Ross Draper(Ross.Draper@musicradio.com)@2003.12.09 20:08:31 +0000: > I agree with your points Jon, but lets be fair here, BIOS passwords do > have a use - especially on laptops. They will prevent a certain subset of individuals from starting your laptop. x86 BIOSes nowadays are modularized and contain quite a lot of modules to boot from PCMCIA/CardBus devices or even FireWire. They can netboot, etc. What they apparently cannot do is check the presence of a USB token and challenge it for a signature, but this would be an option to get rid of vendor master passwords and such. Deliver two keys with the box, store one in a safe location, that's it. On PowerPC the systems are booted through OpenFirmware, which is even more complex. On Apple machines the boot ROM contains a graphical selector for boot devices which has mouse support. On a Mac you do not have any password protection, although it would be possible to implement. Apple try to solve the security situation with FileVault (encrypting the contents of your home directory), but data is not stored exclusively in the user's home directory. The main question is: where is the real point of attack? Answer: there's not just one threat, there are several. Imagine someone stealing your laptop which is ssecured with some sort of password. He rips apart the chassis, pulls out the harddrive and takes the data he's after, no matter how your boot protection looked like. The crypted harddrive issue is a different one. It also has a lot of weaknesses, although it is probably more secure in terms of data theft than any other method for securing mobile devices. The point here is, that an attacker would break into the running system, thus circumventing boot protection. Even worse: what if the attacker stole your token to unlock the drive crypto? You'd be having no useable laptop at all. What's missing is true platform integration, which appears quite hard to do. Boot ROM modifications, HD crypto, software crypto, screensaver passwords are only one part of the story. What I'd prefer for mobile use is a system comprised of hard-, firm- and software that plays together, not side-by-side. Surely, this integration might increase the attack surface, but it would be capable of delivering the set of features needed on a mobile unit, protecting the "cold" (switched-off) device as well as boot stage and running system. Just a few way unsorted thoughts... Regards, /k -- > Beware of bugs in the above code; I have only proved it correct, not > tried it. --Donald Knuth webmonster.de -- InterNetWorkTogether -- built on the open source platform http://www.webmonster.de/ - ftp://ftp.webmonster.de/ - http://www.rohrbach.de/ GnuPG: 0xDEC948A6 D/E BF11 83E8 84A1 F996 68B4 A113 B393 6BF4 DEC9 48A6 Please do not remove my address from To: and Cc: fields in mailing lists. 10x
