[OpenBIOS] Secure BIOS for voting?

Lennart Sorensen lsorense at csclub.uwaterloo.ca
Fri Jul 19 15:35:47 CEST 2013 

On Fri, Jul 19, 2013 at 08:01:22AM -0400, SAVIOCvs at aol.com wrote:
> I developed a voting system (see _www.SAVIOC.com_ (http://www.SAVIOC.com) ) 
> that uses ordinary old PCs,  yet is more transparent and trustworthy than 
> anything else in use  today.  All software, including the operating system 
> (FreeDOS) boots from a  floppy that can be verified by hash code.  The PC 
> never uses the hard  drive, and doesn't even need one.  Trustworthiness comes 
> from people  with different interests being able to prevent each other from 
> doing anything  fraudulent.  I think the only significant potential 
> vulnerability is that  someone with physical access to the machines could install a 
> malicious  BIOS.  Learning about the OpenBIOS project gave me hope of 
> overcoming that  vulnerability.
>  
> (1)  Is my hope justified?  Can a PC be booted from a floppy that  
> completely replaces the native BIOS in RAM, and then loads FreeDOS?  (Can  the 
> possibility of a malicious BIOS be made a non-issue?)
>  
> If all answers are YES, then the remaining very basic questions become  
> important.
>  
> (2)  Roughly how much space on the floppy would be required?
> (3)  What downloads would I need?  OpenBIOS AND OpenFirmware AND  OpenBOOT? 
>  Anything else?
> (4)  How are they downloaded?  
> http://www.openfirmware.info/index.php/Downloads displays  a page 
> beginning, "This page has been deleted."  All other links that imply  the possibility 
> of downloading reach a page headlined, "The  page cannot be displayed".

I suspect that someone could write a BIOS that implemented a full
hypervisor and then booted your code in a virtual machine.  You probably
won't have any way to detect that if it is done well.  There are some
methods used to detect being in a VM guest, but I believe most of them
are there by design to help out the software when it needs to know.

Of course if you could make sure that isn't the case, you have the
problem that you can't do address remapping (which you would need to
replace the BIOS code) unless you are in 386 protected mode, so now youa
ren't just replacing the BIOS, you are actually running code with your
freedos running in virtual86 mode under whatever your replacement is.
To some extent you are essentially implementing a hypervisor/virtual
machine at that point, and of course virtual machines provide their own
BIOS for the guest being booted.  I don't know if you can fit a virtual
machine on a floppy.

-- 
Len Sorensen

More information about the OpenBIOS mailing list