The primary threat model for verified boot is defending against a remote attacker trying to persist on the device, not physical security. Anti-tampering is a secondary and less important threat model for verified boot. Chromebooks don't really bother even trying to do that part.
Conversation
If the owner could re-flash the entire device, it wouldn't be possible for a remote attacker to persist in the first place...?
1
You flash device by interacting with firmware on the device and there are a whole bunch of components which have firmware: SoC firmware including firmware for GPU, media encode/decode, image processing, crypto engine, TEE and much more, touchscreen, battery, USB controller, etc.
2
I guess we're now entering the realm of "what if", but it would be nice to have a ROM that can be used to clean flash it.
(And open source firmware for everything)
1
Open source firmware for everything implies making a new SoC based on open RISC-V core designs and creating a GPU and all the other components like the memory controller, USB controller, battery, touchscreen, TEE, secure element, etc. as part of that too.
2
My desktop workstation has entirely open source firmware (POWER9), so that's basically been done before.
1
2
Talos II has mostly open source firmware but the SoC itself isn't actually open yet and there are still proprietary components. OpenPOWER is open but those POWER9 CPUs are not actually OpenPOWER with open core designs, they just supposedly will be in the future at some point.
2
Aside from the optional SAS controller, the Talos II has only open source firmware.
Hardware != firmware.
1
2
There's plenty of firmware that's part of any modern SoC and IBM doesn't publish all the sources for it.
1
For POWER9, they do.
(POWER10 has been a problem tho)
1
1
2
OpenPOWER setups have fully open firmware in POWER9 - there are no blobs involved (you might end up with some in your BMC, but RCS is working on from-scratch FPGA-based BMC that has none and can be fitted to TALOS || systems)
1
1
I'm not saying there is proprietary firmware for the motherboard, etc. Dropping in a proprietary IBM POWER9 SoC is going to bring proprietary firmware as part of the SoC that's built into it.
1
Show replies