Comment Re:Unsigned BIOS replacement is the problem (Score 2, Interesting) 236
You are assuming that the signed code can be trusted, which is a bad assumption. The signed code is from a vendor; how many vendors ship code with broken security; how many vendors would
you expect to happily sign code with broken security, in the PC world? Answer: all of them :-)
This development should not be a surprise to anyone, but evidently it is. We've been trying to warn people about this possibilty for 10 years; nobody seemed to care. I am hoping they care more now.
I still feel the only solution to building PC systems you can trust is to turn to open code bases for ALL BIOS code. It's just too easy to hide some very nasty things in a 1 Mbyte binary blob.
BTW, this BIOS exploit is the tip of the iceberg. Check this one out: http://en.wikipedia.org/wiki/Intel_Active_Management_Technology. How can your work around that one? It may be the only way to build machines we can trust is to get ouf of the x86 world entirely.
ron
This development should not be a surprise to anyone, but evidently it is. We've been trying to warn people about this possibilty for 10 years; nobody seemed to care. I am hoping they care more now.
I still feel the only solution to building PC systems you can trust is to turn to open code bases for ALL BIOS code. It's just too easy to hide some very nasty things in a 1 Mbyte binary blob.
BTW, this BIOS exploit is the tip of the iceberg. Check this one out: http://en.wikipedia.org/wiki/Intel_Active_Management_Technology. How can your work around that one? It may be the only way to build machines we can trust is to get ouf of the x86 world entirely.
ron