NERF: Replace Your Exploit-Ridden Firmware with Linux

Even Google is concerned about attack vectors with UEFI and Intel’s Management Engine that their NERF project seeks to alleviate some of these concerns and is used by their servers.

NERF is short for the Non-Extensible Reduced Firmware and is their effort to replace most of the UEFI firmware with a small Linux kernel and initramfs while their custom portions of the code are written in the Go programming language.

Here’s a nice talk by Google’s Ronald Minnich:

9 Likes

On a related note Purism claim have found a way to bypass Intel ME altogether in their latest Librem laptops.
https://puri.sm/posts/2017/10/

5 Likes

My first Purism 15 laptop is on its way. :slight_smile:
It takes a while because they are having trouble filing all the orders. I’m also very excited about the phone that will hopefully be released Q1 2019.

3 Likes

Yes they’re a good company - expensive though. Agree the phone looks good. Have they started making the firmware changes already do you know?

2 Likes

Finally! It took about six weeks to get it from the US to Finland, but now I have it. And it’s beautiful!
Coreboot https://www.coreboot.org/ rules!

3 Likes

I’d like to bump this tread by saying I just imported a second Librem 15 laptop and I’m happy. It’s expensive but it’s your machine - not a spying tool the victim is tricked into paying for himself.
(@ElsieDee There is also such a thing as open source firmware.)

3 Likes