Toxic Elephant

Don't bury it in your back yard!

Brainwaves at Three in the Morning

Posted by matijs 10/07/2005 at 11h05

Some time ago, I ended up with my friend at Schiphol Airport. It was
three in the morning, and we had to wait for a train to Amsterdam Centraal
Station.

Now, I work for Large Catering Company, which owns a coffee bar there.
So we decided to get some coffee there to pass the time. While we were
enjoying our coffees, we got to talking about the following problem:

Companies that produce electronics (e.g., some expansion card for a PC)
might want to open-source their firmware, but they would also like to have
the electronics check whether their firmware can be trusted, for example by
checking a signature. But, if someone compiles their own firmware from the
sources supplied by the company, that firmware will lack the signature, and
it will be rejected by the hardware’s checking mechanism. What to do?

The solution I came up with was this: Why not put some switch on the
card to tell it not to perform the signature check when booting?
That way, people who want to can still compile their own firmware, while
regular people get the assurance of using only approved binaries.
Easy peasy, as Jamie would say.

Mind you, it was three in the morning, so YMMV.

no comments no trackbacks

Comments

Comments are disabled