Hello everybody!
On Sunday 27 January 2008, Peter Stuge wrote:
On Sun, Jan 27, 2008 at 11:32:26PM +0100, Torsten Duwe wrote:
DRM does not work.
I think this is because it tries to provide an all-encompassing solution to a generic problem.
No, because it tries to provide a technical solution to a social phenomenon percieved as a problem.
"Securing machines against the user" is also very generic. If you can be more specific, Phillip, perhaps we can offer some suggestions.
Yepp. A defense strategy needs an attack scenario first.
I'm fully aware that *every* security can be broken - it's always a question of how much money/time gets invested (both by the defender, and the attacker).
The scenario is to protect the system installation against the user. - Using some operating system unencrypted - boot from a CD. - Protect the boot order - reset the CMOS. - Store important information in the CMOS.
That's my thoughts by now.
Of course, you'd need a dead-man switch in the case (that deletes the CMOS), but that's available in quite some cases - just connect the cable to the right motherboard position, and you're find (if it's the correct switch - close/open).
Simply substituting the BIOS with another one won't be so easy.
If it's a notebook, possibly a hardened one, getting to the motherboard might mean some work - and tripping the intrusion detection.
All I'm asking for is a BIOS password, that gets stored as a salted hash in a fixed location in the CMOS - then a system installation process can write some generated value there, and use that for harddisk encryption.
Securing the hardware is necessary, too - but there coreboot won't help me :-)
Thank you for your answers!
Regards,
Phil