Embedded / Coreboot
- Coreboot cannot (currently) ship binaries.
- SquashFS needs work.
- Proprietary Firmware is involved. So we cannot ship binaries.
- Cannot read a binary once it is burned in. Or if I can, how can I enssure that what I “read” is really what is installed?
- We want to have assurance of trust.
- Checking that the firmware in flash, is what I wrote into flash?
- If I buy from a vendor how do I know the vendor hasn’t put “bad” firmware in it?
- Can we trust the storage?
- I can check the integrity of a hard disk by mounting it read-only on a trusted machine. But how can I check a flash EEprom on a trusted machine?
- Currently coreboot does not publish any hashes. Should they publish hashes for standard configurations?
- We should encourage third party vendors to publish hashes of firmware shipped with hardware.
- Coreboot should be encouraged to publish hashes for a select number of standard configurations/boards.
Follow us on Twitter @ReproBuilds, Mastodon @firstname.lastname@example.org & Reddit and please consider making a donation. • Content licensed under CC BY-SA 4.0, style licensed under MIT. Templates and styles based on the Tor Styleguide. Logos and trademarks belong to their respective owners. • Patches welcome via our Git repository (instructions) or via our mailing list. • Full contact info