Date: Wed, 22 Mar 2017 19:11:56 -0400 From: grarpamp <grarpamp@gmail.com> To: freebsd-security@freebsd.org Cc: freebsd-hardware@freebsd.org, freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org Subject: Re: Filtering Against Persistent Firmware Rootkits - BadUSB, HDDHack, UEFI Message-ID: <CAD2Ti2_1SYkYgyCz1p=CZcEaEf%2BmCqSFGNv2SG5uLdSB2xrxGQ@mail.gmail.com> In-Reply-To: <CAD2Ti28Lh7hr=kD0UbrDGm6rfCyNqd8%2BZvGJ=Do8etbU1gyTSQ@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
> It is virtually impossible to guard against firmware rootkits because > cpu cannot prevent the card's or device's cpu from from executing that code. > This was made known by the malware embedded in disk drives' FW, and > other peripherals' FW, such as wifi and graphics, to name a couple. > It is possible for such device FW to insert malware into, > or modify, the RAM resident OS. > Apparently making OS's executable segments "non-writeable" can be gotten > around. There are two very different write directions involved... HW -> OS / SW ... Yes, as above, you're screwed. SW -> OS -> HW ... However, as before, you can add kernel filters to further help prevent software from writing the screwed firmware to your hardware in the first place.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD2Ti2_1SYkYgyCz1p=CZcEaEf%2BmCqSFGNv2SG5uLdSB2xrxGQ>