On Thu, Sep 26, 2024 at 11:18:22AM -0400, Hendrik Boom wrote:
> On Thu, Sep 26, 2024 at 08:12:06AM -0600, the pterodactyl wrote:
> > what is to
> > stop a root attacker from entering and inserting something
> > nefarious in a PC's UEFI firmware? (I curse Microsoft et al for
> > foisting this UEFI abomination on the world every time I think of it.)
>
> Hard to find machines without it nowadays. Even configuring it to use
> so-called "legacy boot" just emulates legacy boot on top of UEFI.
>
> My laptop uses a version of coreboot. That's the way I bought it new.
> But it is aging. I wish it still had working audio hardware and an
> actual battery.

I tried coreboot a few years back, flashing through a Pi, but since my
Gigabyte motherboards have two (2) BIOS flash chips (one primary, one
failsafe), I couldn't get the failsafe to stop detecting a "problem"
with the newly flashed image and overwriting it, leaving me back at
square one. Possibly some kind of signature authentication failure. Dunno.

Probably won't go Gigabyte again. If I have the enough quatloos I'll
get open-source/open-hardware boxen from that outfit in Denver.
System76 is it? Don't recall, but its off the table for the time being.

What I'd *really* like to see is a full-tower "PC" box based on RISC-64.
I still use Intel but I don't trust them as far as I can throw them ever
since they integrated that encrypted MEI/ARC nonsense in the CPU die (2013,
I believe). It would be good to say adios to Intel. 4,500 pages of
documentation, while of good quality, is too much for a CPU that I need
to be able to trust. And RISC-64 just *feels* clean like spring water. I
have a 3x5 production board somewhere around here from SiFive in Austin,
and I was surprised how fast it was running Linux. It is similar in
features to a Pi. Also, no UEFI. :)

Regards,