Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protected Regions and other flash protection platform features #39

Open
zaolin opened this issue Oct 6, 2016 · 2 comments
Open

Protected Regions and other flash protection platform features #39

zaolin opened this issue Oct 6, 2016 · 2 comments
Labels
security
Milestone
measuredboot

Comments

@zaolin
Copy link
Contributor

zaolin commented Oct 6, 2016

Hey,

Maybe we want to implement them as well. Or extend the current implementation of coreboot itself. I know only PR is secure but I guess it would be good to have them in a security section with the BP feature.
@osresearch
Copy link
Collaborator

The nonvolatile BP bits are definitely on the list of things to enable (issue #12), as well as experiments with disconnecting/grounding the #WP pin.

Figuring out where to set the PRR is wrapped up with the "how to do upgrades" issue. If the BP bits sufficiently protect the bootblock and allow the hardware root of trust to be established, then it might be sufficient to leave the PRR unlocked in the recovery shell (in ROM). Any updates would invalidate the TPM PCRs, allowing malicious changes to be detected.

@osresearch osresearch added this to the measuredboot milestone Oct 8, 2016
@osresearch
Copy link
Collaborator

The update strategy is also discussed in #17

@tlaurion tlaurion mentioned this issue Aug 27, 2019
Closed
@ln2max ln2max mentioned this issue Aug 3, 2021
Open
tlaurion pushed a commit to tlaurion/heads that referenced this issue May 3, 2024
@tasket
Implement sparse retrieval and writes, issues linuxboot#39 linuxboot#24
7329463
tlaurion pushed a commit to tlaurion/heads that referenced this issue May 3, 2024
@tasket
Finish no-clobber receive mode
822d257 
issues linuxboot#39 linuxboot#24
tlaurion pushed a commit to tlaurion/heads that referenced this issue May 3, 2024
@tasket
Add sparse mode to wyng-extract.sh
50a89d6 
issues linuxboot#24 linuxboot#39
@d-wid d-wid mentioned this issue Dec 20, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
measuredboot
Development

No branches or pull requests
2 participants
@osresearch @zaolin