Thanks to all who commented on this thread. It seems clear that OpenBIOS
won't enhance voting security.
Special thanks to _tarl-b2(a)tarl.net_ (mailto:firstname.lastname@example.org) for the tip
on "trusted boot". That hardware/firmware solution appears to go a long
way toward preventing any tampering with BIOS. It isn't really necessary to
have a voting system that is impossible to subvert, as long as there are
techniques like buying absentee ballots, gerrymandering and preventing
certain groups from voting that are far easier to implement or provide far more
votes per dollar.
In a message dated 7/23/2013 4:28:55 P.M. Eastern Daylight Time,
On 2013-Jul-23 16:15 , Mark Morgan Lloyd wrote:
And having the USB keyboard work (which means USB HID support, USB hub
support, USB controller support, PCI support, etc).
Although IIRC there's a simplified protocol for the keyboard,
specifically for BIOS support. I've seen people discussing that in the
context of devices such as the Parallax Propeller which don't really
have USB support.
Not for USB. Whatever they may be talking about, they aren't getting USB
- there's no real way to enable EHCI/OHCI/UHCI/XHCI without implementing
the entire shebang.
Once the control of the hardware has been taken over, there is no way
to take it back.
Or put another way, you might /think/ you've regained full control,
but you can never /know/ :-)
The problem of secure execution is fairly well understood. Google
"Verified Boot" or "Trusted Boot". The implementations that take it
seriously do verification of their PROM, sign it, and the hardware won't
let you start unless the PROM is good. Then the PROM verifies the
signature of each component as it's brought in (I was recently involved
in implementing public key verification for such).
It doesn't guarantee bug-free code, but it verifies that the code you
are running is what you think it is.
Free your System - May the Forth be with you