Announcement
Collapse
No announcement yet.
Thoughts On Intel Boot Guard Impairing Coreboot
Collapse
X
-
Originally posted by phoronix View PostPhoronix: Thoughts On Intel Boot Guard Impairing Coreboot
Last week we were first to relay the Coreboot discussion about how Intel Boot Guard in modern PCs is preventing alternative UEFI/BIOS from being used and others have since carried the story too. Matthew Garrett, a name well known to those following UEFI / Secure Boot Linux support, has blogged about his views on Boot Guard...
http://www.phoronix.com/scan.php?pag...Boot-Guard-MJG
Comment
-
If Coreboot contains blobs that protect the IP/lifeblood of a hardware manufacturer from getting knocked off by some Chinese company, then so be it. This is about installing a BIOS of your choice. Both can be had, security and choice - it's not an either/or proposition, as Matthew points out. Intel ought to make this right.
Comment
-
On the one hand things like Coreboot are really interesting, on the other... any objection here is more out of principle than practical effect. Unless you specifically purchase devices that have coreboot support, most of us here are likely to never run it, and in cases that we do it's more likely to come from vendors who are themselves installing coreboot as the firmware. In which case this won't matter anyway. So I don't know how I feel about this.
Comment
-
Originally posted by duby229 View PostLinux itself can boot up just about any PC you try to put in on. If the same was true for coreboot it would be much more likely to have a wider userbase. It's sort of like a catch22.
Comment
-
Originally posted by Luke_Wolf View PostYeah... there's that, and there's this whole situation where the motherboard is bricked if coreboot doesn't work and you don't happen to have the right tools to reflash the EEPROM if things go wrong.
Comment
-
I don't want to install coreboot myself because it voids warrenties. I want to use coreboot while keeping my warrenty. Also, every dollar is a vote and that vote only goes toward coreboot if it is preinstalled...preferably by the manufacturer.
Only the most absolutely sophisticated people would flash their motherboard anyways. Anyway, even if coreboot has binary blobs in it, it would still be an improvement. Once coreboot becomes mainstream and widespread, then we can work on dealing with the blobs. Rome wasn't built in a day and sometimes incremental improvements are the most effective path. Also, you gotta lay the foundations before building the rest of the structure.Last edited by Prescience500; 18 February 2015, 06:53 PM.
Comment
-
Originally posted by uid313 View PostMathew always have insightful thoughts.
A solution would be to have a pre-firmware firmware that checks the integrity of the firmware.
If the firmware can be securely confirmed as authentic and official then it boots that firmware.
...
Maybe it could be a physical jumper on the motherboard?
...
The chances of a mainstream manufacturer doing this though is effectively zero.
Originally posted by Prescience500 View PostI don't want to install coreboot myself because it voids warrenties. I want to use coreboot while keeping my warrenty. Also, every dollar is a vote and that vote only goes toward coreboot if it is preinstalled...preferably by the manufacturer.
Only the most absolutely sophisticated people would flash their motherboard anyways. Anyway, even if coreboot has binary blobs in it, it would still be an improvement. Once coreboot becomes mainstream and widespread, then we can work on dealing with the blobs. Rome wasn't built in a day and sometimes incremental improvements are the most effective path. Also, you gotta lay the foundations before building the rest of the structure.
Comment
Comment