Travis H. wrote:
> I can validate everything else, but as long as the BIOS is
> motherboard-specific and closed source, I don't see why I should trust
> it.  We need to get rid of this legacy crud.  LinuxBIOS is a good step
> but unfortunately it is only supported on a few motherboards. 

We're shipping LinuxBIOS on the One Laptop per Child machines.

> I know of has a semblance of security, given temporary physical access
> to the machine.

I came up with a scheme that lets us do a "secure BIOS" without a TPM;
bypassing it without a PLCC would be extremely difficult. I'm not yet
certain if we'll end up shipping a PLCC socket on the final hardware,
but if not, I suspect you'd be hard-pressed to do much to the BIOS
protection even with physical access, short of un-soldering and
re-soldering a different SPI flash chip to the motherboard. That was
explicitly not part of my threat model.

Ivan Krstić <[EMAIL PROTECTED]> | GPG: 0x147C722D

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to