[OpenBIOS] Secure BIOS for voting?
tarl-b2 at tarl.net
Tue Jul 23 22:28:23 CEST 2013
On 2013-Jul-23 16:15 , Mark Morgan Lloyd wrote:
>> And having the USB keyboard work (which means USB HID support, USB hub
>> support, USB controller support, PCI support, etc).
> Although IIRC there's a simplified protocol for the keyboard,
> specifically for BIOS support. I've seen people discussing that in the
> context of devices such as the Parallax Propeller which don't really
> have USB support.
Not for USB. Whatever they may be talking about, they aren't getting USB
- there's no real way to enable EHCI/OHCI/UHCI/XHCI without implementing
the entire shebang.
>> Once the control of the hardware has been taken over, there is no way
>> to take it back.
> Or put another way, you might /think/ you've regained full control,
> but you can never /know/ :-)
The problem of secure execution is fairly well understood. Google
"Verified Boot" or "Trusted Boot". The implementations that take it
seriously do verification of their PROM, sign it, and the hardware won't
let you start unless the PROM is good. Then the PROM verifies the
signature of each component as it's brought in (I was recently involved
in implementing public key verification for such).
It doesn't guarantee bug-free code, but it verifies that the code you
are running is what you think it is.
More information about the OpenBIOS