"Why not just use Coreboot?"

[mjg59]

Why not just avoid the entire Secure Boot problem by using Coreboot? Because the reason we have the Secure Boot problem is because Microsoft's Windows 8 certification requirements mean vendors have to ship a UEFI implementation with Secure Boot. You could satisfy that by using Coreboot with a Tiano payload, but it'll still have Secure Boot enabled so you still have the same set of problems. But maybe you could just reflash your system with Coreboot? No, because another part of the requirements states that all firmware updates have to be cryptographically signed now. The only way to reflash will be to attach a flash programmer directly to your motherboard.

So why not just use Coreboot? Because it doesn't help solve this problem in any way.

Comments

Re: Google will disagree with you for now

[(Anonymous)]

I don't speak for Google either, but developing a custom-software product where you can port your own firmware to a _known_ set of hardware is _very_ different to doing an open-source firmware that is expected to run on all sorts of random systems.

Doing a firmware port can be quite messy, and it requires intimate knowledge of the chipset AND board, including schematics, etc. Sure, it can be reverse engineered from whatever is already there, but in general it would be a 100% reactive project, always having to scramble and fixup things when the vendor does a small hardware modification, etc. Not exactly something that end users can rely on.

Keep in mind that the BIOS is where _all_ the PC manufacturers hide the abstractions to all the crazy stuff they do on hardware, including all the bug workarounds. They can change hardware in the middle of a production run because they can coordinate a firmware that goes on those specific machines, etc. So it'll be a constant churn trying to deal with all of that.