Booting from flash memory

A lot of people have been thinking extensively about trustworthy computing (we already have trusted computers the task is to make them trustworthy). Lots of effort going into signing the BIOS, bootstrap loader and so on.

How about this for an idea: put the core of the O/S image and critical drivers onto a flash drive that can be write protected. These can be bought for $25 or so for a card with more than enough memory.

The limited number of write cycles that flash supports would not be an issue since the media would only be changed infrequently.

The ability to pull the flash drive out of the machine would have other advantages, it would be possible to configure the flash drive offline. This would allow a sysop to configure a machine without having to physically touch it.

Application programs would be run from signed distribution files for Virtual Machines running on the base platform.