From owner-freebsd-hardware@freebsd.org Sun Mar 19 22:22:20 2017 Return-Path: Delivered-To: freebsd-hardware@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D265ED13A01 for ; Sun, 19 Mar 2017 22:22:20 +0000 (UTC) (envelope-from debra.berk@worldonlinetech.com) Received: from IND01-BO1-obe.outbound.protection.outlook.com (mail-bo1ind01hn0215.outbound.protection.outlook.com [104.47.101.215]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 393F7F8 for ; Sun, 19 Mar 2017 22:22:20 +0000 (UTC) (envelope-from debra.berk@worldonlinetech.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NETORGFT1177539.onmicrosoft.com; s=selector1-worldonlinetech-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=H/nReB84ggJ39sdcPuC1iOTYNuUeFpz/qB4YqlZmYrI=; b=XyxFIZoNFI5P8MV6V/Qif0YiReChZe1slRACJMXjNupx4dHYDcsvlfx8atljhppYvY5lFZegZLw79uOBc+wwsTSrQIuCqew9dF2xonCeiwkkiCYg0s+DaHBYKXbuAIiKDMcqearap3K0OBll0QJVAP6lKJdZS4etXOnrwkAHFic= Received: from PN1PR01MB0269.INDPRD01.PROD.OUTLOOK.COM (10.164.140.12) by PN1PR01MB0271.INDPRD01.PROD.OUTLOOK.COM (10.164.140.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.977.11; Sun, 19 Mar 2017 22:22:14 +0000 Received: from PN1PR01MB0269.INDPRD01.PROD.OUTLOOK.COM ([10.164.140.12]) by PN1PR01MB0269.INDPRD01.PROD.OUTLOOK.COM ([10.164.140.12]) with mapi id 15.01.0977.019; Sun, 19 Mar 2017 22:22:14 +0000 From: Debra Berk To: "freebsd-hardware@freebsd.org" Subject: Shopify Users List Thread-Topic: Shopify Users List Thread-Index: AdKg/lWu0l1v4qfdTa6Go0ONvb84qQ== Date: Sun, 19 Mar 2017 22:15:26 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: freebsd.org; dkim=none (message not signed) header.d=none;freebsd.org; dmarc=none action=none header.from=worldonlinetech.com; x-originating-ip: [49.207.52.1] x-microsoft-exchange-diagnostics: 1; PN1PR01MB0271; 7:CxKvSxcrhLmiMj+GihwQhGvJPCBC5VVR6SqkmJMDoBkdp1H4MHiEMF1r5WdMUmsqj8K1/ZY73XgX9IhdSCK0Gl+MpGBz5aBHsOAFTjYLKVzY7E8UX+o/WQBZ2yyPn3miM3MF+QwdhRPjZLl3Hs4AaPzQTPdTekdAi3bT8cVMdnKkpLgErChYLOXAeYOajsZTpu+x0uSj4OKSzEjYJl1z0Czl/CXvetl83ZGhvWGe15WcF9yiTa949Jr4G4Z4MsEKRTA52WIcaSnJ98Qv+Sae5hC/HX1KrdEzDpKwUo0sefmpzSVlH5zHenJ5iDwnlrBsgoE3dFvLqINI4oXRwHZJ2A== x-ms-office365-filtering-correlation-id: d9c88896-0a1e-4e38-5f02-08d46f16653f x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201702085552020)(201702085551020); SRVR:PN1PR01MB0271; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(21748063052155); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6041248)(20161123558025)(2016111802025)(20161123564025)(20161123560025)(20161123555025)(20161123562025)(6072148)(6043046); SRVR:PN1PR01MB0271; BCL:0; PCL:0; RULEID:; SRVR:PN1PR01MB0271; x-forefront-prvs: 025100C802 x-forefront-antispam-report: SFV:SPM; SFS:(10009020)(6009001)(39410400002)(39450400003)(39840400002)(66066001)(3480700004)(6916009)(9406002)(9326002)(8936002)(6666003)(81166006)(6116002)(7116003)(102836003)(790700001)(2906002)(5660300001)(33656002)(3846002)(54356999)(50986999)(7696004)(8676002)(3660700001)(74316002)(5630700001)(2900100001)(3280700002)(7736002)(2351001)(5640700003)(54896002)(189998001)(55016002)(6306002)(6506006)(9686003)(77096006)(6436002)(110136004)(38730400002)(53936002)(2501003)(122556002)(86362001)(48640200003); DIR:OUT; SFP:1501; SCL:5; SRVR:PN1PR01MB0271; H:PN1PR01MB0269.INDPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; MLV:ovr; PTR:InfoNoRecords; LANG:en; spamdiagnosticoutput: 