On Thu, 25 Jun 2009, Jean-Christian de Rivaz wrote:
ksi@koi8.net a ?crit :
On Thu, 25 Jun 2009, Jean-Christian de Rivaz wrote:
ksi@koi8.net a ?crit :
Please point out precisely the regulations that require secure
boot.
Should be trivial as regulations are by definition public.
Do you happen to know what "Google" is?
Yes, thanks :-)
For example this document have the term "secure boot": http://www.dcg.virginia.gov/supplier/sup-rules/standards.shtm The wording is this one: "D. Electronic Bingo [...] 3. [...] Security measures that may be employed to comply with these provisions include, but are not limited to the use of dongles,
digital
signature comparison hardware and software; secure boot loaders, encryption, and key and callback password systems."
The term "secure boot" is listed as a possibility, not as a
requirement.
Now I don't have the time to parse every possible document that
propose. This is why I politely ask a precise example, as I was
under
the impression that some peoples know very well this subject.
This is our Nevada regulations:
I don't have the time to parse all the documents listed at this URL,
but
I downloaded the one I suspect is the more relevant: http://gaming.nv.gov/stats_regs/reg14_tech_stnds.pdf And I cannot found "secure boot" into it.
Are you looking for a precise phrase?
I want to look deeper into the subject. I think that if a regulation make a technical point as a requirement, then it must more or less describe the technical point so that it can be implemented is a way it work as expected. As an engineer, I think that a "secure boot" is only a buzz word: if the system can be physically modified, it can't be secured. If it can't be physically modified, then you don't need a secure boot.
It is not just technical measures; it is a complex of them and different operating procedures.
When you hit a jackpot the machine should be immediately stopped (hang) in that state and nobody should touch it. Then a controller comes into the scene. He pulls all the EPROM chips from the machine and checks them with MD5 or whatever is approved and checks every single piece of programmable hardware with some procedure approved for this particular model. That would not prevent a cheating casino employee from replacing some EPROM chip (or whatever) with his own one but it will NOT allow for stuffing the original one back once the jackpot is hit so the cheating will be detected.
That's only one example...
I failed to understand how a secure booted machine can be
updated by
the
manufacturer to fix a bug for example, but not by a customer.
The manufacturer can _NOT_ update his machine at will. _EACH AND
EVERY_
change goes through the same approval process.
Still, technically the hardware have only two possibility:
- it can be reprogrammed.
- it can't be reprogrammed.
If 1), I dont' see how the a boot loader can't be replaced by a less secure one and let boot anything.
if 2), there is not point as nobody can possibly make any update, so
the
firmware don't have to be secured.
You are trying to make sense out of the regulations. It doesn't work
this
way. If regulations say "one must use a screwdriver with a red handle
on
this screw" one must use the red screwdriver. No matter if it makes
sense or
not. If you feel it's bullshit you should fight for the regulation to
change
that is a very long (years, not months) and very difficult process. In
the
meantime you _MUST_ use that red screwdriver.
Then you should read not only technical part but also a procedural one
on
how approvals are given. You must persuade the Commision to give you
an
approval. And they give them at their discretion. And you can NOT sue
them.
In this second part, I don't make reference to regulation. I only talk about the technical problem of reprogramming a system.
Ah, that's absolutely orthogonal issue... We do NOT do something stupid from engineering standpoint because it makes sense (and quite often it doesn't) but because the regulations and the Commission's understanding of them requires that.
Yes, many of those are stupid and outdated but they do a good job anyways; there is not that much cheating in our casinos.
Finally don't forget that your employees all want to get their salary
paid
and that comes from your business revenues. No approval == No
business. Good
luck fighting regulations.
Why do you think I want to fight regulation ? I actually be more concerned about understanding how a proprietary hidden piece of code into u-boot can possibly make a system satisfy a security regulation.
It is not just hardware/software. The latter is only a part of solution. It is NOT the machine that pays that jackpot, it is real humans. There is no way to make the system unbreakable and impossible to cheat on. That's why an additional layer of security is being able to DETECT that system had been cheated on.
--- ****************************************************************** * KSI@home KOI8 Net < > The impossible we do immediately. * * Las Vegas NV, USA < > Miracles require 24-hour notice. * ******************************************************************