Replace Your Exploit-Ridden Firmware with Linux

Explore a groundbreaking approach to enhancing computer security in this 38-minute conference talk by Ronald Minnich from Google. Learn about NERF (Non-Extensible Reduced Firmware), an open-source software system designed to replace the vulnerable UEFI firmware with a minimal Linux kernel and initramfs. Discover how this innovative solution addresses security concerns raised by the WikiLeaks vault7 release, which exposed potential exploits in proprietary UEFI firmware. Gain insights into the implementation of NERF, its use of the u-root project, and the advantages of utilizing a tiny Linux kernel to improve system security. Delve into Ronald Minnich's extensive background in open-source projects and his contributions to various operating systems, including his invention of LinuxBIOS (now coreboot). Understand the implications of replacing closed-source firmware with an open-source alternative and how it can protect against undetectable exploits in the critical "Ring -2 hypervisor" layer.