Also keep in mind another important thing: don't federate your opponents.. (and don't create new ones!) Don't forget that the first Xbox platform was cracked because people wished to run Linux on that hardware, it was not the feat of some "warez crackers".. When people will think that is morally acceptable to circumvent "security mesures" because these block their legitimate use (or perceived as this..) is game over.. Don't design your solution as a magical "silver bullet" making your platform universally hacker-proof in any possible situation. Security is only effective when one carefully integrate it in every critical component of the system and when all the possible use cases are evaluated. This implies that the "security perimeter" must be very well defined and understood. Practically, IMHO this mean that these kind of "platform security mesures" can work only for very specific "appliances" (in other words designed for a very specific use, eg "game console", "dvd player", etc..)
Just my 2 (euro-)cents Florentin
Quoting Torsten Duwe duwe@lst.de:
On Wednesday 30 January 2008, Corey Osgood wrote:
I think what he was trying to say is that if you give coreboot, say, a FILO payload set up to boot from some medium, with no support for any other medium, then there's no switch you can throw, short of flashing a new bios onto the board.
Exactly. With FILO or grub2 as payload you can enforce the loading of a kernel from disk with specified arguments. This will also allow (re-) installation after entering a password. This is secure until someone uses a screwdriver and opens the case.
You can use the TPM (if you have one) then. This is secure until someone uses a soldering iron.
You can manufacture your own fully integrated chips with TPMs. These will be secure until someone uses the on-chip equivalent of a soldering iron: http://www.cl.cam.ac.uk/~mgk25/sc99-tamper.pdf
And so on, and so on... How much time and money are you willing to spend?
Torsten
-- coreboot mailing list coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot