Intel To Release Next-Gen BIOS Code Under CPL 224
An anonymous reader writes "Intel said today that it plans to release the 'Foundation code' of its next-generation firmware technology -- a successor to the PC BIOS -- under the Common Public License (CPL), an open source license, later this year. More than 20 years old, the BIOS (Basic Input-Output System) is the oldest software technology in PC platforms. Intel says its firmware Foundation code, a result of a project codenamed Tiano, 'provides that the successor to the BIOS will be based on up-to-date software technology.' The Foundation code is designed to be extended with new features and services, such as improved platform manageability, serviceability, and administrative interfaces which are too complex to implement in the old BIOS environment, according to Intel."
Re:Credibility for Intel (Score:3, Informative)
Re:Not again... (Score:5, Informative)
I never had a problem with Intel's processor ID. Every networked computer already has a unique MAC address. What is the difference?
MAC addresses can be changed by swapping out a $15 part and in some cases can be changed in firmware, so they're not an effective tracking/identification tool. Processor IDs are hardcoded and unique. Thankfully, they can also be turned off.
Re:Not again... (Score:5, Informative)
So, it wasn't the fact that the computer had a uniquely identifiable number (ip address/mac address/whatever), its the fact that you didn't have control over the use of that number.
I can deny you access to my ip address (I just don't connect to your server/use a proxy). I can also deny you access to my mac address (spoofing/proxies/whatnot). The rebellion people had was they couldn't deny programs access to your PID. Now, there wasn't any particular reason to deny programs access to a PID yet but it isn't too hard to think of a few.
Anyway, enough rambling. It was the removal of choice that set people off. We didn't have a choice to not use the feature - Assuming we stuck with Intel processors.
More Info / Linux Power Management (Score:5, Informative)
They mention that proprietary BIOS's is one of the key obstacles to implementing proper power management (ie hibernation) under Linux.
- Neil Wehneman
OpenFirmware (Score:5, Informative)
One more instance of the proprietary lock-in game.
Re:OpenFirmware (Score:5, Informative)
That's exactly what I was going to post
The Firmworks stuff with Linux and OF looks particularly neat...
And here's a cool example of things you can do with OF. Two-machine mode boot debugging [apple.com]
Re:OpenBoot? (Score:3, Informative)
Re:Once upon a time, IBM released the BIOS source. (Score:2, Informative)
Re:OpenBoot? (Score:4, Informative)
Open Boot is not Open Source Have you ever wondered why nobody ports it to lots of things? Or why http://www.openbios.org exists? Simple. Open Boot is a marketing name.
Again, Open Boot is NOT Open Source. It's just a cute name that seems to fool lots of people.
But go ahead, prove me wrong: point to the Open Source site for Open Boot.
Re:Not really (Score:5, Informative)
It's the ability to flash the BIOS that will make it happen. At some point, Microsoft will have to trust a piece of hardware. If they trust the software, it's merely a matter of time to find out where the branch is that says "yes this is trustworthy", and change the binary so that branch always takes "trustworthy" choice. Just like if I have access to your GPG binary, I can say that a message I sent you is in fact signed by Microsoft (the element of trust everone forgets is that you have to trust the binary sources, in this case, Microsoft can't, as I can fiddle with them). This is an arms race that Microsoft will always lose, it's just a fact of life.
So they must trust a piece of hardware at some point. That hardware must be untamperable, with no way for me to interject myself between it and the Microsoft hardware. As soon as I can interject myself between Microsoft and that piece of hardware, I've won. If I have access to the BIOS, all I have to do is setup some type of virtualization software (Think VMware). At this point, all I have to do is emulate the piece of hardware, and jigger it to always say: "Trustworthy" (essentially a MITM).
If you don't believe that type of attack is plausible, then remember also, I control the client, at some point, I can attack the PKI system. I have access to the PKI portion. At some point, you must have absolute trust of the PKI system, I have the client, what would it take to beat that system? Does Microsoft keep it's list of keys someplace around (it has to, I can subvert that)? That's like giving me access to the root cert's for your Web Browser. You'll trust my hacker sites if I can insert my key into your list of "trustworthy certs". At some point, if I have access to the boot sequence, I can break the system.
The only way it could be secure is to have the hardware have the list of trustworthy keys and have the hardware never give up control to anything that is considered untrusted.
How does Microsoft check that they are running on such a trusted? At some point, they either have to trust the hardware implicitly (which I can fake), or they have it in software that I can modify. At that point, it's either making an untrustworthy piece of hardware (or emulating one), or fiddling the bits of the software. In the end, DRM is a losing proposition. All DRM systems will be broken.
Microsoft might be able to encrypt the software, and only allow it to be decrypted by modules hardware that has the public key embedded inside. However, somebody will just tear the thing apart, or use an X-ray machine to just extract the public key (which at this point is merely a secret piece of data, not really a public key).
Kirby
Re:Great! (Score:2, Informative)
Forget the BIOS patch. Why boot to Linux when you're already booting to BSD [slashdot.org]?
With EFI having a built-in TCPIP stack, you can bet that an EFI based Web server is only a recompile away for some people.
PXEGeek
Re:CPL (Score:3, Informative)
When the Program is made available in source code form:
a) it must be made available under this Agreement; and
b) a copy of this Agreement must be included with each copy of the Program.
And:
A Contributor may choose to distribute the Program in object code form under its own license agreement, provided that:
a) it complies with the terms and conditions of this Agreement; and
b) its license agreement:
iv) states that source code for the Program is available from such Contributor, and informs licensees how to obtain it in a reasonable manner on or through a medium customarily used for software exchange.
Looks like it's just as viral as the GPL, just less frothing behind it. I could be reading it wrong, but it doesn't look like it is any less different from BSD License than the GPL is.
Re:Public/Private Keys (Score:3, Informative)
DeCSS works only because there are only a few hundred DVD keys that work on all players.
Imagine if CSS were implemented by:
1. DVD player dials DVD consortium over phone.
2. DVD player supplies mainframe with DVD serial number and DVD player serial number.
3. DVD consortium supplies unlock code for that particular DVD (not title - that copy).
If you could hack your player you might be able to get the code and then rip the DVD. But only that DVD. And by dialing up you potentially identified yourself to the consortium so they have the ability to look for trends, and if the DVD video was watermarked they might be able to identify copies that you make. If they narrowed down a likely copier to one of 50 possibly-hacked DVD players they'd just tell the mainframe not to supply codes for any of them, and the 49 legit people would call up and complain, they'd send out a service guy who would check for tampering and then call in and re-enable the player. The guy who didn't call in gets a visit from the BSA...
Sure, this is impractical for DVDs - which is why it wasn't done this way. But if it were done this way there would be no DeCSS.
And if Palladium does take off, this is how it will be done - it is easy to make computers phone home since this technology is being applied to media that will be available online.
As long as each computer has its own private key, you'll never find a practical crack unless the key can be obtained through other channels. But if MS is smart, they'll use smartcard technology - have the computer generate its keypair and output only the public key. If the computer never outputs its private key then not even they will know it. Hence nobody can leak it.
This is how modern smartcards work - not even the owner knows their private key. (That way the owner can't inadvertently lose it, or an attacker can't pretend they are the owner and get the key, since the card has no facility for doing this...)