Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 22 Mar 2017 19:11:56 -0400
From:      grarpamp <grarpamp@gmail.com>
To:        freebsd-security@freebsd.org
Cc:        freebsd-hardware@freebsd.org, freebsd-hackers@freebsd.org,  freebsd-questions@freebsd.org
Subject:   Re: Filtering Against Persistent Firmware Rootkits - BadUSB, HDDHack, UEFI
Message-ID:  <CAD2Ti2_1SYkYgyCz1p=CZcEaEf%2BmCqSFGNv2SG5uLdSB2xrxGQ@mail.gmail.com>
In-Reply-To: <CAD2Ti28Lh7hr=kD0UbrDGm6rfCyNqd8%2BZvGJ=Do8etbU1gyTSQ@mail.gmail.com>
References:  <CAD2Ti28Lh7hr=kD0UbrDGm6rfCyNqd8%2BZvGJ=Do8etbU1gyTSQ@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
> It is virtually impossible to guard against firmware rootkits because
> cpu cannot prevent the card's or device's cpu from from executing that code.
> This was made known by the malware embedded in disk drives' FW, and
> other peripherals' FW, such as wifi and graphics, to name a couple.
> It is possible for such device FW to insert malware into,
> or modify, the RAM resident OS.
> Apparently making OS's executable segments "non-writeable" can be gotten
> around.


There are two very different write directions involved...
HW -> OS / SW ... Yes, as above, you're screwed.
SW -> OS -> HW ... However, as before, you can add kernel filters
to further help prevent software from writing the screwed firmware
to your hardware in the first place.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD2Ti2_1SYkYgyCz1p=CZcEaEf%2BmCqSFGNv2SG5uLdSB2xrxGQ>