And then have an open root key of trust for the BIOS (= you can sign your own BIOS), but a closed root key of trust for the wifi controller (= only the OEM can sign the wifi/bluetooth stack firmware.) Make sure the rest of the BIOS works without the wifi controller "up". Then ship the motherboard without the wifi/bluetooth stack firmware pre-flashed - with the NAND that the wifi controller initializes from, just empty, such that the wifi controller immediately halts on boot, and the CPU doesn't find it on the bus. modularize the BIOS firmware such that you flash "the BIOS firmware" and "the wifi/bluetooth stack firmware" separately, to separate chips. Why not just have the wifi-controller hardware already there, but strip out the software required to make it do anything?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |