cyber-"terrorism"?

Bruce M Simpson bms at spc.org
Sun, 22 Sep 2002 13:39:45 +0100 

On Thu, Sep 19, 2002 at 10:19:24AM +0100, Ben Laurie wrote:
> >As for your secret files, against a serious attacker, afaik if someone can
> >get access to your box's hardware and not be detected, and you later input
> >your password, you can be screwed all the way. A BIOS write-only jumper is
> >enough for most ordinary uses (assuming a secure BIOS with no warm reboots
> >etc.; there was a project to write a secure universal open-source BIOS, but
> >I don't know how or if it's going); because you just can't protect against 
> >a
> >determined attacker who has physical access.
> >
> >I'd love to be proven wrong here,
> 
> No you wouldn't, because if you are wrong, Pd will work. And that would 
> be bad.

I agree that would be bad. However, the only way to be sure whether or not
a read-only BIOS jumper will work is to look at the net list and actually
figure out what's going on with the silicon. Or, you could choose to manage
the risk, and trust what Intel say in their datasheet for the 82802(*), for
example. Which is back to the old 'can you trust the designer of your
hardware/cryptographic transform/one-way hash algorithm' argument.

The OpenBIOS Project idea is very interesting, though. Typically BIOS
vendors are not very transparent about their products, and in an x86 system
often the BIOS is something which you can't change; the BIOS variant which
gets used is a decision made by the board integrator/vendor. If you want to
see the source for the BIOS, you have to sign an NDA, because of how
protective the companies are of their work. [Again, this lack of transparency
on their part makes it difficult to audit exactly what your boot process
is doing, but this is back to the old 'open source versus closed source'
argument.]

Perhaps rightly so, but that doesn't stop the occasional leak, and I was
surprised and disappointed to find how spaghetti-like one particularly
widely used BIOS product, which I shall not name, was in terms of how it
had been engineered; this was just an impression I got, though, from spending
around an hour skimming around ~300,000 lines of 80x86 assembly language,
which isn't going to give me a full impression; just a high-level one.

I'm interested in the idea of OpenBIOS because one thing the PC manufacturers
never did was implement the IEEE 1275 Open Firmware standard on the x86
platform. Now Intel are pressing ahead with IPMI, which again, isn't IEEE
1275, yet we see 1275 in use on Sun, Apple and IBM platforms extensively.

Could this have something to do with Microsoft's political influence over
the majority of x86 system integrators and vendors, one infers?

BMS

(*) The 82802AB is Intel's 'Firmware Hub', this is essentially a flash EEPROM
chip with some additional systems management/TCO logic (including a hardware
random number generator) which is resold to companies such as Award and AMI
who then develop the BIOS for a particular board as part of their contract
with a motherboard vendor or other systems integrator.