[Cryptography] Plot to brick BIOS (was Re: General Keith.. so great to see you..

[Tom Mitchell]

On Thu, May 8, 2014 at 12:17 AM, Caspar Bowden (lists)
<lists at casparbowden.net> wrote:
> On 07/05/14 13:10, John Young wrote:
.......

>         " NSA cyberdefense chief Debora Plunkett in December disclosed
>         that the agency had thwarted a “BIOS plot” by a
> “nation-state,”
>         identified as China, to brick U.S. computers. "

This is a very real infrastructure issue.

BIOS upgrades are uncommon but still necessary.  I would like to
see a physical jumper on any machine where physical
access to the motherboard is possible (difficult on a
a MacBook...)

Also large organizations need access to JTAG or i2c
tools to update and inspect flash.   Gone are the
just replace EPROM days.  There are some potential
issues with virtual machines should someone get to
the foundation virtual machine many risks grow.

cryptography to lock hardware has limits....
One of which is recovery should the key be lost.

-- 
  T o m    M i t c h e l l