Embedded / Coreboot
- Coreboot cannot (currently) ship binaries.
- SquashFS needs work.
- Proprietary Firmware is involved. So we cannot ship binaries.
- Cannot read a binary once it is burned in. Or if I can, how can I enssure that what I “read” is really what is installed?
- We want to have assurance of trust.
- Checking that the firmware in flash, is what I wrote into flash?
- If I buy from a vendor how do I know the vendor hasn’t put “bad” firmware in it?
- Can we trust the storage?
- I can check the integrity of a hard disk by mounting it read-only on a trusted machine. But how can I check a flash EEprom on a trusted machine?
- Currently coreboot does not publish any hashes. Should they publish hashes for standard configurations?
- We should encourage third party vendors to publish hashes of firmware shipped with hardware.
- Coreboot should be encouraged to publish hashes for a select number of standard configurations/boards.
Follow us on Twitter @ReproBuilds and please consider making a donation. Content licensed under CC BY-SA 4.0, style licensed under MIT. Templates and styles based on the Tor Styleguide. Logos and trademarks belong to their respective owners. Patches welcome via our Git repository (instructions) or via our mailing list.