---
layout: event_detail
title: Embedded / Coreboot
event: berlin2016
order: 70
permalink: /events/berlin2016/embedded/
---


- Coreboot cannot (currently) ship binaries.
- SquashFS needs work.
- Proprietary Firmware is involved.  So we cannot ship binaries.
- Cannot read a binary once it is burned in. Or if I can, how can I enssure that what I "read" is really what is installed?
- We want to have assurance of trust.
- Checking that the firmware in flash, is what I wrote into flash?
- If I buy from a vendor how do I know the vendor hasn't put "bad" firmware in it?
- Can we trust the storage?
- I can check the integrity of a hard disk by mounting it read-only on a trusted machine.  But how can I check a flash EEprom on a trusted machine?
- Currently coreboot does not publish any hashes.  Should they publish hashes for standard configurations?
- We should encourage third party vendors to publish hashes of firmware shipped with hardware.
- Coreboot should be encouraged to publish hashes for a select number of standard configurations/boards.