embedded.md 1.03 KB
Newer Older
1
---
2
layout: new/event_detail
Holger Levsen's avatar
Holger Levsen committed
3
title: Embedded / Coreboot
Holger Levsen's avatar
Holger Levsen committed
4
event: berlin2016
5
order: 70
Holger Levsen's avatar
Holger Levsen committed
6
permalink: /events/berlin2016/embedded/
7 8 9
---


Holger Levsen's avatar
Holger Levsen committed
10 11 12 13 14 15 16 17 18 19 20 21
- Coreboot cannot (currently) ship binaries.
- SquashFS needs work.
- Proprietary Firmware is involved.  So we cannot ship binaries.
- Cannot read a binary once it is burned in. Or if I can, how can I enssure that what I "read" is really what is installed?
- We want to have assurance of trust.
- Checking that the firmware in flash, is what I wrote into flash?
- If I buy from a vendor how do I know the vendor hasn't put "bad" firmware in it?
- Can we trust the storage?
- I can check the integrity of a hard disk by mounting it read-only on a trusted machine.  But how can I check a flash EEprom on a trusted machine?
- Currently coreboot does not publish any hashes.  Should they publish hashes for standard configurations?
- We should encourage third party vendors to publish hashes of firmware shipped with hardware.
- Coreboot should be encouraged to publish hashes for a select number of standard configurations/boards.
22