On 02/17/2015 02:39 PM, Chris Murphy wrote:
On Tue, Feb 17, 2015 at 2:31 PM, Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote:
Or could the firmware at power on not
actually supply the firmware with LBA0 contents to execute but some
arbitrary code (possibly even stored on hidden sectors on the drive)
that acts as a persistent bootkit?
Oops. Rewrite: Could the [drive] firmware....supply the [computer]
firmware...arbitrary boot code.
That'd be evolutionary not revolutionary, in that it's still a
bootkit. The evolution is making it persistent, i.e. issuing ATA
Secure Erase to the drive would not wipe out the bootkit as expected.
However, that'd be rather easy to test for after the Secure Erase...
"read() LBA 0" and the hard drives returns some cute pile of code
instead of zeros.
For UEFI Secure Boot systems this would first seem to require a
previously successful attack on the computer firmeware... OR less
likely the arbitrary code supplied by the drive is properly signed.
Well, the malware could be a chip on the controller board,
or could be part of the board's firmware, which would make
it not available to user access.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
