Details of BIOS security, Re: Intel to include DRM in new Pentium
4 series processors
Pete Chown
1 at 234.cx
Wed, 18 Sep 2002 10:06:25 +0100
Matthew Astley wrote:
> On the one hand I'm tempted to download some datasheets and start
> thinking about how to make a secure flashable boot system. On the
> other hand I could go to bed in disgust.
Our newest machine can have the BIOS flashed from a floppy, without an
operating system. The BIOS can understand FAT format floppies itself.
It seems to me this is the way to go. Once the BIOS is ready to boot
the operating system, it could set a latch disabling further writes.
The circuit would be arranged so that this operation is one-way, and the
only way to get the BIOS writable again is a cold reset.
> I don't like laws any more than the next computer programmer - in my
> lifetime it has been the tradition that laws encroach on technological
> freedom, but at this point the feet are in the other boots.
Actually I think you need good laws, not no laws. For example the Human
Rights Act increased people's freedom, rather than the reverse. Legal
controls on spam would prevent spammers profiting at others' expense.
(Of course spam control would have to be done right -- we don't want
ISPs to be given the legal duty to stop it all, which clearly they
cannot achieve.)
> ... Pete Chown's "Making Cults Believable"
> paper at http://234.cx/socio-cult.html .
I'm glad you liked it! The next surprise will be when the psychology
people I know tell me that they really enjoyed the IPsec talk notes, or
RFC 3268. :-)
--
Pete