See that's what I'm saying.

How would you access the BIOS if the ability to view the configuration is removed? How could you access the BIOS all input except that one scanner is removed from BIOS?

There isn't enough functionality to access the BIOS with, is what I'm saying. Similar to me saying "How are you supposed to access the VCR inside of that house, if I've removed the doors, windows, and the entire house is made out of stone? (top, bottom, and sides).

It isn't about security, it's about functionality. If you don't code something in, there is a loss of functionality. If that BIOS has no possible way to change configuration or for someone to send input to it, then there isn't a way to access it without completely reflashing it. Similar to writing a network protocol that -only- has source code to accept incoming but never send outgoing.

It doesn't matter how much you scream at the network, that source code simply doesn't have the functionality for you to tell it to go out rather than in.


So, it isn't about securing the BIOS. It's about removing what isn't needed, and with that the functionality to change it.


edit: I can only think of one more example to clear up what I'm talking about here. I used to program with some friends of mine a MUD (multi user dungeon, a text based online RPG), and we had a problem with people exploiting the Rent. People, normally, could go to the Inn and 'rent' a room which would save their equipment and gold. However, someone found a way to store unlimited amounts of gold and equipment in there rather than the preset amount we defined.

There were many ways we could solve it, but one of the solutions was to simply remove the ability to store equipment from the Inn. We didn't do that of course, but that's what I'm trying to say here. Sometimes the only way to make people follow rules isn't to write up a set of Laws (or in computer terms, protocols), it's to completely remove instances that would allow it to even occur. We could remove the ability for people to store equipment from the inn, and no one could exploit the storage anymore. We could remove the ability for people to be able to interact with the BIOS (meaning no keyboard input, no mouse input, only that one scanner while BIOS boots), and no one could exploit the BIOS anymore.

This is of course in theory, and I'm glad you are bringing this up Good conversation