Coreboot cannot (currently) ship binaries. SquashFS needs work. Proprietary Firmware is involved. So we cannot ship binaries. Cannot read a binary once it is burned in. Or if I can, how can I enssure that what I “read” is really what is installed? We want to have assurance of trust. Checking that the firmware in flash, is what I wrote into flash? If I buy from a vendor how do I know the vendor hasn’t put “bad” firmware in it? Can we trust the storage? I can check the integrity of a hard disk by mounting it read-only on a trusted machine. But how can I check a flash EEprom on a trusted machine? Currently coreboot does not publish any hashes. Should they publish hashes for standard configurations? We should encourage third party vendors to publish hashes of firmware shipped with hardware. Coreboot should be encouraged to publish hashes for a select number of standard configurations/boards.