Announcement

Collapse
No announcement yet.

The NSA Is Looking To Contribute To A New x86 Security Feature To Coreboot

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • The NSA Is Looking To Contribute To A New x86 Security Feature To Coreboot

    Phoronix: The NSA Is Looking To Contribute To A New x86 Security Feature To Coreboot

    The US National Security Agency (NSA) has developers contributing to the Coreboot project...

    http://www.phoronix.com/scan.php?pag...oot-STM-PE-NSA

  • #2
    But x86 is swiss cheese. Maybe they should bet on RISC-V instead.
    But maybe x86 can improve its security and be less insecure than before when Intel finally ditches Hyper-Threading in upcoming Ice Lake.

    Comment


    • #3
      Originally posted by uid313 View Post
      But x86 is swiss cheese. Maybe they should bet on RISC-V instead.
      But maybe x86 can improve its security and be less insecure than before when Intel finally ditches Hyper-Threading in upcoming Ice Lake.
      Fixing x86 security would probably mean letting go of some level of backward compatibility. One example of such feature is SMM.

      Comment


      • #4
        Is anyone besides me paranoid that NSA is getting lazy and they will slip in "unintentional" bugs into the project?

        Comment


        • #5
          Originally posted by DoMiNeLa10 View Post
          Is anyone besides me paranoid that NSA is getting lazy and they will slip in "unintentional" bugs into the project?
          No, unfortunately I'm inherently deeply suspicious of anything they do and assume malicious intent. :/

          Comment


          • #6
            Originally posted by DoMiNeLa10 View Post
            Is anyone besides me paranoid that NSA is getting lazy and they will slip in "unintentional" bugs into the project?
            Speculation - as long as the contribution is open, people can analysze and object (and fix). I think the main motivation is rather that the security hole to be fixed is more advanageous than not fixing it. But again, that is also speculation. Who knows... its the NSA.

            Comment


            • #7
              Originally posted by uid313 View Post
              But x86 is swiss cheese. Maybe they should bet on RISC-V instead.
              But maybe x86 can improve its security and be less insecure than before when Intel finally ditches Hyper-Threading in upcoming Ice Lake.
              More like Intel is swiss cheese. AMD has less vulnerabilities.

              Comment


              • #8
                Their core goal is to ensure breakage, but the code is open, so verify, then trust should be ok.

                Comment


                • #9
                  Originally posted by DoMiNeLa10 View Post
                  Is anyone besides me paranoid that NSA is getting lazy and they will slip in "unintentional" bugs into the project?
                  You're more than welcome to audit every pr they submit

                  Comment


                  • #10
                    Originally posted by bachchain View Post

                    You're more than welcome to audit every pr they submit
                    There is kleptography, so even though something is open source and you can audit it, it might be very difficult to discover what it really does.

                    Comment

                    Working...
                    X