Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Firmware is not protected by Secure Boot. It can be protected by things like Boot Guard, but at least that one (Intel's) requires pairing the board and the CPU, so it can only be done in laptops and other prebuilt OEM systems.


What do you mean by firmware here?

Microcode? No it's not. But as long as you only load bootloaders or operating systems that are signed, it doesn't matter that they could fiddle with the bits as long as the signature guarantees they don't (in any undesired way).

Or ME? Well, that seems to be a complete security nightmare.


Microcode is protected by its own signing thing, IIUC.

Firmware is both ME firmware and x86 firmware — the UEFI implementation, FSP, everything else that runs on early boot.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: