You’d think that with a blog called ‘firmware security’, I’d know about the ‘Wikipedia BIOS feature comparison’ page. But I did not, sad. 😦 The other day I was wishing someone would create a comparision of BIOS implementations and their security features. Luckily, Kevin O’Conner of the SeaBIOS project was kind enough to point this out to me, when I was looking for a SeaBIOS security roadmap:
I’ve been learning more about SeaBIOS, and am impressed with it’s features. I wonder why some Linux OEMs still ship closed-source BIOS systems from IBVs? Given their audience demographic, you’d think they’d be using Linux-based coreboot, and on x86/x64 systems using SeaBIOS. They could be using coreboot Verified Boot + SeaBIOS’s TPM support for a much more secure than they are today. If you’re buying a System76 or ThinkPenguin or other Linux-centric site, ask them what firmware solution they’re giving you.