Firewalls and BIOS's and Coreboot (2020)

Summary

I’m into computer security a little bit and always striving to learn more. I’m also a firm believer in Open Source software. In Proprietary software you don’t know really know what’s going on. Case in point: Alexa, Siri, Hey Google. They say it isn’t spying on you but you know that it is. With Open Source software you can view the code and see if any hanky panky is going on. There are a lot of Open Source Operating Systems such a Linux. But here’s the catch. You run your Open Source OS which gets launched by a firmware (BIOS – Built In Operating System) which is PROPRIETARY!. Also it can prevent you from installing a 3rd party device such as a battery, or charging brick. Major exploits such as HeartBleed (remember that scare a few years ago) live and breathe in the firmware. You can slick the OS, change the hard drive all you want but you are still compromised AND YOU DON’T EVEN KNOW IT. Let’s lay out a scenario. I had a hardware firewall from a company called Netgate and it runs software called pfSense which is basically FreeBSD Unix. Netgate sells the hardware with the software installed. Netgate also allows you to run an Open Source BIOS called Coreboot. What’s the downside here? Not much except for COST. Netgate sells you overpriced hardware. No doubt about it. You can get firewall appliances for a fraction of the cost and install pfSense yourself. So I did that. I bought an appliance DIRECTLY FROM CHINA. Minisys E3845 Firewall Appliance It was dirt cheap and it had pfSense on it as well. So I formatted the drive and did a fresh install of pfSense myself and felt like I accomplished something. The reality is my firewall appliance COULD be compromised with a Chinese BIOS. I don’t know, I’m not sure, but it could be. Since I learned about Coreboot I am just not taking any chances anymore. I bought a new appliance from a company called ProtectLI. You can get the firewall pre-configured with the latest version of Coreboot and best of all they release pre-built firmw...