Am 16.11.2016 um 00:15 schrieb Michael Kjörling:
On 15 Nov 2016 20:42 +0100, from sven@xxxxxxxxxxxxxxxxxxxxx (Sven Eschenberg):
Either way, you need the BIOS administrator password to get to an
alternative boot device.
I wonder however how securely that password is stored?
Almost certainly not securely at all. It certainly is easy to clear
once you have physical access: All you need to do is get access to the
motherboard and either remove/disconnect the CMOS battery, or set a
jumper to a "CLEAR CMOS" or similarly labeled position. I would expect
some modicum of protection such that the password isn't stored in
clear text in NVRAM or flash readable to all and sundry, but I
wouldn't expect anything much more sophisticated than an XOR with a
fixed value, a CRC-32 checksum, or similar. The exact details almost
certainly vary with BIOS implementations and there's no guarantee that
there aren't implementations out there that actually do the right
thing, but BIOS password storage methods is hardly a distinguishing
feature among motherboard manufacturers. Don't expect a proper PBKDF.
Think of the BIOS passwords (both user and administrator) not really
as tamper-proofing measures as much as a tamper-evidence measures.
Feel free to mentally s/BIOS/UEFI/g above if that's your
open-at-the-top-container of hot-breakfast-beverage-of-choice.
That was more of a rhetoric question, to be honest. I have substantial
doubts that passwords in the very space limited NVRAM are somehow
cryptographically hashed or something. If you can recover the PW from
the stored data however, then even tamper-evidence is effectively gone.
isn't it?
And, let's call it firmware, that should cover for both, UEFI and
classic BIOS, I think ;-).
The CVE however assumed, that you can not simply access the internal
parts of the machine. Still, more fuzz than substance in that CVE, if
you ask me.
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt