Random comments on LinuxBIOS

Eric W. Biederman ebiederman at lnxi.com
Thu Apr 17 02:37:00 CEST 2003

Adam Agnew <agnew at cs.umd.edu> writes:

> The one in question is  6,185,678
> http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=/netahtml/search-adv.htm&r=1&f=G&l=50&d=PTXT&p=1&p=1&S1=(William+AND+Arbaugh)&OS=William+AND+Arbaugh&RS=(William+AND+Arbaugh)

That was an interesting read.  At least I now have an idea of what
Bill was thinking of.  Most interesting is that there is not a mechanism
for the trust to go both ways.   In particular how is the loaded
code to know it is running on a trusted system.

In addition there are some fundamental things in his description 
that I would simply not implement as described.  Nastily extending
DHCP and TFTP when IPsec could be used.  And in general I don't think
any trust is needed at all of the Network Packets.  Just the loaded
image needs to carry a signature that can be verified.

And the description does not address when the system has exploitable
bugs.  In particular systems like the X-box can be compromised with buffer
overflows and other security standard security holes.  Allowing an untrusted
application to gain special privileges on the machine.

This is not to say that strong/trusted integrity checks of the components
of the system are a bad idea.  But rather to show that simply loading
trusted components does not give a secure system.  That requires only
trusting bug free software which as an engineering assumption is impossible.

> And from my understanding, it's owned by the U of Penn and comes down to
> their decision when an open source implementation can be released.

The universities playing with ``IP'' and stifling innovation...

More information about the coreboot mailing list