On Wednesday 30 January 2008, Corey Osgood wrote:
I think what he was trying to say is that if you give coreboot, say, a FILO payload set up to boot from some medium, with no support for any other medium, then there's no switch you can throw, short of flashing a new bios onto the board.
Exactly. With FILO or grub2 as payload you can enforce the loading of a kernel from disk with specified arguments. This will also allow (re-) installation after entering a password. This is secure until someone uses a screwdriver and opens the case.
You can use the TPM (if you have one) then. This is secure until someone uses a soldering iron.
You can manufacture your own fully integrated chips with TPMs. These will be secure until someone uses the on-chip equivalent of a soldering iron: http://www.cl.cam.ac.uk/~mgk25/sc99-tamper.pdf
And so on, and so on... How much time and money are you willing to spend?
Torsten