Don't let manufactures lock you out of BIOS modding! Let them know!

I heard about some draft or proposal about how BIOSes are vulnerable to local attacks, making the computer compromised.
I haven't read all of the huge PDF file yet but I know that closing down BIOSes on devices so that you can't flash your own BIOS on your x86 or video card, HDD/SDD/optical/mobile device hinders innovation, freedom of choice, creativity and learning (say if you want to learn about BIOS modding). You might not be able to even read off the BIOS, not sure.
Imagine having to update the BIOS remotely by linking with a server somehow and with encryption.
Hopefully if this does pass, we will find a way to emulate the server or something and inject BIOS code somehow to our own computers. According to the PDF you could take out the flash chip and replace it with one that has the modded BIOS in it (yea, sure).

Here is the PDF.
NIAP_CCEVS: U.S. Government Approved Protection Profile - Protection Profile for BIOS Update for PC Client Devices Version 1.0

Email [email protected] and(or?) [email protected] about your concerns and spread this around!
In my email to them I mentioned how manufactures often don't develop features that people want or bug fixes BIOSes because they don't want the development costs or don't think it's important. I made a few examples.

 

felix3650, every time someone spouts off conspiracy things, I have this urge to step on a kitten with hiking boots.

 

Poor kittens.

CPUs get stolen from server rooms all the time so they need to report there positions.
Standard-following boot procedures open up dangerous doors for untrusted OSs.
Non-locked-in BIOS flashes make computers vulnerable to local attacks.

You have to agree that P R and political people are innovative.

Oh, wait a second. They have data to back up their claims. They are scientists!

 

What kind of scientists? There are the ones that proved asbestos is dangerous, the ones that are on tobacco companies' payroll, and the ones that were jailed for lying about vaccines' risk of causing autism (hint: They faked the data).

Also, if someone gets a physical access to your computer and open up the case without being noticed, you got bigger problems. Cold boot attacks.

 

My thoughts exactly, when someone already has physical access to your machine, you've got bigger problems.

 

And don't forget about those who never use encryption on the local hard-drive. You don't even need to crack a key, just copy the data (or take out the drive).

 

Actually, encrypted hard drives can be defeated if you can run the computer it was connected to. Freeze the RAM sticks using compressed air (some encryption systems automatically load the keys into the memory upon boot) and pull them out.

 

wut?10charrr

 

bump10char. Don't worry I probably won't bump this anymore

 

You mean scientists that only exist in your imagination?

 

Scientists that only work in the P R department.