Carl-Daniel Hailfinger wrote: > And it fully automates bricking of thousands of machines if the key > is ever compromised.
If 3 separately kept private keys, two of which will live in a bank vault, are compromised. > Flashing a new BIOS against the will of the user > is *evil* (and generates quite a lot of bad publicity if you look at > the Playstation Portable forced firmware upgrades). I'm not familiar with these (I'll read up on them), but I imagine they change actual user-visible system functionality in some way? That's not what any of our BIOS upgrades will do. In principle, though, I agree with you. Power users never considered upgrades that do things behind their backs a feature. But I think you'll find the exact opposite holds for most computer users, and this becomes particularly compelling when many of your users are too young to be able to make a reasonable decision about whether to agree or disagree with a security prompt. Finally, remember that BIOS flashing is really a fully opaque operation. While software upgrades tell you things like "I want to upgrade version x of this software to version y, here's what will be different", how do you see this happening for BIOS upgrades? In other words, in what cases does the user know enough about the system to be able to authoritatively refuse a BIOS upgrade? > Once you make these provisions, how are you going to be sure a worm > author doesn't use them? "Hey, I'm a kid wanting to hack the BIOS, can > I have a signing key?" Developer signing keys are issued for each machine individually, based on the serial number. > There should remain at least one way to flash a > non-signed BIOS without resorting to a soldering iron. Possibly > require a USB keyfob to be plugged in or something > (like the original solution with keypress). I've been toying with the same idea. Let me think about that some more. -- Ivan Krstić <[EMAIL PROTECTED]> | GPG: 0x147C722D _______________________________________________ Devel mailing list [email protected] http://mailman.laptop.org/mailman/listinfo/devel
