You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Write protection could be applied today with Nlnet funded related work inside of dasharo/flashrom, to protect at least coreboot's bootblock region.
But from current documentation, bootblock being near the end of CBFS, but not at a fixed area is problematic for internal firmware upgrades, locking 64kb of space that could lead to brick if coreboot version upgrades are to be applied.
To be tested and documentation at least referred for people willing to sacrifice internal flashing of Heads when a coreboot version bump touching bootblock changes occurred (still untested on my side).
To be addressed when dasharo/flashrom includes kgpe-d16 ast1000 support, currently missing so that flashrom used under Heads is not causing any regression.
The text was updated successfully, but these errors were encountered:
https://osresearch.net/Heads-threat-model/#write-protecting-the-bios-chip-advanced
Write protection could be applied today with Nlnet funded related work inside of dasharo/flashrom, to protect at least coreboot's bootblock region.
But from current documentation, bootblock being near the end of CBFS, but not at a fixed area is problematic for internal firmware upgrades, locking 64kb of space that could lead to brick if coreboot version upgrades are to be applied.
To be tested and documentation at least referred for people willing to sacrifice internal flashing of Heads when a coreboot version bump touching bootblock changes occurred (still untested on my side).
To be addressed when dasharo/flashrom includes kgpe-d16 ast1000 support, currently missing so that flashrom used under Heads is not causing any regression.
The text was updated successfully, but these errors were encountered: