LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

The OLPC and BIOS upgrades

The OLPC and BIOS upgrades

Posted Aug 31, 2006 17:10 UTC (Thu) by iabervon (subscriber, #722)
In reply to: The OLPC and BIOS upgrades by hamjudo
Parent article: The OLPC and BIOS upgrades

If nothing else, just about any device will get broken if power runs out halfway through replacing the BIOS; unless there's twice as much storage for the BIOS, there can't be either complete image on the system. So you at least need some way to recover from this.

Personally, I think the best idea is to have a ROM bootloader, capable of flashing the BIOS from a USB device or from a ROM original if the system is powered up with some arrangement that's hard to do accidentally. You can't replace the bootloader, but you shouldn't need to, because it doesn't do anything other that replace the BIOS or start running it. It should probably also be possible to replace the BIOS if the current BIOS permits it (generally, if the new image is signed by a key known to the existing BIOS). With this scheme, the user always has the ultimate control, able to do whatever with a USB device and physical access; the nation can preconfigure the machines with their own images, and can mass-update machines if it has set this up (and the machines are still using their BIOS). So there is the potential for a bricking or backdoor virus, but physical access is sufficient to recover from this situation. Users can hack on the BIOS, but the mechanism they use to change it is not easy to subvert, since it requires external storage and out-of-band actions (e.g., removing the battery). Of course, BIOS developers would add their own key to their own BIOS, and be able to update it easily, but these users will be harder to fool.

(Log in to post comments)

The OLPC and BIOS upgrades

Posted Sep 4, 2006 14:05 UTC (Mon) by emj (guest, #14307) [Link]

The whole idea with using LinuxBIOS is that you don't need any bootloader drivers for USB devices.... The complexity goes up quite abit if you need a driver for USB flash devices as well..

The OLPC and BIOS upgrades

Posted Sep 11, 2006 22:19 UTC (Mon) by jg (subscriber, #17537) [Link]

You presume that people all over the world have USB keys.

Not so. Some people are *really* poor.

And logistically, updating a school of hundreds or thousands of
laptops with *any* procedure that requires touching the machines
is basically saying it won't happen (some of/all of) the time.

The OLPC and BIOS upgrades

Posted Sep 11, 2006 22:20 UTC (Mon) by jg (subscriber, #17537) [Link]

Oh, we plan to have the reflash utility check that the battery is installed
and charged, or not be willing to proceed. This minimizes the window
of vulnerability greatly.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.