Russell Coker wrote:
When booting from removable media that contains the decryption key the attack scenario would be to replace the BIOS with one that sends everything it reads from disk (IE everything that the boot loader reads) over an Ethernet interface.
A trojan BIOS that modifies the kernel during the boot load process to introduce a security hole would be doable if you have adequate resources.
there is a second option (also bios and startup related):
you can put an additional pci-extension-bios to any pci-card which have a own pci-extension-bios for setting up its hardware, the chips are usaly 64k but not fully used (graficcard, networkcard, ...) and the point is, the standard allows you to put several pci-extension-bios-images into one of such eeproms which just point to each other and get called through the main-bios
so its not really necessary to exchange the system bios, get your hands on a pci-card with a extension-bios may be enough... so keep your eyes open if you change hardware ;)
and this is working practical, i have written a pci-extension-bios which actuly was sitting at (in this case) the network card for reading/setting bios-settings (nvram) during boot-up process at the serial port some years ago (was for some semiautomatic setting up process of 'black-box' hardware with no keyboard monitors attached to it) ok - second problem here, would be getting the code surviving in ram the boot-up sequence of the operating system, but i'm sure this won't be any problem for some ppl with the necessary skills
i'm not sure about the pci-x-standard, but i think this could be working similar
greetings dalini