On Mon, 21 Sep 1998, Jim Choate wrote:
Specificaly I am asking:
Given a BIOS which has been modified to allow the end-user to select between encrypted and non-encrypted operation, how is the end-user supposed to make this selection?
So far I've seen two suggestions:
1. The BIOS is only 'sensitive' at particular points in the POST.
2. The BIOS has a user-accessible selection via some method to activate their selection.
There's a third option, but it may be a bit more difficult (or not). I'm not really a hardware person, and it's probably obvious. 3. Use a "crypto-dongle" similar to what someone here (Mr. Geiger, I believe) has come up with. You plug it into the parallel port or somewhere else, and the encrypted data is useless once the dongle is removed. I would think that if we plugged this into the bus we could have the BIOS remap the IDE routines to some EPROM in that dongle. The cryptography could take place there too. If the spooks are on to you, you trash the dongle. This paradigm breaks down when we get into the operating system, though. Linux, for instance, apparently disposes of the BIOS and uses its own IDE driver. I assume that Windows 98 does the same thing. Linux is open source, so modifications could be made, but Windows would be harder. Can someone more knowledgeable comment on this hardware dongle idea as applied to this problem?