> What's interesting is that I've been told by a well-known vendor that it
> is impossible to reflash FLASH on an Alpha from anything other than the
> SRM (BIOS). Ha. I love doing things that are impossible :-)
This is a bit offtopic, but the expertise of the list members in
reverse-engineering (sorry, "analysing") boot code and system boards on
different hardware is probably unique (in public forums, anyway). Ron's
comment happens to coincide with something that has been concerning us
in the past few days.
We are interested in "failover" clusters which may be running many
different applications - most likely net services. Datacenters running
our software may wish to "provision" a single piece of hardware for
customer A, and then reassign it to another to customer B. ( This, I
hasten to add, is not the heart of our software; we just need a
convincing explanation of how we coexist with this sort of thing. )
Obviously, after A has finished with the hardware, the datacenter will
wipe it before giving it B. Disks and like peripherals are fairly easy,
and it's well understood how to do secure wiping. NIC boot ROMS can be
removed or erased and reprogrammed.
If in doubt, one might remove a disk or a NIC rom by hand and attach it
to a bulk eraser. But this is cumbersome - sites doing this on commodity
hardware will not want to take the systems apart (probably cheaper to
throw them away). But what of the system board? It seems that anyone
with root access and some knowledge could potentially flash system rom.
And, worse, vendors may quite happily say (and their marketing
department may even believe) that it is not possible to flash system rom
except by "official means", when members of this list know otherwise.
I don't think it matters whether A "officially" has access to the OS
(and thereby the hardware). A could be a hostile user, trying to
infiltrate the datacenter by using a cover of an honest service, taking
the opportunity to crack dynamically allocated hardware. However, it's
as likely that the evil user X has cracked A's environment and planted a
Trojan horse.
The normal way round this is either for each customer to spec their own
systems and lock them in a cage (expensive and inflexible), or to allow
customers write access only to their own personal data (but see previous
paragraph). Either way, one has to put faith in the boot code; hitherto,
we've relied on that fact that only a couple of companies know how to
write BIOSes. LinuxBIOS, Etherboot/NILO, TIARA, GRUB and so on are
putting boot code in the hands of the masses; TrojanBIOS could be made
to cosmetically resemble any BIOS out there, even with the right
checksum if it's a short one and not e.g. md5.
So - questions...
Is it in principle the case that any commodity system board can be
flashed from the OS? The answer is presumably yes if all I need to do is
boot from an "official" floppy, even if LinuxBIOS can't currently do so.
If not, presumably something like a jumper is needed; if so, is this
likely to be a genuine hardware linkage (e.g. like a floppy
write-disable is supposed to be) where no software can do anything, no
matter how hard it tries, or is it in turn just detected in firmware?
Obviously, system boards can be manufactured which really *are* read
only, but people want to use commodity parts. Can commodity system
boards be "retrofixed" read only by cutting a couple of connectors?
--
Peter Lister, Sychron Inc. - 1-866-SYCHRON
Intelligent Infrastructure - www.sychron.com
