Embedded / Coreboot

  • Coreboot cannot (currently) ship binaries.
  • SquashFS needs work.
  • Proprietary Firmware is involved. So we cannot ship binaries.
  • Cannot read a binary once it is burned in. Or if I can, how can I enssure that what I “read” is really what is installed?
  • We want to have assurance of trust.
  • Checking that the firmware in flash, is what I wrote into flash?
  • If I buy from a vendor how do I know the vendor hasn’t put “bad” firmware in it?
  • Can we trust the storage?
  • I can check the integrity of a hard disk by mounting it read-only on a trusted machine. But how can I check a flash EEprom on a trusted machine?
  • Currently coreboot does not publish any hashes. Should they publish hashes for standard configurations?
  • We should encourage third party vendors to publish hashes of firmware shipped with hardware.
  • Coreboot should be encouraged to publish hashes for a select number of standard configurations/boards.

Follow us on Twitter @ReproBuilds & Reddit and please consider making a donation. • Content licensed under CC BY-SA 4.0, style licensed under MIT. Templates and styles based on the Tor Styleguide. Logos and trademarks belong to their respective owners. • Patches welcome via our Git repository (instructions) or via our mailing list. • Full contact info