1. in you suggestion. When you are flash the rom, if sth go wrong (lose power), you will corrupt your rom. 2. are you going to use fallback image with normal image? If so you can disable the write to last 128K ( fallback image part) via HW jumper. ---- No one could change the fallback image without remove the jumper. Some MB already have that for last 64k.
YH
-----Original Message----- From: linuxbios-bounces@linuxbios.org [mailto:linuxbios-bounces@linuxbios.org] On Behalf Of Jim Gettys Sent: Thursday, March 23, 2006 7:26 AM To: LinuxBIOS Subject: [LinuxBIOS] [Fwd: Hardware Write-Protect for BIOS & EC]
OK, here's the proposed solution for write protect of the OLPC BIOS.
Short of phishing attacks, I think it should suffice; but I'd like people here to shoot at the scheme in case I'm missing something. Regards, - Jim
Lu, Yinghai wrote:
- in you suggestion. When you are flash the rom, if sth go wrong (lose
power), you will corrupt your rom. 2. are you going to use fallback image with normal image? If so you can disable the write to last 128K ( fallback image part) via HW jumper. ---- No one could change the fallback image without remove the jumper. Some MB already have that for last 64k.
I think that having a 'you can never write this' bios image would be useful. The power fail scenario is a concern.
ron
I think that having a 'you can never write this' bios image would be useful. The power fail scenario is a concern.
Many flash parts support a hardware lock where you can set a split. Areas that have been hardware locked can only be reprogrammed via the right programming voltage which is normally much higher than Vcc.
-- Richard A. Smith
Picking a flash device with a boot block that cannot be rewritten just via any possible software routine alone and only by being combined with hardware intervention will work.
The parts that require a higher programming voltage that Richard mentions is one good possible way.
This would also recover a damaged BIOS attacked by even phishers.
If the flash update was somehow corrupted via power interruption, infected BIOS update with a good checksum, etc. the boot section would still have an good booter.
-Bari
Richard Smith wrote:
I think that having a 'you can never write this' bios image would be useful. The power fail scenario is a concern.
Many flash parts support a hardware lock where you can set a split. Areas that have been hardware locked can only be reprogrammed via the right programming voltage which is normally much higher than Vcc.
-- Richard A. Smith
-
Bari Ari -
Lu, Yinghai -
Richard Smith -
Ronald G Minnich