Travis H. wrote: > I can validate everything else, but as long as the BIOS is > motherboard-specific and closed source, I don't see why I should trust > it. We need to get rid of this legacy crud. LinuxBIOS is a good step > but unfortunately it is only supported on a few motherboards.
We're shipping LinuxBIOS on the One Laptop per Child machines. > No BIOS > I know of has a semblance of security, given temporary physical access > to the machine. I came up with a scheme that lets us do a "secure BIOS" without a TPM; bypassing it without a PLCC would be extremely difficult. I'm not yet certain if we'll end up shipping a PLCC socket on the final hardware, but if not, I suspect you'd be hard-pressed to do much to the BIOS protection even with physical access, short of un-soldering and re-soldering a different SPI flash chip to the motherboard. That was explicitly not part of my threat model. -- Ivan Krstić <[EMAIL PROTECTED]> | GPG: 0x147C722D --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]