LinuxBIOS and Win2K

Eric W. Biederman ebiederman at lnxi.com
Sun Jun 27 20:32:01 CEST 2004 

"Mike Shields" <mshields at yarcom.com> writes:

> Greetings,
> 
> Mike Shields here. I am new to the list and to LinuxBIOS in general. I have
> searched the list archives and have read Adam Agnew's (et al) paper on
> booting Win2K on top of the stackable Open Source BIOS, as well as several
> other papers by William Arbaugh and coauthors on secure booting and secure
> BIOS.
> 
> I am a consultant for SPAWAR (part of the US Navy) working on a project to
> make USN computers running windows more secure. I have been asked to give a
> short presentation to some SPAWAR and FNMOC people on June 29th as part of a
> project conference. The points I need to cover are the differences between
> current BIOS and LinuxBIOS and the advantages of the latter. We are trying
> to convince Dell (SPAWAR has a huge contract with Dell to supply computers
> to the navy) to give us the information to port LinuxBIOS to their systems.
> One misconception I must deal with is that many people think Windows won't
> load over LinuxBIOS (I have Adam's paper showing otherwise).

The simple proof is that ADLO uses the BIOS from bochs simply ported
to real hardware, and bochs loads windows regularly.

You will also likely need to work with the cpu and chipset vendors
to get the information needed to port LinuxBIOS.  Usually motherboard
vendors do not get beyond motherboard schematics information
wise. Simply because they don't make the chips on the motherboards.
At this time I don't have a clue how much overlap you will have with
the current work.

If it makes any difference you can use the name freebios as that
is an alias of LinuxBIOS, that is not quite so Linux centric :)

> I know very little about LinuxBIOS other than what I have read on
> www.linuxbios.org, my scans of the archive, and a short paper form Nicholus
> Andrews at Linux Labs. I was hoping to get some success stories on booting
> windows on top of LinuxBIOS, or other information I could use in my short
> presentation.

There are a few rough edges with ADLO currently.  (For some reason it
has some motherboard specific code.)  So in doing a production
deployment you will be breaking ground.

So some advantages of an open source BIOS.
1) It is open source so you can implement any boot policy you choose,
   and can implement.
2) LinuxBIOS is open source so you don't have to worry about security
   through obscurity, the code can be and is peer reviewed.
3) The core of LinuxBIOS is simpler and at a higher level then
   a traditional BIOS so it is easier to port.  Being in C
   it certainly widens the pool of people who can work on the project.
4) A security implementation in LinuxBIOS would be about security for
   the user, instead of about ensuring hardware is trusted.
5) As a research/prototype platform you have much more control of
   what ultimately is going on.
6) LinuxBIOS is the firmware of choice for supercomputers at top
   secret government labs, so we must be doing something right :)
7) If you were really creative with BIOS level controll you could run
   a monitor in System Management Mode that could keep an eye on
   Windows.

I have a very hard time seeing Windows and security as anything but an
oxymoron.  Not that Linux is much better.  The old security study on
MULTICs security is fascinating on that subject.  I also don't see a
major role of the firmware tightening up security.  That being said I
have no problems with booting Windows from LinuxBIOS.

Eric

More information about the coreboot mailing list