Thanks to all who commented on this thread. It seems clear that OpenBIOS won't enhance voting security.

Special thanks to _tarl-b2@tarl.net_ (mailto:tarl-b2@tarl.net) for the tip on "trusted boot". That hardware/firmware solution appears to go a long way toward preventing any tampering with BIOS. It isn't really necessary to have a voting system that is impossible to subvert, as long as there are techniques like buying absentee ballots, gerrymandering and preventing certain groups from voting that are far easier to implement or provide far more votes per dollar.

Chuck Gaston

In a message dated 7/23/2013 4:28:55 P.M. Eastern Daylight Time, tarl-b2@tarl.net writes:

On 2013-Jul-23 16:15 , Mark Morgan Lloyd wrote:

...

...

And having the USB keyboard work (which means USB HID support, USB hub support, USB controller support, PCI support, etc).

Although IIRC there's a simplified protocol for the keyboard, specifically for BIOS support. I've seen people discussing that in the context of devices such as the Parallax Propeller which don't really have USB support.

Not for USB. Whatever they may be talking about, they aren't getting USB - there's no real way to enable EHCI/OHCI/UHCI/XHCI without implementing the entire shebang.

...

Once the control of the hardware has been taken over, there is no way to take it back.

Or put another way, you might /think/ you've regained full control, but you can never /know/ :-)

The problem of secure execution is fairly well understood. Google "Verified Boot" or "Trusted Boot". The implementations that take it seriously do verification of their PROM, sign it, and the hardware won't let you start unless the PROM is good. Then the PROM verifies the signature of each component as it's brought in (I was recently involved in implementing public key verification for such).

It doesn't guarantee bug-free code, but it verifies that the code you are running is what you think it is.