On Thu, 25 Jun 2009, Jean-Christian de Rivaz wrote:
ksi@koi8.net a ?crit :
I downloaded the one I suspect is the more relevant: http://gaming.nv.gov/stats_regs/reg14_tech_stnds.pdf And I cannot found "secure boot" into it.
Are you looking for a precise phrase?
I want to look deeper into the subject. I think that if a regulation make a technical point as a requirement, then it must more or less describe the technical point so that it can be implemented is a way
it
work as expected. As an engineer, I think that a "secure boot" is
only a
buzz word: if the system can be physically modified, it can't be secured. If it can't be physically modified, then you don't need a secure boot.
It is not just technical measures; it is a complex of them and
different
operating procedures.
Yes, I known that. But here we specifically talk about u-boot. You still failed to show a description of how u-boot can be modified to secure a system and why this must be a hidden proprietary code.
> I failed to understand how a secure booted machine can be
updated by
the
> manufacturer to fix a bug for example, but not by a
customer.
The manufacturer can _NOT_ update his machine at will. _EACH
AND
EVERY_
change goes through the same approval process.
Still, technically the hardware have only two possibility:
- it can be reprogrammed.
- it can't be reprogrammed.
If 1), I dont' see how the a boot loader can't be replaced by a
less
secure one and let boot anything.
if 2), there is not point as nobody can possibly make any
update, so
the
firmware don't have to be secured.
[...]
Ah, that's absolutely orthogonal issue... We do NOT do something
stupid from
engineering standpoint because it makes sense (and quite often it
doesn't)
but because the regulations and the Commission's understanding of them requires that.
Yes, many of those are stupid and outdated but they do a good job
anyways;
there is not that much cheating in our casinos.
You seem to agree that a "secure boot" is maybe not more that only a marketing word...
No, this does not have the same strict meaning as "#6-32x1/2" slotted head steel zinc plated machine screw." It is a set of different features. Here is e.g. a Freescale's whitepaper on one of their SoCs:
http://www.freescale.com/files/32bit/doc/white_paper/IMX31SECURITYWP.pdf
[...]
Why do you think I want to fight regulation ? I actually be more concerned about understanding how a proprietary hidden piece of code into u-boot can possibly make a system satisfy a security
regulation.
It is not just hardware/software. The latter is only a part of
solution. It
is NOT the machine that pays that jackpot, it is real humans. There is
no
way to make the system unbreakable and impossible to cheat on. That's
why an
additional layer of security is being able to DETECT that system had
been
cheated on.
So why using open source at all if you think that hidden code is a way to make a system more secure ? It highly not consistent !
Who is talking about hidden code? It can be open source. And quite often it is. And most of that code, BTW, is written by the people who are paid to do it. If you want to make us drop U-Boot and write our own firmware no problems, that's just additional job security for us. But don't expect all those people to do anything on U-Boot and forget about their contributions.
--- ****************************************************************** * KSI@home KOI8 Net < > The impossible we do immediately. * * Las Vegas NV, USA < > Miracles require 24-hour notice. * ******************************************************************