<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=US-ASCII">
<META content="MSHTML 6.00.2900.6400" name=GENERATOR></HEAD>
<BODY id=role_body style="FONT-SIZE: 10pt; COLOR: #000000; FONT-FAMILY: Arial"
bottomMargin=7 leftMargin=7 topMargin=7 rightMargin=7><FONT id=role_document
face=Arial color=#000000 size=2>
<DIV>
<DIV>Thanks to all who commented on this thread. It seems clear that
OpenBIOS won't enhance voting security.</DIV>
<DIV> </DIV>
<DIV><STRONG>Special thanks to <A
href="mailto:tarl-b2@tarl.net">tarl-b2@tarl.net</A></STRONG> for the tip on
"trusted boot". That hardware/firmware solution appears to go a long way
toward preventing any tampering with BIOS. It isn't really necessary to
have a voting system that is <EM>impossible</EM> to subvert, as long as there
are techniques like buying absentee ballots, gerrymandering and preventing
certain groups from voting that are far easier to implement or provide far more
votes per dollar.</DIV>
<DIV> </DIV>
<DIV>Chuck Gaston</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>In a message dated 7/23/2013 4:28:55 P.M. Eastern Daylight Time,
tarl-b2@tarl.net writes:</DIV>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: blue 2px solid"><FONT
style="BACKGROUND-COLOR: transparent" face=Arial color=#000000 size=2>On
2013-Jul-23 16:15 , Mark Morgan Lloyd
wrote:<BR>>>><BR>>><BR>>> And having the USB keyboard
work (which means USB HID support, USB hub<BR>>> support, USB controller
support, PCI support, etc).<BR>><BR>> Although IIRC there's a simplified
protocol for the keyboard, <BR>> specifically for BIOS support. I've seen
people discussing that in the <BR>> context of devices such as the Parallax
Propeller which don't really <BR>> have USB support. <BR><BR>Not for USB.
Whatever they may be talking about, they aren't getting USB <BR>- there's no
real way to enable EHCI/OHCI/UHCI/XHCI without implementing <BR>the entire
shebang.<BR><BR>>><BR>>> Once the control of the hardware has been
taken over, there is no way<BR>>> to take it back.
<BR>><BR>><BR>> Or put another way, you might /think/ you've regained
full control, <BR>> but you can never /know/ :-)<BR><BR>The problem of
secure execution is fairly well understood. Google <BR>"Verified Boot" or
"Trusted Boot". The implementations that take it <BR>seriously do verification
of their PROM, sign it, and the hardware won't <BR>let you start unless the
PROM is good. Then the PROM verifies the <BR>signature of each component as
it's brought in (I was recently involved <BR>in implementing public key
verification for such).<BR><BR>It doesn't guarantee bug-free code, but it
verifies that the code you <BR>are running is what you think it
is.<BR><BR><BR>-- <BR>OpenBIOS
http://openbios.org/<BR>Mailinglist:
http://lists.openbios.org/mailman/listinfo<BR>Free your System - May the Forth
be with you<BR></FONT></BLOCKQUOTE></DIV>
<DIV></DIV>
<DIV> </DIV></FONT></BODY></HTML>