"Mike Shields" mshields@yarcom.com writes:
Greetings,
Mike Shields here. I am new to the list and to LinuxBIOS in general. I have searched the list archives and have read Adam Agnew's (et al) paper on booting Win2K on top of the stackable Open Source BIOS, as well as several other papers by William Arbaugh and coauthors on secure booting and secure BIOS.
I am a consultant for SPAWAR (part of the US Navy) working on a project to make USN computers running windows more secure. I have been asked to give a short presentation to some SPAWAR and FNMOC people on June 29th as part of a project conference. The points I need to cover are the differences between current BIOS and LinuxBIOS and the advantages of the latter. We are trying to convince Dell (SPAWAR has a huge contract with Dell to supply computers to the navy) to give us the information to port LinuxBIOS to their systems. One misconception I must deal with is that many people think Windows won't load over LinuxBIOS (I have Adam's paper showing otherwise).
The simple proof is that ADLO uses the BIOS from bochs simply ported to real hardware, and bochs loads windows regularly.
You will also likely need to work with the cpu and chipset vendors to get the information needed to port LinuxBIOS. Usually motherboard vendors do not get beyond motherboard schematics information wise. Simply because they don't make the chips on the motherboards. At this time I don't have a clue how much overlap you will have with the current work.
If it makes any difference you can use the name freebios as that is an alias of LinuxBIOS, that is not quite so Linux centric :)
I know very little about LinuxBIOS other than what I have read on www.linuxbios.org, my scans of the archive, and a short paper form Nicholus Andrews at Linux Labs. I was hoping to get some success stories on booting windows on top of LinuxBIOS, or other information I could use in my short presentation.
There are a few rough edges with ADLO currently. (For some reason it has some motherboard specific code.) So in doing a production deployment you will be breaking ground.
So some advantages of an open source BIOS. 1) It is open source so you can implement any boot policy you choose, and can implement. 2) LinuxBIOS is open source so you don't have to worry about security through obscurity, the code can be and is peer reviewed. 3) The core of LinuxBIOS is simpler and at a higher level then a traditional BIOS so it is easier to port. Being in C it certainly widens the pool of people who can work on the project. 4) A security implementation in LinuxBIOS would be about security for the user, instead of about ensuring hardware is trusted. 5) As a research/prototype platform you have much more control of what ultimately is going on. 6) LinuxBIOS is the firmware of choice for supercomputers at top secret government labs, so we must be doing something right :) 7) If you were really creative with BIOS level controll you could run a monitor in System Management Mode that could keep an eye on Windows.
I have a very hard time seeing Windows and security as anything but an oxymoron. Not that Linux is much better. The old security study on MULTICs security is fascinating on that subject. I also don't see a major role of the firmware tightening up security. That being said I have no problems with booting Windows from LinuxBIOS.
Eric