On 10/9/06, Adam Back <[EMAIL PROTECTED]> wrote:
The bad part is that the user is not given control to modify the hash
and attest as if it were the original so that he can insert his own
code, debug, modify etc.

(All that is needed is a debug option in the BIOS to do this that only
the user can change, via BIOS setup.)

Actually, it's the BIOS I don't trust.

I can validate everything else, but as long as the BIOS is
motherboard-specific and closed source, I don't see why I should trust
it.  We need to get rid of this legacy crud.  LinuxBIOS is a good step
but unfortunately it is only supported on a few motherboards.  No BIOS
I know of has a semblance of security, given temporary physical access
to the machine.

BTW, the x86 microcode updates are performed by the BIOS IIRC and
require no hardware settings.  Is there any reason you can't update
the processor microcode later on in the boot process?
--
"The obvious mathematical breakthrough would be the development of an
easy way to factor large prime numbers.'' [sic] -- Bill Gates  -><-
<URL:http://www.lightconsulting.com/~travis/>
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to