The three responses I've seen so far were all negative, but also puzzling to me.  I'll try to address the key points in the response that is copied below, as well as those in the other two responses.
 
(1) Why floppies? -- (a) Because they are limited in storage, and non-electronic.  The smaller the memory, the harder it is to hide something malicious in it, and the easier to check it.  (b) Because they are inexpensive.  Any entity wishing to verify voting results needs one memory device for every voting machine.
 
(2) Aren't floppies unreliable? -- No.  Since I started keeping track of my public voting demos in 2002, I have used 992 diskettes without a single failure between starting voting and archiving results.  (That's not 992 different new diskettes; each is used over and over again unless a check done at startup reveals possible unreliability.)
 
(3) Aren't floppy drives obsolete? -- No.  USB-connected floppy drives are readily available for about $15, and computers can boot from them.
 
(4) BIOS averages 8 MB? -- WOW!  I still don't know how big OpenBIOS is, but I was hoping for something a bit closer to the 8 KB of the original IBM PC.  The capabilities of a 386 computer are sufficient for my voting system.  Is OpenBIOS really so huge?  Does a BIOS have to be?
 
(5) Hypervisor?  Virtual machine?  Address remapping?  Infectious native BIOS? -- If a modern computer has no hard drive connected, what happens when it boots from a floppy?  There is a boot sector on the diskette (which is verified by hash code); doesn't that control what happens next?  Why can't the floppy contents take control of the computer? 
 
Obviously, I'm no BIOS expert.  I'd appreciate recommendations of good texts or tutorials to bring me up to speed.
 
Chuck Gaston
 
 
 
In a message dated 7/19/2013 9:04:29 A.M. Eastern Daylight Time, Nick.Couchman@seakr.com writes:
>>> On 2013/07/19 at 06:01, <SAVIOCvs@aol.com> wrote:
> I developed a voting system (see _www.SAVIOC.com_ (http://www.SAVIOC.com) )
> that uses ordinary old PCs,  yet is more transparent and trustworthy than
> anything else in use  today.  All software, including the operating system
> (FreeDOS) boots from a  floppy that can be verified by hash code.  The PC
> never uses the hard  drive, and doesn't even need one.  Trustworthiness
> comes
> from people  with different interests being able to prevent each other from
> doing anything  fraudulent.  I think the only significant potential
> vulnerability is that  someone with physical access to the machines could
> install a
> malicious  BIOS.  Learning about the OpenBIOS project gave me hope of
> overcoming that  vulnerability.

> (1)  Is my hope justified?  Can a PC be booted from a floppy that 
> completely replaces the native BIOS in RAM, and then loads FreeDOS?  (Can 
> the
> possibility of a malicious BIOS be made a non-issue?)

> If all answers are YES, then the remaining very basic questions become 
> important.

Perhaps this is a digression, but why a floppy?  If you're using old hardware, that's fine, but at some point you probably want to use modern hardware, and I don't know of a modern hardware system that comes with a floppy drive, anymore.  Furthermore, my many years of experience with floppy disks tells me that they are unreliable - very prone to failures of a variety of types (dirty heads, physical damage to the medium, etc.).  Many of these types of failures mean mis-reads, which means bad checksums and failures in the security model you're trying to implement.  If you're looking for something compatible with very old hardware - hardware that does not support booting from USB flash drives - I'd recommend finding some older IDE flash chips (disk on chip) that you can use, instead.  These are probably pretty cheap, now, and should give you the capacity and reliability that you won't get with floppy disks.


> (2)  Roughly how much space on the floppy would be required?

You can build the OpenBIOS tree and see how large the binary is.  I don't remember off the top of my head, so I can't tell you.  Many modern BIOS implementations are several MB - I believe 8MB is the average BIOS size (not openBIOS, just BIOS in general), with some as large as 12MB.  This presents another problem when using floppies...you'd need multiple ones.

> (3)  What downloads would I need?  OpenBIOS AND OpenFirmware AND  OpenBOOT?
>  Anything else?

Probably just OpenBIOS.

> (4)  How are they downloaded? 
> http://www.openfirmware.info/index.php/Downloads displays  a page
> beginning, "This page has been deleted."  All other links that imply  the
> possibility
> of downloading reach a page headlined, "The  page cannot be displayed".


SVN check-out of the current source tree and build.  Decently modern versions are also included with Qemu, IIRC.

-Nick




--------
This e-mail may contain confidential and privileged material for the sole use of the intended recipient.  If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information.  In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way.  If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox.  Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR.

--
OpenBIOS                 http://openbios.org/
Mailinglist:  http://lists.openbios.org/mailman/listinfo
Free your System - May the Forth be with you