1:22 MIME-Version: 1.0 X-OriginatorOrg: worldonlinetech.com X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Mar 2017 22:15:26.5670 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 40e9ea0d-94bc-4216-99c9-a53b82937ddf X-MS-Exchange-Transport-CrossTenantHeadersStamped: PN1PR01MB0271 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-hardware@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: General discussion of FreeBSD hardware List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Mar 2017 22:22:20 -0000 Hi, Would you be interested in acquiring Shopify Users List for your marketing = campaign? Top Ecommerce software users list: Magento, WooCommerce, BigCommerce, Prest= aShop, OpenCart, OsCommerce, Zen Cart, X-Cart, Drupal, NopCommerce, Google = Analytics, WebSphere and many more... Please let me know the geography and job title you are looking out to targe= t for so that we can provide you with counts, pricing and samples in my nex= t email. If you are not the right person, please feel free to forward this email to = the right person in your organization. Await your response! Regards, Debra Berk Database Consultant To Opt Out, please respond "REMOVE" in the Subject line. From owner-freebsd-hardware@freebsd.org Wed Mar 22 08:57:10 2017 Return-Path: Delivered-To: freebsd-hardware@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8AB3FD16BB2; Wed, 22 Mar 2017 08:57:10 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-vk0-x244.google.com (mail-vk0-x244.google.com [IPv6:2607:f8b0:400c:c05::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4807210BD; Wed, 22 Mar 2017 08:57:10 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-vk0-x244.google.com with SMTP id y16so9689604vky.1; Wed, 22 Mar 2017 01:57:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=0CmpfFWDZEN8wBuCAKHNdvLYKhmv4K9gfaRrYobSi6Y=; b=pZN8btwMpLgjixZ3bSgBLkPc2dHv0sfFlFkfg7lP/rTVpk3TxwoL1E60HVJ3St7j73 Pui3uoo2iNDkgOCl4q7XdziCfhO6/NXcm33lDTsjG41b6XBBYmobmCcic31L8YCBlqGc K9TM4TKGh07uzc7da8aKB1//H77erxXYGQhfSe612KYC7tebb4ssA9/s+bt2bax8V1N1 9WTQWNqwnIE5zKr86+3+RCoWE1Jma0VS71UjA3Lcg6XZHPBwNAOPEu1k0vjwDS+ofxKR ZUYW4t18o3RnkMQRto2NWSHX63ulxL2e3NOnFri/yK99Fzr11VU/wnkA0bXnt6HIr6/b rhcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=0CmpfFWDZEN8wBuCAKHNdvLYKhmv4K9gfaRrYobSi6Y=; b=qHcikDxb1Oj5pRboewIz4cXJFNJ7vvjSkrQdnDUVSQyGN2W812sBcOfpH1tD/++06H S6mbILvW+jjotxFn302Tc3dEum5ovosGBdDtuCkN+DgAahAgJSTKJHExHHR00RrcbGTx gFqYU3GObQnyUJ48MpwdMXKNi+IfG5OUO+2jIj7cLXsrcZImmgg/rlNC9gBZCXGN0PEQ C3EZsGGaxXqkRlOytclqMDpscZYz0vZcKFlpJ9ihwYRuWR0GSYadx8Ff7ii/slhV23Ul yBtnttjEdWypYeUXBh3Hy1lJRMCsU08nFurtLDM/l8IodQCFOw8jTukaDUo4ptR3BpwY P5iQ== X-Gm-Message-State: AFeK/H2dVQxuOb2sUGliDQfhCABePFpK2irodlZwOA8DKgZETtx05Do6g/UFxSreY3FrYnF9GYJcC/ntUTwO7A== X-Received: by 10.176.18.205 with SMTP