[OpenBIOS] Secure BIOS for voting?

[Lennart Sorensen]

On Tue, Jul 23, 2013 at 07:35:14AM -0400, SAVIOCvs at aol.com wrote:
> The three responses I've seen so far were all negative, but also puzzling  
> to me.  I'll try to address the key points in the response that  is copied 
> below, as well as those in the other two responses.
>  
> (1) Why floppies? -- (a) Because they are limited in storage, and  
> non-electronic.  The smaller the memory, the harder it is to hide something  
> malicious in it, and the easier to check it.  (b) Because they are  inexpensive.  
> Any entity wishing to verify voting results needs one memory  device for 
> every voting machine.

People used to write very small clever viruses that did stuff and were
hard to find.  I don't think small disks really help anything there.

> (2) Aren't floppies unreliable? -- No.  Since I started keeping track  of 
> my public voting demos in 2002, I have used 992 diskettes without a single  
> failure between starting voting and archiving results.  (That's not 992  
> different new diskettes; each is used over and over again unless a check done at 
>  startup reveals possible unreliability.)

Relative to most media choices, floppies are the most unreliable of them.
Certainly how you handle them makes a big difference.  Now for some uses
they are more reliable than harddisks, but certainly not flash.

> (3) Aren't floppy drives obsolete? -- No.  USB-connected floppy drives  are 
> readily available for about $15, and computers can boot from them.
 
While I can still find stores selling floppy drives, no one seems to sell
the media anymore (the office supply store has them available online,
but certainly not in stores).  For practical purposes, they really don't
exist anymore.

> (4) BIOS averages 8 MB? -- WOW!  I still don't know how big OpenBIOS  is, 
> but I was hoping for something a bit closer to the 8  KB of the original IBM 
> PC.  The capabilities of a  386 computer are sufficient for my voting 
> system.  Is OpenBIOS really so  huge?  Does a BIOS have to be?

Rememer that these days they include PCI device enumeration, disk
detection, USB support, network booting, sometimes even graphical
interfaces to the setup.

The original IBM had no setup at all.  It had some jumpers perhaps,
but the disk geometry was managed by the controller, not the BIOS.

I don't think I believe the 8MB value however.  They are certainly
bigger than they used to be and often a chunk of it is compressed and
only decompressed when you run the setup.

> (5) Hypervisor?  Virtual machine?  Address remapping?   Infectious native 
> BIOS? -- If a modern computer has no hard drive connected,  what happens when 
> it boots from a floppy?  There is a boot sector on the  diskette (which is 
> verified by hash code); doesn't that control what happens  next?  Why can't 
> the floppy contents take control of the computer?  

I can boot a virtual machine from that floppy too.  How would the code
on your floppy tell the difference?  The virtual machine looks just like
the real one to your code.

> Obviously, I'm no BIOS expert.  I'd appreciate recommendations of good  
> texts or tutorials to bring me up to speed.

If you can't trust the hardware you are running on, then you can't
trust anything.  Your software will not be able to do anything to restore
that trust.

-- 
Len Sorensen