Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Monday June 24 2019, @11:42PM   Printer-friendly
from the deep-seated-insecurities-and-paranoia dept.

NSA Starts Contributing Low-Level Code to UEFI BIOS Alternative

The NSA has started assigning developers to the Coreboot project, which is an open source alternative to Windows BIOS/UEFI firmware. The NSA's Eugene Myers has begun contributing SMI Transfer Monitor (STM) implementation code for the x86 processor. Myers works for NSA’s Trusted Systems Research Group, which according to the agency’s website, is meant to “conduct and sponsor research in the technologies and techniques which will secure America's information systems of tomorrow.”

Myers published a paper about STM last year on how NSA’s STM implementation could work. All Coreboot code, including all the STM contributions from the NSA, are open source, so anyone could verify that there is no backdoor in there -- in theory.

In practice, the NSA could have also written the code in a less-than-secure way with vulnerabilities that are hard to detect without more experienced security researchers. Alternatively, the NSA could also update this implementation years later, when there are less eyes on the STM implementation and the update would no longer make headlines.

Better to avoid coreboot and feel secure that the hardware could never subvert my expectations of security and privacy. /s


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Tuesday June 25 2019, @12:56PM (1 child)

    by Anonymous Coward on Tuesday June 25 2019, @12:56PM (#859690)

    Better to avoid coreboot

    So who believes that the NSA puts a backdoor in coreboot, but doesn't have one in UEFI? That makes no sense.

    Anyway, the Intel Management Engine and the AMD counterpart are much better places to put secret backdoors in.

  • (Score: 2) by DannyB on Tuesday June 25 2019, @01:15PM

    by DannyB (5839) Subscriber Badge on Tuesday June 25 2019, @01:15PM (#859694) Journal

    Tampering with coreboot can distract from the management engine tampering.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.