Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: rick@pavlov.ssctr.bcm.tmc.edu (Richard H. Miller) Newsgroups: comp.virus Subject: Re: Software Upgradable BIOS (PC) Message-ID: <0011.9106241405.AA24222@ubu.cert.sei.cmu.edu> Date: 21 Jun 91 21:22:40 GMT Sender: Virus Discussion List Lines: 44 Approved: krvw@sei.cmu.edu ingoldsb%ctycal@cpsc.ucalgary.ca (Terry Ingoldsby) writes: > It is not even necessary to place it under hardware control, rather if > the hardware incorporates an interlock that requires a special, > possibly unique, code, then the viruses could bash at it forever > (almost) without success. > > For example if each machine thus manufactured were assigned a unique > value in EPROM (which could not be read by the CPU), say of length 64 > bits, then the user could be queried, by the software upgrade program, > to enter the key. If the key matched, the EAROM would be modified, > otherwise nothing would happen. this is a nice though in theory, but in practical terms, would be a logistical nightmare for sites which have a large number of PCs or that swap components. This would require that detailed records be kept each PC and each time a motherboard is swapped or the BIOS is replaced rather than updated.In all likelyhood, two things would happen 1) The 'key' would be written on the PC which would give you the same protection as hardware control. 2) Someone would loose their key and the BIOS chips would have to be replaced. Another approach is to use a lock mechanism with a key to update the BIOS. For the single user or sites which do not require central configuration management, the key could stay in the PC [as it does not in most cases.] For sites which do use central configuration management, the key would be kept away from the PC to prevent BIOS upgrades except under controlled circumstances I do think that upgradeable BIOS under these circumstances is a good idea. This is a concept which has been very successful in the larger systems for quite a long time as would work well with necessary controls. It would certainly be much easier to load the BIOS from floppy for 1,000 PC's than to replace the BIOS PROMS. - -- Richard H. Miller Email: rick@bcm.tmc.edu Asst. Dir. for Technical Support Voice: (713)798-3532 Baylor College of Medicine US Mail: One Baylor Plaza, 302H Houston, Texas 77030