My Questions?

What new or newer computers support flashing of Coreboot without the use of a external programmer?

What Thinkpads do people suggest that support 16GB ram and can be flashed internally with Coreboot or Libreboot?

Does Coreboot and Libreboot disable/remove the CompuTrace DXE module or blobs?
Do you have to use a tool like these?
https://github.com/linuxboot/fiano?tab=readme-ov-file#dxe-cleaner
https://fiedka.app/

>What new or newer computers support flashing of Coreboot without the use of a external programmer?
None

>>P98325
>What Thinkpads do people suggest that support 16GB ram
Thinkpad T430 can do 16GB of RAM and has good battery life.
Also you should be able to flash internally.

Wouldn't it be nice if you could flash the bios at startup every time and have it stored in volatile memory?

Then you wouldn't have to worry about evil maid attacks and other shit, because your bios is just on a key you plug in each time, maybe even bundled with your OS.

Most attacks on a system have the goal of placing persistent rats. If the bios, changeable firmware, OS are all transcient, most vectors of persistent surveillance and compromise are gone.

Boot to ram to a totally blank system, then pull the drive(s) for the bios, firmware, OS, and any unique configuration settings you have. Attackers have a minute or two to compromise those before you put them back in a RF shielded necklace case, but you're not even connected to the internet yet. Then you have encrypted drives for personal files.

Without the necessary drives, the computer is blank of any meaningful data. Each boot up is fresh and free of any compromises from the previous session. Personal data isn't saved on the computer at all, it stays on encrypted drives you can take with you if you're paranoid.

The earliest mechano-digital computers used punch card based programs to process data. When you wanted an operation done, you first loaded the program punch card series to program the computer to do what you wanted.

The big problem with bios is that it's somewhere between actual firmware (which cannot be changed by any convenient means) and software, making it easy enough to tamper with. So why not just make it like software or make it totally firmware? The purpose of being able to change it is to accomodate new hardware and be able to issue updates to deal with bugs, and the reason it's not bundled with the OS is because motherboards aren't standardized.

You can flash some boards every time you boot up, but it's got a risk of bricking your motherboard (which only happens because a bad write can persist on the board and prevent startup) and because there's persistent memory on the boards and multiple components there are bios viruses that can prevent themselves from being wiped, copying themselves from component to component as flashing is occuring.

>most vectors of persistent surveillance and compromise are gone.

most attack vectors of persistent surveillance and compromise are gone.

If the OS/Bios/etc. developers place a rat in the program, then it's there at boot up obviously.

P98371
>You can flash some boards every time you boot up
This is retarded

P98372
DXE bios drivers or modules really are DXE bios drivers or modules

DXE modules are where attack vectors originate in the BIOS.
CompuTrace/LoJack/Absolute© have been know for attack and (((UEFI))) opens up attacks also

>The hooks are then used to divert function calls to the malicious shellcode that the attackers have appended to the CORE_DXE image.

https://www.eset.com/us/about/newsroom/corporate-blog/what-you-need-to-know-about-lojax-the-new-stealthy-malware-from-fancy-bear/
https://www.tomshardware.com/news/moonbounce-malware-hides-in-your-bios-chip-persists-after-drive-formats
https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/

P98414
Ok, but how do I remove the bad ones if a person can't coreboot tho

>t. improvised explosives

P98408
>This is retarded
That's what I thought when I first saw that aids ***** post but then I thought about it and maybe he's not retard. BIOS/UEFI firmware lives on a SPI flash chip on the motherboard. You probably could desolder the chip and replace it with a socket and then you could pop the chip in and out as needed. And if it turns out you can't remove it while the system is running you could at least add a write blocker so no unexpected changes can be made.

ya'll can flash any computer using the jtag bus if you can decode the seat coordinates

P98371
All the ARM instructions to x86 instructions then converted back to assembly make for a kosher disaster of firmware. These "DXE" modules you speak of are just blobs but whats worse this TPM now and not that TPM is bad but TPM being a backdoor like Micro$oft [bold: BitLocker] [spoiler: WHICh iS RaNSoMwARe aS A SeRVIcE
(RaaS)].

Matt DeVillier deviling your Coreboot iamges and putting backdoors in for AMD and (((Blackhawk Datacom)))

m8 well there's hours imo of time on the telephone line to talk about things to come Stupid

Like *****ing all of them, you can read the firmware from /dev/mem in linux if you know how to identify where the code is through the lacking GRUB uefi memory map, you can even microcode update from here, both for the processor and any peripherals supporting it (Intel ME?)

I flash the BIOS all the time (if you know what I mean).

P123416
stfu BIOhazard aids infected coon!

P98325
To answer OP's question, most x86 computer support updating the bios via the 16bit real mode in DOS or equivelent to have memory access to the adress for the bios. But corecuck and libreboot do not use this option as its board/manufacturer specific and would allow easy replacement of botnet bios garbage. In reality some manufacturers only allow patch files from this specific path and uploading a whole BIOS is forbidden at flash time so you have to use SPI or JTAG.
P98613
Libreboot doesn't have such garbage.
P98414
Good to know libreboot and even coreboot are free from these run of the mill bios attacks.
P98371
What if your adversary got ahold of your hardware and put a flash chip with extra storage on the computer to passively observe things in memory or as they passed certain bussess? As good of an idea of completely changeable software for everything is, the opposite is more secure. Everything is written to read only memory and never changes, ever. From the BIOS to the software present for the user space OS. But as a realistic compromise that hardware manufacturers could easily implement, all the software/firmware being changeable is better, see raptor powerpc9 stuff for proof.

P123437

>Libreboot doesn't have such garbage.

Lol so panned, I wonder what libreboot is for and will it make netbsd setup boot on restricted orb hardware (like intel X5 slates).

Libre = free
Boot = get orb manager to work.

This could be a BIOS that allows lin/BSD orbs to be loaded in greencornflakes on Windows-only devices.

P123441
its funny how you were able to get that right without even understanding with a spi is

P123500
>with
what

https://novacustom.com/
You might want to check this out

P123512
lol why dafuq would u pay for tailored access when you could just a computer and do it yourself

P123612
They come with ethical hardware, you can pick the keyboard you'd like and you can order it with tamper evident packaging. It's recommended by the Qubes devs and not all of us want to go through the hassle of looking for FSF-endorsed parts, flashing a custom BIOS, cleaning the IME blah blah blah. Think about it as a macbook for schizos who don't want to get ass*****d by corpos

P123621
think about it as overpaying for computer that you could do yourself with less money just by buying a spi 5v flasher
if you dont learn yourslef then you will continue to lack confidence in you skills and device

BIOS is a corps' attempt to control what users are running on their devices. It has been implemented as they planned in Android phones and perfected in iPhones.

P23896
Agreed. Though I can't come up with better alternatives.

P123966 -> P123896

Is Dasharo any good and does it come with option to store my Monero keys in the BIOS?

P98325
Dell Latitude E6400 and Apple MacBook2,1.