From ebbc3d70436b4389e50019921d359b0f6aea144f Mon Sep 17 00:00:00 2001 From: Francis Rowe Date: Sat, 12 Sep 2015 13:54:57 -0400 Subject: FAQ: change the order of some entries --- (limited to 'site/faq/index.php') diff --git a/site/faq/index.php b/site/faq/index.php index cf8e894..6646d39 100644 --- a/site/faq/index.php +++ b/site/faq/index.php @@ -47,8 +47,8 @@ Why is the latest Intel hardware unsupported in libreboot? @@ -151,6 +151,19 @@ The libreboot project strongly recommends that you avoid it entirely, and this means avoiding all recent generations of Intel hardware.

+

Firmware Support Package (FSP) (#fsp)

+

+ On all recent Intel systems, coreboot support has revolved around integrating a blob (for each system) called + the FSP (firmware support package), which handles all of the hardware initialization, including + memory initialization. Reverse engineering and replacing this blob is almost impossible, due to how complex it is. Even for the most skilled developer, + it would take years to replace. Intel distributes this blob to firmware developers, without source. +

+

+ Since the FSP is responsible for the early hardware initialization, that means it also handles SMM (System Management Mode). This is + a special mode that operates below the operating system level. It's possible that rootkits could be implemented there, which could + perform a number of attacks on the user (the list is endless). Any Intel system that has the proprietary FSP blob cannot be trusted at + all. In fact, several SMM rootkits have been demonstrated in the wild (use a search engine to find them). +

CPU microcode updates (#microcode)

All modern x86 CPUs (from Intel and AMD) use what is called microcode. CPUs are extremely complex, @@ -177,19 +190,6 @@ you had the source code. If you try to upload your own modified updates, the CPU will reject them. In other words, the microcode updates are tivoized.

-

Firmware Support Package (FSP) (#fsp)

-

- On all recent Intel systems, coreboot support has revolved around integrating a blob (for each system) called - the FSP (firmware support package), which handles all of the hardware initialization, including - memory initialization. Reverse engineering and replacing this blob is almost impossible, due to how complex it is. Even for the most skilled developer, - it would take years to replace. Intel distributes this blob to firmware developers, without source. -

-

- Since the FSP is responsible for the early hardware initialization, that means it also handles SMM (System Management Mode). This is - a special mode that operates below the operating system level. It's possible that rootkits could be implemented there, which could - perform a number of attacks on the user (the list is endless). Any Intel system that has the proprietary FSP blob cannot be trusted at - all. In fact, several SMM rootkits have been demonstrated in the wild (use a search engine to find them). -

Intel is uncooperative (#intelbastards)

For years, coreboot has been struggling against Intel. Intel has been shown to be extremely uncooperative in general. -- cgit v0.9.1