Stories
Slash Boxes
Comments

SoylentNews is people

NSA Contributing Low-Level Code to Coreboot UEFI BIOS Alternative

posted by martyb on Monday June 24 2019, @11:42PM   Printer-friendly
from the deep-seated-insecurities-and-paranoia dept.

DannyB writes:

NSA Starts Contributing Low-Level Code to UEFI BIOS Alternative

The NSA has started assigning developers to the Coreboot project, which is an open source alternative to Windows BIOS/UEFI firmware. The NSA's Eugene Myers has begun contributing SMI Transfer Monitor (STM) implementation code for the x86 processor. Myers works for NSA’s Trusted Systems Research Group, which according to the agency’s website, is meant to “conduct and sponsor research in the technologies and techniques which will secure America's information systems of tomorrow.”

Myers published a paper about STM last year on how NSA’s STM implementation could work. All Coreboot code, including all the STM contributions from the NSA, are open source, so anyone could verify that there is no backdoor in there -- in theory.

In practice, the NSA could have also written the code in a less-than-secure way with vulnerabilities that are hard to detect without more experienced security researchers. Alternatively, the NSA could also update this implementation years later, when there are less eyes on the STM implementation and the update would no longer make headlines.

Better to avoid coreboot and feel secure that the hardware could never subvert my expectations of security and privacy. /s

Original Submission

 
This discussion has been archived. No new comments can be posted.
NSA Contributing Low-Level Code to Coreboot UEFI BIOS Alternative | Log In/Create an Account | Top | 38 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Insightful) by PartTimeZombie on Tuesday June 25 2019, @12:50AM (2 children)

    by PartTimeZombie (4827) on Tuesday June 25 2019, @12:50AM (#859561)

    RandomFactor might be assuming that the NSA will act in his interests just because he lives in the US.

    Starting Score:    1  point
    Moderation   0  
       Troll=1, Insightful=1, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 1) by RandomFactor on Tuesday June 25 2019, @10:36PM (1 child)

    by RandomFactor (3682) Subscriber Badge on Tuesday June 25 2019, @10:36PM (#859892) Journal

    Personally? No, i'm part of the faceless masses, they would sacrifice me in .001 seconds to give some random adversary a hangnail...for the greater good.
     
    However I do believe they will act as directed in the country's interests.
     
    And you can count on widely adopted firmware code being audited at a scale and to a depth rarely seen, with every security group wanting a name, every government with a stake and every hacking group in existence fuzzing and fiddling with it.

    --
    В «Правде» нет известий, в «Известиях» нет правды

    • (Score: 2) by PartTimeZombie on Tuesday June 25 2019, @10:48PM

      by PartTimeZombie (4827) on Tuesday June 25 2019, @10:48PM (#859897)

      However I do believe they will act as directed in the country's interests.

      That might be where we part ways.

      I am sure they will act in what they think will be your country's interests, but that might not align with your interests.

      Particularly if happen to be in the cannon-fodder class.