id o13mr1091216uac.44.1490173029101; Wed, 22 Mar 2017 01:57:09 -0700 (PDT) MIME-Version: 1.0 Received: by 10.159.33.37 with HTTP; Wed, 22 Mar 2017 01:56:28 -0700 (PDT) From: grarpamp Date: Wed, 22 Mar 2017 04:56:28 -0400 Message-ID: Subject: Filtering Against Persistent Firmware Rootkits - BadUSB, HDDHack, UEFI To: freebsd-security@freebsd.org Cc: freebsd-hardware@freebsd.org, freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-hardware@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: General discussion of FreeBSD hardware List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2017 08:57:10 -0000 Over two years ago this "trojans in the firmware" was mentioned. These attacks are real and are in the wild. They are created and used by various hats from adversary to researcher to miscreant... and ultimately can end up passing unwittingly through degrees of separation to and among you and your peers over daily sharing and other physical transactions, use of unaudited application and systems code, dual booting, parking lot attacks, computer labs, libraries, component swapping, etc. Some mitigation may be possible through kernel filtering modes... - Filter and log all known firmware / bios writing opcodes. - Filter and log all opcodes except those required for daily use, such as: read, write, erase unit, inquiry, reset, etc. - Filter and log all opcodes execpt those in some user defined rulesets. Default permit / deny, the usual schemes. In a securelevel, this may provide some resistance and extra steps of defense in depth to attacks that presume they have direct access to firmware without needing to smash the kernel further beyond root (also, root access is foolishly yet often available to users). FreeBSD should consider addressing any oppurtunities to further inhibit these attack vectors. Details via links below. (CC'd to a few lists to promote general awareness. Replies are perhaps best made only to freebsd-security@ .) # CAM - hdd, tape, optical, etc https://www.schneier.com/blog/archives/2014/01/iratemonk_nsa_e.html http://spritesmods.com/?art=hddhack http://s3.eurecom.fr/~zaddach/ https://www.ibr.cs.tu-bs.de/users/kurmus/ https://www.malwaretech.com/2015/04/hard-disk-firmware-hacking-part-1.html https://www.malwaretech.com/2015/06/hard-disk-firmware-rootkit-surviving.html http://web.archive.org/web/20150615181236/http://malwaretech.net/MTSBK.pdf https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/ http://web.archive.org/web/20130228090611/http://www.recover.co.il/SA-cover/SA-cover.pdf http://www.spiegel.de/media/media-35661.pdf # USB https://opensource.srlabs.de/projects/badusb https://github.com/robertfisk/USG/wiki # BIOS, UEFI http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9-agent-in-target-systems/ http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/ # CPU http://inertiawar.com/microcode/ https://wiki.archlinux.org/index.php/microcode http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-vol-3a-part-1-manual.pdf https://en.wikipedia.org/wiki/Intel_Active_Management_Technology # FreeBSD, UFS - supported