Yah, now you're just trusting the bios, the local disk (if any)
and the network. Much more secure ;-)
If you can't trust the BIOS, you can't trust *anything* about
the machine.
The original thread mentioned false login screens that people
can leave running in unix. What I meant to imply (perhaps too
subtly) was that you can configure the BIOS to boot a malicious
plan9 kernel (by adjusting bios parameters, by leaving a
boot block on the disk, or by interposing on the network boot
process). Rebooting the machine does not necessarily give you
strong assurances against trojan login screens. (Of course
it can, if configured properly -- ie trusted booting of signed
binaries).
Sure you can put a tiny cdr into the drive, but what if the
bios doesn't even boot the cdr (or refuses to, and has a password).
What if it boots the hard drive while making it look like its
booting the CDR?
Dave Eckhardt
Tim Newsham
http://www.lava.net/~newsham/
