Flashing bios internally with coreboot

I am thinking about flashing coreboot (skulls to be exact) on my x230, but then I realised, wouldn’t internal flashing be a major security risk? If someone gets root on my pc they could reflash my bios and infect my computer on hardware level, but at the same time if I have internal flashing disabled it will be really inconvenient and also risky to reflash my bios externally every time an update comes out, and having an outdated bios also is a security risk.

You people seem like you know more about this stuff then I do, anything I’m overlooking? What would be the best option?

I am not a security expert, but if someone has root access on your computer don’t you have other considerations than a hacked BIOS?

IMHO, BIOS-level stuff is outside of “regular” security concerns.

Well, if some exploit gains bios acces, it’ll persist even if you completely install another OS, so it’s a major security risk, if some person gains root acces, and flashes your bios, you’re even more toast.

just fwiw - i came across this today which made me a little nervous about using coreboot in the future:

As long as it stays open source and is audited, I don’t see anything to worry about. I mean the NSA of course also wants security and privacy on their machines, it makes sense for them to contribute to the project.

1 Like