https://www.schneier.com/blog/archives/2014/01/iratemonk_nsa_e.html http://leaksource.files.wordpress.com/2013/12/nsa-ant-iratemonk.jpg https://www.schneier.com/blog/archives/2014/02/swap_nsa_exploi.html http://leaksource.files.wordpress.com/2013/12/nsa-ant-swap.jpg http://leaksource.files.wordpress.com/2013/12/nsa-ant-sierramontana.jpg # various https://en.wikipedia.org/wiki/NSA_ANT_catalog https://firmwaresecurity.com/ From owner-freebsd-hardware@freebsd.org Wed Mar 22 09:19:48 2017 Return-Path: Delivered-To: freebsd-hardware@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 58B96D1573F; Wed, 22 Mar 2017 09:19:48 +0000 (UTC) (envelope-from tomek.cedro@gmail.com) Received: from mail-ot0-x244.google.com (mail-ot0-x244.google.com [IPv6:2607:f8b0:4003:c0f::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 160521F66; Wed, 22 Mar 2017 09:19:48 +0000 (UTC) (envelope-from tomek.cedro@gmail.com) Received: by mail-ot0-x244.google.com with SMTP id y88so1946913ota.1; Wed, 22 Mar 2017 02:19:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=udwVm6logtLyIqKroUrcXN3HZDV5bSjQ3Z+kWLnJZ5g=; b=Yzgl0wvm25TB84cmtZ7hkSfViFRfN4hO1TiyEED7Z3zy2xmno37DSe73w9lRg0pK+o qGKA6XWUv3OSdv6lvRRUhCmerpgVE94MFyVjhqLeG3d8xNIyzW2avoJuKdm7z9xW0Ebx 1+FMRRa3FQo5lHY3Bz6gEv+R6h7fALITkl5eEEBXGBYiX+XwstX9YG2qZj2zxLSU3NdU pNtk8NTyJ66f2aGHnMf2tQQN6yDqPZ/RqdhLtHoa55q1iRu8JyHd5+VYzFDJJdd4n9A7 DM5oDiz9pjnRFMjUoNL4tZ74r1iKC0s/HGu8mbHpRzs8dpxXOJR0L30Gcm/C0GoJY3Hn VvEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=udwVm6logtLyIqKroUrcXN3HZDV5bSjQ3Z+kWLnJZ5g=; b=HF7+Q8WALKiPP96nZ/Upd6s9PmE+Rh2Nj6nqGggm9WZFRkIVFjcBvHJqygoWHn1f6A JtF1xUmbriCcptEd03/0ANr4FtN4oiKU5Q2dLmLNBUVhJVtEtowdiVa1Y88YFGZ7YqPk vCxUrzxkMefWSIWNjq/G9BHgKfRtPZPS8ENOdcIehRrN7vBSCtBSkOjPgO4IoVCu2tgZ URGH10zrDtewNkrbH5E2B3ovQWG9gfMeHkjxPQi0TdeOaE3c2cNM1VDHm/MQF9ixzmKL uU00Quv70Gx8zxvLJySncd6lw1pZn5/Ls3z6XbbbdH3dJA9a/J4ZanjkCdR0DrRd3og6 vA7w== X-Gm-Message-State: AFeK/H3Ho7RDvMLGD82hI+n/ure+ipLbkJ2Ibqk1Wpj/QQgxckYlxi7JEhMaHk2JiSDF6qQz7u0R3kOAIqQ3Cw== X-Received: by 10.157.43.232 with SMTP id u95mr547006ota.70.1490174387448; Wed, 22 Mar 2017 02:19:47 -0700 (PDT) MIME-Version: 1.0 Sender: tomek.cedro@gmail.com Received: by 10.157.18.211 with HTTP; Wed, 22 Mar 2017 02:19:47 -0700 (PDT) Received: by 10.157.18.211 with HTTP; Wed, 22 Mar 2017 02:19:47 -0700 (PDT) In-Reply-To: References: From: Tomasz CEDRO Date: Wed, 22 Mar 2017 10:19:47 +0100 X-Google-Sender-Auth: xbwbah1jmaH9JSRs_AvVBoFj2Hk Message-ID: Subject: Re: Filtering Against Persistent Firmware Rootkits - BadUSB, HDDHack, UEFI To: grarpamp Cc: FreeBSD Questions Mailing List , freebsd-hardware@freebsd.org, freebsd-security@freebsd.org, freebsd-hackers@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-hardware@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: General discussion of FreeBSD hardware List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2017 09:19:48 -0000 I have created www.libswd.com and www.iCeDeROM.com for low-level access to embedded system resources, all developed on FreeBSD :-) Still no interest from investors/sponsors to support