Talk:End-user Computer Security/Appendix/New security inventions requiring a non-trivial investment in new technology

Design feature for enabling the detection of malware in BIOS firmware
Not sure whether such invention has already been discovered.

Given a set of operators O, a fixed-size memory S1 (BIOS firmware), a second fixed-size memory S2 that is blank when the computer starts (RAM), and a legitimate BIOS program stored in S1, find a maximal compression of values that fit neatly and tightly into S1 that also include the legitimate BIOS program, such that it is impossible for any program stored in S1 to display the total contents of S1 without simply doing a memory dump to screen of S1. Then build into the computer system a security verification sub-system that simply does a memory dump to screen of S1. The user has a copy of what S1 should be (perhaps from downloading it from the internet on another computer), and then compares the memory dump with the copy of what S1 should be. If there is a mismatch, security fails. If there is no mismatch, user knows that there is no malware in S1 so long as the hardware has not undergone any hardware tampering.

This mechanism relies roughly upon filling-up the BIOS firmware capacity "to the brim" with values, that cannot be compressed down any further (cannot be reduced to code that takes up less memory space). Physically disconnecting other components, such as the system disk, might be required. If there is changeable firmware in other components, could be possible for malware to utilise unpredictable data in other components to trick user into believing there is no malware. Not so sure how you would get round that. Perhaps being able to physically disable the other components would solve such issues.

Leveraging option ROMs and more generally the shadowing of firmware to RAM, for better security?
Firmware stored in ROM, can be a security risk due to physical hardware tampering. For example, EEPROM chips can be de-soldered and replaced with bugged chips that communicate data in a wireless way to nearby snooping devices. Also, auditing for correctness is generally difficult for the average computer owner, as it appears that it is generally required to create a specialised hardware set-up in order to dump the contents of the firmware in some manner where the contents can be verified (devices such as USB programmers are perhaps always needed).

With the foregoing in mind, option ROMs can perhaps provide better security, because the associated firmware is dumped to RAM and run from RAM. The contents being in RAM, means that no specialised hardware set-up is required to audit the firmware for correctness. It also means that hardware bugs in the hardware used for permanent storage of the firmware, can be overcome, because after the firmware is loaded to RAM, that hardware is no longer used (can even be unplugged if a ROM socket is being used)&mdash;the firmware is simply run from RAM. A counter argument to this latter justification, might present itself as "what about if the RAM is bugged?" For some reason, I'm inclined to believe RAM is more "trustable" perhaps because of it being such a common component to computing systems. Users can swap out RAM, but the same is not so easy with EEPROM chips that are pre-soldered to the mainboard. Being able to buy the RAM separately, and because of RAM likely being readily available in physical shops, the "User randomly selecting unit from off physical shelves" principle can be used to thwart targeted MITM attacks between the supplier and the end-user. Additionally, whereas without option ROMs, security-attentive eyes need to be kept both on the specialised storage used for firmware and the RAM together (in respect of clandestine hardware bugs, such as espionage hardware), with the above implemented, eyes only need to be kept on the RAM&mdash;the attack surface is effectively reduced.

Extending the above-described potential advantages regarding option ROMs, to all firmware in general, the BIOS firmware itself can also be driven in the same way&mdash;copied to RAM and then run from RAM. Incidentally, doing such, perhaps would make security patching of the firmware easier, as the firmware loaded to RAM could then just be patched through the OS during the OS boot. Researching on the internet just now, it does look like some form of BIOS shadowing does take place for speed performance considerations, but unfortunately, such shadowing is likely implemented by the BIOS code itself. If true, this would mean that malware present in the BIOS code would then be able to interfere with the shadowing process (which is undesirable). Instead, the shadowing process should be controlled purely by hardware, or by hardware plus code where the code is very highly secured and unchangeable (not part of the changeable BIOS firmware that potentially contains bugs and backdoors).