[OLPC-devel] Requirements for a field BIOS reflashing tool.

Dan Williams dcbw at redhat.com
Fri Jun 16 12:57:35 EDT 2006 

On Fri, 2006-06-16 at 12:17 -0400, Jim Gettys wrote:
> That's a very good point.  Maybe we can defeat unsophisticated phishing
> attacks without much trouble.
> 
> One idea might be if the embedded controller flash control line be able
> to be disabled after boot entirely, until the next machine reset.
> 
> Under normal circumstances, we'd have Linux disable the flash enable.
> 
> We might then require a reboot of Linux (or at least Linux BIOS) with a
> special flag set that would allow the enable of the flash (by not
> calling this irreversible disable interface) before being able to
> reflash the BIOS.
> 
> Or do others have other good ideas along these lines?

At least earlier Apple iMacs do something like this; they write the new
firmware to a secondary area of the flash, but don't update until you
reboot the machine.  They then require user intervention to start the
flashing process, I believe you had to hold down the interrupt button
(on the side of the machine by the USB ports and the size of a pin head)
for 5 seconds before the flash procedure would kick in.  Was pretty darn
fail-safe in this mechanism, though it would appear to require 2x the
flash space to store the new image before flashing it over top of the
old one.  They then automatically reboot into the new firmware.


>                                     Regards,
>                                         - Jim
> 
> 
> On Fri, 2006-06-16 at 18:07 +0200, Carl-Daniel Hailfinger wrote:
> >                              From: 
> > Carl-Daniel Hailfinger
> > <c-d.hailfinger.devel.2006 at gmx.net>
> >                                To: 
> > jg at laptop.org
> >                                Cc: 
> > OLPC Developer's List
> > <devel at laptop.org>, Dave Woodhouse
> > <david at woodhou.se>
> >                           Subject: 
> > Re: [OLPC-devel] Requirements for a
> > field BIOS reflashing tool.
> >                              Date: 
> > Fri, 16 Jun 2006 18:07:26 +0200
> > (12:07 EDT)
> > 
> > 
> > Jim Gettys wrote:
> > > We are planning, as I believe has been mentioned on the mailing
> > list, to
> > > have the embedded controller disable the flash write line unless and
> > > until the space bar has been held down for a 5 second period, to
> > make it
> > > difficult for worms/viruses to "brick" the machines.
> > 
> > I thought that the space bar has to be he

More information about the Devel mailing list