes it an input or output port, register 2 turns it on or off. So doing something like reg1=output; reg2=on makes the GPIO output a 'high' signal. Toggling reg2 on/off/on/off via some loop, creates some sort of clock.

Now this can change from CPU to CPU. Pin 1 may be configured using register 20 on CPUx, and register 200 on CPUy. Pin 1 can be a GPIO on CPUx and VCC on CPUy. So you can't write a driver to communicate to a CPU (or GPU, its all the same) based on the layout of that single. Your program will have to make different calls on different systems. So here comes the 'bios', a chip specific operating system if you will. The bios can abstract this all and even simplify things for you. YOu only have to say 'pin1=toggle' and the bios will configure the pin and toggle it on/ff constantly.

Obviously this is just a very basic example, but read and learn!

Of course they do. Motherboards are constantly shipped with faulty biosses. Why do you think you can upgrade them in the firstplace. In the bios (also obtainable sepeartly) there's even updates to the CPU microcode, because guess what, those tend to be buggy as well.

Videobiosses are relativly simple (compared to the motherboard bios). And any issue in the bios, can simply be worked around in the driver. 'if GPU is r600 talk to these registers specifically else use atmobios function toggle pin1'.

So I hope you have been a little more informed about how things happen in the real world. A bios isn't some magical blob that does magical things. It's just a program like any other.

PRISM can be beat

PRISM and the NSA are not infinately powerful. PRISM is a program in which cooperating corporate servers like Facebook, Google, and Microsoft allow the NSA to run code on their hardware or added hardware. Remember, these corporations are among the owners of the US government, standing over the law, not under the law. Therefore, this is as logical for them as it is for activists I work with to ask me to do a forensic examination of a computer that has been accessed by a suspected snitch.

Only "Upstream" as Snowden's take called it, not PRISM, can read data that does not go through companies cooperating with PRISM (Snowden gave us that list, too) by sniffing unencrypted packets. I have heard that Snowden has claimed the NSA can't even beat SSL, thus the reason for PRISM in the first place, to read data after decryption.

You can blind the NSA to content by using end to end encryption, so corporate email and other servers never get the plaintext. NSA will keep those packets forever, but never be able to make sense of them without a quantum computer. You can use Tor to deny Google an IP address to associate with your searches, thus keeping PRISM from serving it to the NSA.

At the very least, you should close all accounts and sever all business relations with Facebook, Google, Youtube, Gmail, Yahoo, MSN and any other corporation appearing on Snowden's list. Use them only with no account and through Tor (so they can't identify you directly), with NoScript (so they can't bypass Tor), and with all their ad servers blocked (so they can't make money off you while trying to sell you out-and so those servers can't track you).

If you run a monetized blog and want to protect your users, "proxy" serve all ads through your own server, preventing users from being externally logged, then don't log IP addresses yourself. Banners could embed locally-served copies of the images directly into the page, so all content comes only from your server and no external server can be used against your users by a third party. If you run a "high-value target," activist website, do not consider trying to make money off it, it's just too dangerous. If nothing else, the checking account would prove ownership of the account!

GPG, Tor, NoScript, Ghostery, and your /etc/hosts file can combine to drive a spear point right into the Eye of Sauron!

they cant break physics so there are some things you can say it is possible or not. Of course if you are classified as a top terrorist or something similar and they want to attack you specificly you are fucked anyway.
The point is "if the nsa wanted to monitor your communications", ?hh really did you live under a rock last 2 months? is the name Snowden a Name you heard something. we know now that they not only want but do monitor all of our communications completly.

So I find it good to have a system a person needs to hack not a automatic rootkit that uploads any data I dont want to. Or in other cases maybe transforms a smartphone into a spy-phone with live audio upload if some wrong words fall or something.
Yes they want to get as much data from us as possible, no not from terrorists, from anybody especialy from the terror-state germany. And that has nothing or not much to do with anti-terror they officialy state that they do industrial espionage.

If I think like you, they have won and they succeded a total survalence state or world, as example it makes even less sense to try to make a business or soemthing because I have lost from the start point.
Prism makes the world basicly pointless. you play a game against a system with marked dice.

And if they want they can even send a drone and shoot you out of the world, because you do anything they dont like.
And the american people are cool with that it seems. No 100mio people on the street what would be a proper reaction.