[OpenBIOS] Secure BIOS for voting?

SAVIOCvs at aol.com SAVIOCvs at aol.com
Sat Jul 27 12:43:22 CEST 2013 

 
Thanks to all who commented on this thread.  It seems clear that  OpenBIOS 
won't enhance voting security.
 
Special thanks to _tarl-b2 at tarl.net_ (mailto:tarl-b2 at tarl.net)  for the tip 
on  "trusted boot".  That hardware/firmware solution appears to go a long 
way  toward preventing any tampering with BIOS.  It isn't really necessary to 
 have a voting system that is impossible to subvert, as long as there  are 
techniques like buying absentee ballots, gerrymandering and preventing  
certain groups from voting that are far easier to implement or provide far more  
votes per dollar.
 
Chuck Gaston
 
 
In a message dated 7/23/2013 4:28:55 P.M. Eastern Daylight Time,  
tarl-b2 at tarl.net writes:

On  2013-Jul-23 16:15 , Mark Morgan Lloyd  wrote:
>>>
>>
>> And having the USB keyboard  work (which means USB HID support, USB hub
>> support, USB controller  support, PCI support, etc).
>
> Although IIRC there's a simplified  protocol for the keyboard, 
> specifically for BIOS support. I've seen  people discussing that in the 
> context of devices such as the Parallax  Propeller which don't really 
> have USB support. 

Not for USB.  Whatever they may be talking about, they aren't getting USB 
- there's no  real way to enable EHCI/OHCI/UHCI/XHCI without implementing 
the entire  shebang.

>>
>> Once the control of the hardware has been  taken over, there is no way
>> to take it back.  
>
>
> Or put another way, you might /think/ you've regained  full control, 
> but you can never /know/ :-)

The problem of  secure execution is fairly well understood. Google 
"Verified Boot" or  "Trusted Boot". The implementations that take it 
seriously do verification  of their PROM, sign it, and the hardware won't 
let you start unless the  PROM is good. Then the PROM verifies the 
signature of each component as  it's brought in (I was recently involved 
in implementing public key  verification for such).

It doesn't guarantee bug-free code, but it  verifies that the code you 
are running is what you think it  is.


-- 
OpenBIOS               http://openbios.org/
Mailinglist:   http://lists.openbios.org/mailman/listinfo
Free your System - May the Forth  be with you



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.openfirmware.info/pipermail/openbios/attachments/20130727/4f9134e9/attachment.html>

More information about the OpenBIOS mailing list