[OpenBIOS] Secure BIOS for voting?
Mark Morgan Lloyd
markMLl.openbios at telemetry.co.uk
Tue Jul 23 17:08:54 CEST 2013
Lennart Sorensen wrote:
>> (3) Aren't floppy drives obsolete? -- No. USB-connected floppy drives are
>> readily available for about $15, and computers can boot from them.
>> (4) BIOS averages 8 MB? -- WOW! I still don't know how big OpenBIOS is,
>> but I was hoping for something a bit closer to the 8 KB of the original IBM
>> PC. The capabilities of a 386 computer are sufficient for my voting
>> system. Is OpenBIOS really so huge? Does a BIOS have to be?
>
> Rememer that these days they include PCI device enumeration, disk
> detection, USB support, network booting, sometimes even graphical
> interfaces to the setup.
And it has to have things like USB support because of people who insist
on trying to boot from USB-connected floppies without considering the
implications :-)
>> Obviously, I'm no BIOS expert. I'd appreciate recommendations of good
>> texts or tutorials to bring me up to speed.
Read every source of security advisories you can find, learn to
disassemble and analyse other peoples' low-level code, and get a job
with somebody who write BIOSes.
> If you can't trust the hardware you are running on, then you can't
> trust anything. Your software will not be able to do anything to restore
> that trust.
Seconded. Geohot's Sony Playstation hack was a textbook case.
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
More information about the OpenBIOS
mailing list