Details of BIOS security, Re: Intel to include DRM in new Pentium 4 series processors

Matthew Astley lists-ukcrypto at fruitcake.demon.co.uk
Wed, 18 Sep 2002 01:44:45 +0100 

On Tue, Sep 17, 2002 at 02:38:52PM +1200, Peter Gutmann wrote:

> [...] Most flash memory isn't dumb memory but has a built-in
> microsequencer which handles a variety of simple commands. You can't
> guarantee that, at the hardware level, you've prevented all
> flash-damaging operations with only a write-protect jumper,
> particularly since some devices may contains undocumented commands
> (e.g. diagnostics) which you can't easily filter because you don't
> know they exist.

Oh what? Which loon came up with that plan? 8-(

I would imagine you can't just drop in an olde-style EPROM because the
pinout is wrong and anyway they're too small?

You can't exclude the damaging operations even if you know what they
are (I'm thinking whitelist rather than blacklist) , because they're
just instructions. Not filterable at all, in hardware. Or did I
misunderstand that bit?

I got the impression from the Xbox hack site that boot flash is often
socketed in some standard form factor. Presumably there's a market for
a secure Compact Flash to bootrom bridge...

Since the BIOS lives on the ISA bus (hmm, even on "legacy-free" PCs?)
the hardware should be fairly tolerant.

On the one hand I'm tempted to download some datasheets and start
thinking about how to make a secure flashable boot system. On the
other hand I could go to bed in disgust.

> However, these types of attacks are fairly sophisticated, so while
> you'd expect someone thinking of attacking a crypto box would look
> at them, it's unlikely a script kiddie aiming for the MSIE buffer
> overflow du jour would bother.

No, it's the sort of thing you might expect from a government or a
megacorp with a large research budget, possibly backed by a government
willing to turn a blind eye.

Now it seems strange that the _same_ megacorps who (think they) are
legally entitled to r00t your machine any way they like are also
designing something which will make this problem go away ... but
they're not telling _exactly_ how it works.


Given the desire to fix the problem[1], I still don't understand why
we need TCPA. All you need is a chip, or small board, which can be
relied on to supply a few kilobytes of read-only data.

The fact remains that we're going to be sold TCPA anyway, whether we
like it or not. At the moment it is being offered as the only solution
to an insidious problem, and with some side-effects that should be
switched off by default.


Thanks for the details Peter,

Matthew  #8-)
-- 
[1] Yes there's some debate about whether it's worth bothering about,
    but if there's an easy hardware solution that can be developed in
parallel with other fixes - and if it doesn't introduce other baggage
we don't want, like DRM - then it makes sense to look at it.