iCeDeROM so I could focus 108% on its development :-/ -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info From owner-freebsd-hardware@freebsd.org Wed Mar 22 23:12:38 2017 Return-Path: Delivered-To: freebsd-hardware@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 746AFD18C01; Wed, 22 Mar 2017 23:12:38 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-vk0-x244.google.com (mail-vk0-x244.google.com [IPv6:2607:f8b0:400c:c05::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2FC0317C0; Wed, 22 Mar 2017 23:12:38 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-vk0-x244.google.com with SMTP id j64so17376253vkg.0; Wed, 22 Mar 2017 16:12:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=J4yAAyNGmVYThYlbDvizeJDSZR5kVFHNArcr3ArW2dE=; b=cCNZTAZr+miW4WCw12CgeCa6gr/86/LehyriCtiSWi5fDPvzoY7rsY7xSwuJTLbuMV lQau7ooK8pEkXzyspVu19WYbrVUVvljj5uT2O4zEtZOSo0iSfCdvR68m7mTC+bEul/3z iU1TJ8S87RRhRXzQoWxYmX+vUlrS1UFAOlHtKOSyIrwXq2nTA1LJc/VH1+UA15TIbXRB k31EAr9F/ehvcyEOc0jqzPI+Vb1m/dA0jv1ClGVisXSzh72J0Axyn9218HjlQAkDcXVl M1I3lSRLPx74duJqhXGa9G/gT4NvF4wmhdMrElW7i3f3COpb/pFHl5FF0YrjoLZRVisD uWtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=J4yAAyNGmVYThYlbDvizeJDSZR5kVFHNArcr3ArW2dE=; b=steE8h4bRgqjRsrN1QxDmZIiNNMEuh7tLiu5Bd9vePKRpSJponQ2qAKYvcPmxSSipF LHx3jk39B7XZSI1cY05wDTge1DG3SQwKz/meuVIdbuX8JXLdBYtjA0ooEMga/d7LhKOK sjwdC6r5EmtWn3xKsAiJC6BLMnSe84DXX/VOvLafurPeOJonD690+3g0VbuN5ZPi5crM V0lqS5fHDouaNAMDXKTln7n1Jvuca3a0Y7mhB+ExcrPbdbqzWKvUzLcoTxxPezEaCUsN vY/l6GAUeJSt2gFq6WT7Vv+IjCnKXEh5mdOsyJo6PvxH6KSZKenTL2ApaxAttz1ehBaZ R2ZA== X-Gm-Message-State: AFeK/H1Nok8Gx8kU5gWUkkY7gwcrbXtCSvWXGOqgr5bZ/BziCIbW7dE5Iz/RNDCHi8ML20uUZjspjmsr2RxlzQ== X-Received: by 10.176.91.87 with SMTP id v23mr15252195uae.90.1490224356990; Wed, 22 Mar 2017 16:12:36 -0700 (PDT) MIME-Version: 1.0 Received: by 10.159.33.37 with HTTP; Wed, 22 Mar 2017 16:11:56 -0700 (PDT) In-Reply-To: References: From: grarpamp Date: Wed, 22 Mar 2017 19:11:56 -0400 Message-ID: Subject: Re: Filtering Against Persistent Firmware Rootkits - BadUSB, HDDHack, UEFI To: freebsd-security@freebsd.org Cc: freebsd-hardware@freebsd.org, freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-hardware@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: General discussion of FreeBSD hardware List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2017 23:12:38 -0000 > It is virtually impossible to guard against firmware rootkits because > cpu cannot prevent the card's or device's cpu from from executing that code. > This was made known by the malware embedded in disk drives' FW, and > other peripherals' FW, such as wifi and graphics, to name a couple. > It is possible for such device FW to insert malware into, > or modify, the RAM resident OS. > Apparently making OS's executable segments "non-writeable" can be gotten > around. There are two very different write directions involved... HW -> OS / SW ... Yes, as above, you're screwed. SW -> OS -> HW ... However, as before, you can add kernel filters to further help prevent software from writing the screwed firmware to your hardware in the first place.