[ltp] Can you trust your firmware?

[Theodore Tso]

On Tue, Feb 19, 2008 at 10:29:46AM -0300, Henrique de Moraes Holschuh wrote:
> You can't have any.  A BIOS in SMI mode can do anything it wants, and the OS
> won't even know it happened.
> 
> If you need that level of confidence, you will have to get someone to design
> an open-BIOS laptop.

And if you had better design your own keyboard controller from scratch
as well, lest someone design in a JitterBug into the laptop:

   http://www.usenix.org/events/sec06/tech/shah/shah_html/index.html

I don't know if it's on an official no-buy list, but at least at one
point, some government agencies were expressing concern about buying
Thinkpads now that they were manufacturered by a Chinese controlled
company.  Silly, really, given that most laptops (even those sold by
US companies, or Thinkpad before it was sold to Lenovo), have
manufacturing plants in China, or use parts sourced from the China.
How hard would it be to have the Chinese Secret Service sneak this
functionality into the keyboard controllers?

						- Ted