Poisenous stuff that.

Omg, yes, there was something. Please no.

That may be true but I guess there are better ways to solve this than hauling UEFI on those poor devices. UEFI is way too large and thus way too prone for bugs, security issues and slowness. I never heard of totally bricked computers cause somebody had changed a variable that was even allowed to be written - before UEFI happened. Nobody but the NSA needs a whole network stack at such a low level.
Firmware is there just to initialize HW once electricity hits it and maybe to provide some basic means of configuration to the user and then to do nothing else than say "Hello world" and load a bootloader who loads in turn an OS kernel.
We could do this for years within a few KB, now we're wasting MBs and showing stupid fan animations in a setup program. (If they had extended explanation / help to the options it would have been worth the added memory consumption.)

Personally, I was against Chromebooks using Coreboot, but I agree that Intel Boot Guard should be able to be disabled. I suggest using a hardware jumper or similar to do so.

Some of these exploits are ones WE need to root our own devices

I never buy smartphones or other shit you have to use an exploit just to get root on your own device, but I am damned glad these exploits exist, because otherwise the OEMs would have complete control. If nothing had ever been jailbroken, those walled gardens would have completely taken over by now. The Internet would have gone all to apps, and our desktops and laptops would have been locked out, as browsers would not be supported by the new style walled garden "information services." When you are getting root one something you own, anything goes: buffer overflows, firmware exploits, the works. What cannot be rooted by its own user I consider to be bricked.

IMO it is better to buy devices where you do not need exploits to gain what should inherently be owner's right. Those who attempting to force owners into doing something and puttings some restrictions are cheaters who trying to pretend it is ownership but its rather something like lease instead. While you have to pay full ownership pice. Needless to say it is treating customers like if they are retards (and unfortunately, many humans are dumbass enough to fail to understand these treacherous schemes).

IMO really wrong to regain owner's rights through some cybercrime-like actions. This shows vendor does not respects customer's rights and definitely not worth of getting your money at all. Paying to such bastards indicates you're okay with such set of restrictions.

Well, I'm not sure how good is Google regarding recently built chromebooks. By having a look at the arch wiki hardware specs table (https://wiki.archlinux.org/index.php...re_Comparisons) it seems that latest models are not shipping with the seabios port. I'm just a user so I probably don't fully understand but does it mean that Goggle still eventually let you add a seabios if you eventually want to (and have coding skills/time to write it)?
Thanks

Not being a developer nor a power user I can't really fully understand the whole issue of BadUSB (but it sounds scary anyway).. so I'm surprised nobody developed a friendly interface (read GUI) for the scared masses out there able to filter new USB devices, so preventing them from being "accepted" on your computer, except of course the one indicated by the user in a sort of white list (including mouse/keyboard at start). I know it doesn't sound like a solution, I know it sounds like BS because of my ignorance on the subjectbut woudn't be a viable and necessary patch to this ugly scenario? Or usb devices don't have a unique IDs?
I know an attacker may create a malicious device pretending to be one of our trustworthy keyboard, but I'm assuming here that the OS security tools will prevent him/her from acquiring that piece of information and also the other USB bugs would be slowly discovered.
Thanks and sorry for my superficial understanding (and going OT, hopefully we'll creat a thread about it).
Thanks Luke for your explanations.

Oh yes. "Security".

If there's one thing I've learned, it's that whenever some corporation promotes "security" as a model where the users have to be protected from themselves, it's unquestionably a load of bullshit.

Oh but hey, let's not be too hard on poor Intel, after all they probably just don't want us disabling their NSA-approved backdoors...

Just curious, is AMD any better?
unfortunately their penetration in the market doesn't make them seem a good competitor.. just have a look at the best equipped chromebooks/barebone systems, all Intel based.

AMD is better than Intel only in that they are a bit behind in the remote control (AMT/ME) and uploading signed firmware blobs into the chipset department. But their products will approach Intel's over time in this regard.

I mentioned in that thread that the device tree was taken from OpenFirmware. The OFW specification is an order of magnitude smaller than the UEFI specification. OLPC uses it in both x86 and ARM systems.

Is not 100% clear, it looks like the PSP (Plattform security Processor), a second TPM like arm processor that comes with newer amd systems generaly is able to be used by coreboot.



But that could be only a first model or only server systems or something like that.At least what I found on discussion about it, it should only boot signed stuff... but this coreboot is not signed, I find no conclusive general YES or NO on this matter yet.

For notebooks you have not much alterantives anyway, you have your few models a few chromebooks and thinkpads and thats it... stay with it very long and lets see in 2 or more years what happend