On Tue, Feb 17, 2015 at 2:31 PM, Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote: >Or could the firmware at power on not > actually supply the firmware with LBA0 contents to execute but some > arbitrary code (possibly even stored on hidden sectors on the drive) > that acts as a persistent bootkit? Oops. Rewrite: Could the [drive] firmware....supply the [computer] firmware...arbitrary boot code. That'd be evolutionary not revolutionary, in that it's still a bootkit. The evolution is making it persistent, i.e. issuing ATA Secure Erase to the drive would not wipe out the bootkit as expected. However, that'd be rather easy to test for after the Secure Erase... "read() LBA 0" and the hard drives returns some cute pile of code instead of zeros. For UEFI Secure Boot systems this would first seem to require a previously successful attack on the computer firmeware... OR less likely the arbitrary code supplied by the drive is properly signed. -- Chris Murphy -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
