Originally posted by Adarion
View Post
To be as clear as possible: the PSP must run during system startup. It runs before the x86 cores are even taken out of reset, since it is responsible for doing so. Partly as a result of its position to do this low level setup, it has basically the highest privilege level possible within the system. The closest analogy is that coreboot is just a guest within the PSP-controlled environment, best case -- just because someone decorates a prison nicely doesn't make it any less of a prison.
To put things another way, here's semi-equivalent code for just part of the PSP. This is the SBE on POWER: https://git.raptorcs.com/git/talos-sbe You're OK with code that is handling such low level tasks, including verification of firmware signatures and denial of boot, to be completely closed source, mutable by AMD, and completely 100% unmodifiable by you, the owner of the platform? If so, what is the interest in coreboot? Would you be OK if AMD offered a proprietary coreboot-like system that you couldn't touch, as long as it was fast to boot and more minimal than UEFI? Maybe that'd be more attractive commercially to AMD than having to deal with any open source for boot firmware, given the public history and rationale behind AGESA and BinaryPI?
If you have to run Windows, you've already lost. This discussion is only relevant for non-Windows systems where data slurp becomes a real concern at lower levels. Running Windows, you've already agreed to it, there's not even a fig leaf of privacy there.
Comment