Lennart Sorensen wrote:
(3) Aren't floppy drives obsolete? -- No. USB-connected floppy drives are readily available for about $15, and computers can boot from them.
(4) BIOS averages 8 MB? -- WOW! I still don't know how big OpenBIOS is, but I was hoping for something a bit closer to the 8 KB of the original IBM PC. The capabilities of a 386 computer are sufficient for my voting system. Is OpenBIOS really so huge? Does a BIOS have to be?
Rememer that these days they include PCI device enumeration, disk detection, USB support, network booting, sometimes even graphical interfaces to the setup.
And it has to have things like USB support because of people who insist on trying to boot from USB-connected floppies without considering the implications :-)
Obviously, I'm no BIOS expert. I'd appreciate recommendations of good texts or tutorials to bring me up to speed.
Read every source of security advisories you can find, learn to disassemble and analyse other peoples' low-level code, and get a job with somebody who write BIOSes.
If you can't trust the hardware you are running on, then you can't trust anything. Your software will not be able to do anything to restore that trust.
Seconded. Geohot's Sony Playstation hack was a textbook case.