[OpenBIOS] Secure BIOS for voting?

Tarl Neustaedter tarl-b2 at tarl.net
Tue Jul 23 22:28:23 CEST 2013


On 2013-Jul-23 16:15 , Mark Morgan Lloyd wrote:
>>>
>>
>> And having the USB keyboard work (which means USB HID support, USB hub
>> support, USB controller support, PCI support, etc).
>
> Although IIRC there's a simplified protocol for the keyboard, 
> specifically for BIOS support. I've seen people discussing that in the 
> context of devices such as the Parallax Propeller which don't really 
> have USB support. 

Not for USB. Whatever they may be talking about, they aren't getting USB 
- there's no real way to enable EHCI/OHCI/UHCI/XHCI without implementing 
the entire shebang.

>>
>> Once the control of the hardware has been taken over, there is no way
>> to take it back. 
>
>
> Or put another way, you might /think/ you've regained full control, 
> but you can never /know/ :-)

The problem of secure execution is fairly well understood. Google 
"Verified Boot" or "Trusted Boot". The implementations that take it 
seriously do verification of their PROM, sign it, and the hardware won't 
let you start unless the PROM is good. Then the PROM verifies the 
signature of each component as it's brought in (I was recently involved 
in implementing public key verification for such).

It doesn't guarantee bug-free code, but it verifies that the code you 
are running is what you think it is.




More information about the OpenBIOS mailing list