[OpenBIOS] Secure BIOS for voting?

Mark Morgan Lloyd markMLl.openbios at telemetry.co.uk
Tue Jul 23 17:08:54 CEST 2013

Lennart Sorensen wrote:

>> (3) Aren't floppy drives obsolete? -- No.  USB-connected floppy drives  are 
>> readily available for about $15, and computers can boot from them.

>> (4) BIOS averages 8 MB? -- WOW!  I still don't know how big OpenBIOS  is, 
>> but I was hoping for something a bit closer to the 8  KB of the original IBM 
>> PC.  The capabilities of a  386 computer are sufficient for my voting 
>> system.  Is OpenBIOS really so  huge?  Does a BIOS have to be?
> Rememer that these days they include PCI device enumeration, disk
> detection, USB support, network booting, sometimes even graphical
> interfaces to the setup.

And it has to have things like USB support because of people who insist 
on trying to boot from USB-connected floppies without considering the 
implications :-)

>> Obviously, I'm no BIOS expert.  I'd appreciate recommendations of good  
>> texts or tutorials to bring me up to speed.

Read every source of security advisories you can find, learn to 
disassemble and analyse other peoples' low-level code, and get a job 
with somebody who write BIOSes.

> If you can't trust the hardware you are running on, then you can't
> trust anything.  Your software will not be able to do anything to restore
> that trust.

Seconded. Geohot's Sony Playstation hack was a textbook case.

Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk

[Opinions above are the author's, not those of his employers or colleagues]

More information about the OpenBIOS mailing list