[prev in list] [next in list] [prev in thread] [next in thread]
List: linuxbios
Subject: Re: [coreboot] some interesting quotes
From: Stefan Reinauer <stepan () coresystems ! de>
Date: 2008-07-31 13:47:11
Message-ID: 4891C25F.3040509 () coresystems ! de
[Download RAW message or body]
ron minnich wrote:
> you may or may not have seen them
>
> http://eecue.com/log_archive/eecue-log-724-Black_Hat_2007___Day_2___John_Heasman.html
>
> "There are many ways to get code into the EFI environment. An attacker
> can modify the bootlader directly, modify bootloader varibles in
> NVRAM, modify and reflash firmware or exploit an implementation flaw
> in the driver. Once the attacher is in, they can shim a boot service,
> modify an ACPI table like in the tradition BIOS attack, load an SMM
> driver, or hook interrup handlers. Modifying the boot loader is
> actually quite simple in Mac OSX as the bootloader binary is located
> in user disk space: /System/Library/CoreSerbvice.boot.efi. This isn't
> very stealthy as you are modifying a file on disk which could easily
> be detected by verifying checksums with an application like tripwire."
>
Our goal, too, is not being stealthy.
Which is why I was quite surprised that not using the locked away memory
areas for my SMM handler was considered a knock-out criterionfor that
approach.
> now we've been trying to get this message across for eitght years now
> and it's good to see people are independently figuring it out.
>
The one thing that transports our message best, in my opinion, is ports
to new chipsets and ports to new boards.
Stefan
--
coresystems GmbH • Brahmsstr. 16 • D-79104 Freiburg i. Br.
Tel.: +49 761 7668825 • Fax: +49 761 7664613
Email: info@coresystems.de • http://www.coresystems.de/
Registergericht: Amtsgericht Freiburg • HRB 7656
Geschäftsführer: Stefan Reinauer • Ust-IdNr.: DE245674866
--
coreboot mailing list
coreboot@coreboot.org
http://www.coreboot.org/mailman/listinfo/coreboot
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic