Stories
Slash Boxes
Comments

SoylentNews is people

NSA Contributing Low-Level Code to Coreboot UEFI BIOS Alternative

posted by martyb on Monday June 24 2019, @11:42PM   Printer-friendly
from the deep-seated-insecurities-and-paranoia dept.

DannyB writes:

NSA Starts Contributing Low-Level Code to UEFI BIOS Alternative

The NSA has started assigning developers to the Coreboot project, which is an open source alternative to Windows BIOS/UEFI firmware. The NSA's Eugene Myers has begun contributing SMI Transfer Monitor (STM) implementation code for the x86 processor. Myers works for NSA’s Trusted Systems Research Group, which according to the agency’s website, is meant to “conduct and sponsor research in the technologies and techniques which will secure America's information systems of tomorrow.”

Myers published a paper about STM last year on how NSA’s STM implementation could work. All Coreboot code, including all the STM contributions from the NSA, are open source, so anyone could verify that there is no backdoor in there -- in theory.

In practice, the NSA could have also written the code in a less-than-secure way with vulnerabilities that are hard to detect without more experienced security researchers. Alternatively, the NSA could also update this implementation years later, when there are less eyes on the STM implementation and the update would no longer make headlines.

Better to avoid coreboot and feel secure that the hardware could never subvert my expectations of security and privacy. /s

Original Submission

 
This discussion has been archived. No new comments can be posted.
NSA Contributing Low-Level Code to Coreboot UEFI BIOS Alternative | Log In/Create an Account | Top | 38 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Tuesday June 25 2019, @04:29AM (1 child)

    by Anonymous Coward on Tuesday June 25 2019, @04:29AM (#859618)

    Think strategically, FOR the US (not its opponents). This may affect YOU.
    It is excellent that the USA is pointing its resources to this project! You cannot trust UEFI which is proprietary and baked in Microsft's offshore ovens (India, China). Having trustworthy systems is vital for the US military and also the civilian population, industry, power grids, etc.
    So USAians: you cannot foam at the mouth at your own government agencies trying to do their job to keep you alive and safe, AND then complain about all the backdoors and hack attempts, scam calls and other troubles pouring in from those 'other' countries. Pick which side you are on.

  • (Score: 1, Insightful) by Anonymous Coward on Tuesday June 25 2019, @08:01AM

    by Anonymous Coward on Tuesday June 25 2019, @08:01AM (#859644)
    You overstate the usefulness and effectiveness of the NSA in keeping US citizens safe.

    The other non-covert and non-military agencies have done far more to keep US citizens safe.

    Heck I think the US citizens might be safer if the CIA was shutdown and many of them thrown into prison.

    There are lots of countries without an "NSA" and their people are just as safe from China and India as the US people are. And they're more at risk from the USA because of the NSA, CIA etc.