I think this means we will eventually see a fully open source Coreboot/Libreboot soon. Someone correct me if I am wrong please!

the openSIL github repo

I’m not clear about where this API sits relative to the AMD Platform Security Processor.

found via this post: https://lemmy.world/post/134243

  • duncesplayed@lemmy.one
    link
    fedilink
    English
    arrow-up
    32
    ·
    edit-2
    2 years ago

    When you power on a computer, before any software (any operating system) has a chance to run, there’s “firmware” (kind of similar to software, except stored directly in the motherboard) that has to get things going (called “Platform Initialization”). Generally the two jobs of the Platform Initialization firmware: (1) to detect (and maybe initialize) some hardware; and (2) to find the operating system and boot the operating system.

    We have a standard interface for #2, which is called UEFI. But for #1, it’s always been sort of a mysterious black box. It necessarily has to be different for every chipset/every motherboard. Manufacturers never really saw much reason to open source it. The major community-driven open source project at doing #1 is called “coreboot”. Due to the fact that it requires a new implementation for every chipset/motherboard and they are generally not documented (and may require some reverse-engineering of the hardware), coreboot has very very limited support.

    So what AMD is open sourcing here is a collection of 3 C libraries which they will be using in all of their firmware, going forward. These libraries are not chipset/motherboard-specific (you still need custom code for each motherboard) and do not implement UEFI (you would still need to implement UEFI/bootloader on top of it), but they’re helper functions that do a lot of what’s needed to implement firmware. I just took a cursory look through the source code, but I saw a lot of code in there for detecting RAM DIMMs (how much RAM, what kind of RAM, etc.), which is useful code. (Edit: I just read through the Wikipedia article on coreboot and it says “The most difficult hardware that coreboot initializes is the DRAM controllers and DRAM. In some cases, technical documentation on this subject is NDA restricted or unavailable.”. So if they can make use of AMD openSIL’s DRAM code, that could be a very big win!!)

    The fact that AMD is going to use this in their own firmware, and also make it available for coreboot under an MIT licence, means that coreboot may* have a much easier time in the future supporting AMD motherboards.

    * we will see

    • Crotaro@beehaw.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      But wouldn’t opening up such an important (from what I understand) part of a computer to everyone mean that malicious actors have a much easier time doing malicious stuff? I understand (and support) that enthusiasts will have many more options when presented with the actual code to a program. Nonetheless, I can’t help but feel like if you give everyone a tour and show them how their super secure door locks work, including how to break them open, then those that want to break in, will be very happy about it and the security system quickly becomes useless.

      Please feel free to correct me on wherever I am wrong. I tried reading through the article, but I only understand a fraction of it.