Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: Peter Stuge <peter@...>
Subject: Re: Re: Killing UEFI Secure Boot
Date: Thu, 21 Jun 2012 21:10:09 +0200
Roy Bamford wrote:
> > > I take it the above statement is based on the kernel being
> > > directly placed within the BIOS/firmware/nvram on the board,

This is sometimes called Linux-as-bootloader (LAB/lab for short) in
the coreboot project.


> > > such that you couldn't boot anything else but that kernel?

Yes and no. A kernel can kexec() another program.


> So when you build a dud kernel and flash your BIOS with it, and we
> all build the odd dud, your motherboard is bricked.

Any firmware modification has potential to brick, and shouldn't be
done unless you are comfortable with the modification, or with
solving a brick problem. :)

Keep backup flash chips, if your boot flash is socketed.

There are also several software techniques to eliminate and/or
reduce the brick risk.

Again, if you flash nothing but a kernel into the boot flash then
the machine will just laugh at you in your face and not start.

coreboot has infrastructure for separating normal boot from fallback
boot, for when the normal boot fails.

Writing to the flash chip is not an all-or-nothing operation.
coreboot uses a super simple filesystem for the boot flash, which can
be aligned to eraseblocks in the flash chip, such that only ever the
normal boot "files" are erased and rewritten, while leaving fallback
contents untouched. Even a power outage during flashing will not
brick your machine.


> Get out your JTAG adaptor and another PC I suppose.

PCs don't usually have JTAG as convenient as embedded systems, but
the boot flash can always be written with other suitable dedicated
hardware, from "the outside", as you write.


//Peter
Attachment:
pgpVqtcKvazek.pgp (PGP signature)
Replies:
Re: Re: Killing UEFI Secure Boot
-- Rich Freeman
References:
Re: Killing UEFI Secure Boot
-- Rich Freeman
Re: Killing UEFI Secure Boot
-- Richard Yao
Re: Killing UEFI Secure Boot
-- Richard Yao
Re: Killing UEFI Secure Boot
-- Duncan
Re: Re: Killing UEFI Secure Boot
-- Richard Yao
Re: Re: Killing UEFI Secure Boot
-- Ian Stakenvicius
Re: Re: Killing UEFI Secure Boot
-- Richard Yao
Re: Re: Killing UEFI Secure Boot
-- Roy Bamford
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Re: Killing UEFI Secure Boot
Next by thread:
Re: Re: Killing UEFI Secure Boot
Previous by date:
Re: [pre-GLEP] Optional runtime dependencies via runtime-switchable USE flags
Next by date:
Re: [pre-GLEP] Optional runtime dependencies via runtime-switchable USE flags


Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.