On 2013-Jul-23 16:15 , Mark Morgan Lloyd wrote:
And having the USB keyboard work (which means USB HID support, USB hub support, USB controller support, PCI support, etc).
Although IIRC there's a simplified protocol for the keyboard, specifically for BIOS support. I've seen people discussing that in the context of devices such as the Parallax Propeller which don't really have USB support.
Not for USB. Whatever they may be talking about, they aren't getting USB - there's no real way to enable EHCI/OHCI/UHCI/XHCI without implementing the entire shebang.
Once the control of the hardware has been taken over, there is no way to take it back.
Or put another way, you might /think/ you've regained full control, but you can never /know/ :-)
The problem of secure execution is fairly well understood. Google "Verified Boot" or "Trusted Boot". The implementations that take it seriously do verification of their PROM, sign it, and the hardware won't let you start unless the PROM is good. Then the PROM verifies the signature of each component as it's brought in (I was recently involved in implementing public key verification for such).
It doesn't guarantee bug-free code, but it verifies that the code you are running is what you think it is.