Hello everybody! > On Sunday 27 January 2008, Peter Stuge wrote: >> On Sun, Jan 27, 2008 at 11:32:26PM +0100, Torsten Duwe wrote: >> > DRM does not work. >> >> I think this is because it tries to provide an all-encompassing >> solution to a generic problem. > > No, because it tries to provide a technical solution to a social > phenomenon > percieved as a problem. > >> "Securing machines against the user" is also very generic. If you can >> be more specific, Phillip, perhaps we can offer some suggestions. > > Yepp. A defense strategy needs an attack scenario first. I'm fully aware that *every* security can be broken - it's always a question of how much money/time gets invested (both by the defender, and the attacker).
The scenario is to protect the system installation against the user. - Using some operating system unencrypted - boot from a CD. - Protect the boot order - reset the CMOS. - Store important information in the CMOS. That's my thoughts by now. Of course, you'd need a dead-man switch in the case (that deletes the CMOS), but that's available in quite some cases - just connect the cable to the right motherboard position, and you're find (if it's the correct switch - close/open). Simply substituting the BIOS with another one won't be so easy. If it's a notebook, possibly a hardened one, getting to the motherboard might mean some work - and tripping the intrusion detection. All I'm asking for is a BIOS password, that gets stored as a salted hash in a fixed location in the CMOS - then a system installation process can write some generated value there, and use that for harddisk encryption. Securing the hardware is necessary, too - but there coreboot won't help me :-) Thank you for your answers! Regards, Phil -- coreboot mailing list [email protected] http://www.coreboot.org/mailman/listinfo/coreboot
