Date: Wed, 22 Mar 2017 19:11:56 -0400 From: grarpamp <grarpamp@gmail.com> To: freebsd-security@freebsd.org Cc: freebsd-hardware@freebsd.org, freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org Subject: Re: Filtering Against Persistent Firmware Rootkits - BadUSB, HDDHack, UEFI Message-ID: <CAD2Ti2_1SYkYgyCz1p=CZcEaEf%2BmCqSFGNv2SG5uLdSB2xrxGQ@mail.gmail.com> In-Reply-To: <CAD2Ti28Lh7hr=kD0UbrDGm6rfCyNqd8%2BZvGJ=Do8etbU1gyTSQ@mail.gmail.com> References: <CAD2Ti28Lh7hr=kD0UbrDGm6rfCyNqd8%2BZvGJ=Do8etbU1gyTSQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> It is virtually impossible to guard against firmware rootkits because > cpu cannot prevent the card's or device's cpu from from executing that code. > This was made known by the malware embedded in disk drives' FW, and > other peripherals' FW, such as wifi and graphics, to name a couple. > It is possible for such device FW to insert malware into, > or modify, the RAM resident OS. > Apparently making OS's executable segments "non-writeable" can be gotten > around. There are two very different write directions involved... HW -> OS / SW ... Yes, as above, you're screwed. SW -> OS -> HW ... However, as before, you can add kernel filters to further help prevent software from writing the screwed firmware to your hardware in the first place.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD2Ti2_1SYkYgyCz1p=CZcEaEf%2BmCqSFGNv2SG5uLdSB2xrxGQ>