to do that, you will need a large program. So we dont have a "bios" but an entire O/S on ROM
Not really. BIOS itself runs checks and configuration utilities. The BIOS can sometimes hold up to 16-32k wortk of data and configuration options. If we ripped out all of the "compatability for ALL hardware" and motherboard "features" we don't use, then we have a BIOS customized exactally for the system hardware. And I know writing a simple function to check a database via the BIOS is already possible and implimented in under 4-6k worth of code. We are not talking about ROM We are talking about a normal BIOS, but customized for our use.

although its look more secure, its just a matter to attack the bios, not the o.s.
Let's think of this, rather than just respond to you. Inside the BIOS code itself is a do/while and a few checks to see if input is being taken from the scanner. Now, since the BIOS is only flashable, and you don't have local access to the harddrive and thus no way to reflash the BIOS, I don't see how they would alter or hack the BIOS? There won't be a "press delete" option because the BIOS won't need it, it's already configured according to the specific needs of the hardware. There won't be a "menu booting and checking RAM" because that feature isn't something that would need to be displayed. There is no configuration menu, because it's already configured and the option to change it is gone from the BIOS chip (reconfiguration is done locally rather than at your 'station').

I don't see how they would attack the BIOS?


But if you hardlock thru bios, they will instead attack the hardlock - bios program.
That's exactally my point. How? If they can't touch the bios physicaly, and there isn't a menu for keyboard input, and the only recognizable input is from that scanner, then how would they attack the BIOS lock? A lot of systems (server wise) have this feature already built in. It's similar to what happens when your processor overheats, everything locks up. The processor could in fact keep running strong and hot, but instead a safety function is built in for the processor to -simply- stop processing. It's a direct halt. Since they have neither local access to the actual server (remember, locked room, no monitor, no input) nor the BIOs, I don't see how they would bypass something that isn't a program but is instead a low level hardware call.

Hardware calls are much different than "shutdown();", as they directly interact with the hardware. Think: hardware to hardware, rather than hardware to software to hardware.


Of course, keep in mind I've somehow moved away from "typical home user" and am now onto "uber l33t mainframe" lol