From owner-freebsd-questions@freebsd.org Wed Mar 22 18:16:55 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 60284D17CF6 for ; Wed, 22 Mar 2017 18:16:55 +0000 (UTC) (envelope-from jd1008@gmail.com) Received: from mail-it0-x235.google.com (mail-it0-x235.google.com [IPv6:2607:f8b0:4001:c0b::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 263CB13BE for ; Wed, 22 Mar 2017 18:16:55 +0000 (UTC) (envelope-from jd1008@gmail.com) Received: by mail-it0-x235.google.com with SMTP id y18so6426825itc.1 for ; Wed, 22 Mar 2017 11:16:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=qtwhfsu8W2Rp0CZgIsrJv9zMpZX/dkBFX5GMBiLheLU=; b=OSUt7AFTv2sNWbY+9735V5P/82xgz2n8fOgroDCOVQrxpfLESxMZJMl/v0WokQnFOt vbrA6CJlfPHhvXOEJl7251eUnQXT83mHVCw/aiEzKpN4Wpi/jjvJU2rbxsgQ0sM539RW 1o5ua8u8ElKZr4sQnMbtbppIYUWOz1/vL235P5WOGajxhzsI1sHib5/Kmub4W5zVrYfT /AyuZcsLnacK7S8D2sZfb62G/qsA7r3Cy05I/O1UgK0/zwcGkbYyi2INvnOnyBKM2zUS WL3TiLIz/Qj/AuryF2h2VgD5q2OZKe8S4bgZvjhr1aw517cT4QzYFPdCdVU/MMvJDtUX fJRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=qtwhfsu8W2Rp0CZgIsrJv9zMpZX/dkBFX5GMBiLheLU=; b=d9QP8OL4YC48weLnJ4j1v8GC2anmXXZjdEs9+hpxUyl+UB32cfFfz+p+LAy34ORUsJ /Nl1pwe3a6fBEv0J7/rML/X76nit8KCw2ZZuP6datRXxYQ3sY9qBvepS3jKmKJ3OuwP6 FaiW/vvnoDgUrYW6qF3e3lh/b5ShahIy7Xc+dx/K6Z+EiKv/2ezyytFR/Vi+Rry8OCuC FXX6O+cVTekzlsuwe+bAFsxnThYV4T/azaTmTEiM40XOmvyQQz1gzTkLYqNIX/ZcChaJ TRCYP3NlhGRel0w1+Kl82v1dR9NLxbGi2LoJEn5pqkK5Et1ps0n+bESLnl+uP9YPc19Q 8YKg== X-Gm-Message-State: AFeK/H3WQf4kkTaTvFEDUcwtyRMvng9Jyabasrs1l2WoY01iru0RVxzuA5pkQijYYWgILA== X-Received: by 10.36.105.85 with SMTP id e82mr9680963itc.113.1490206614402; Wed, 22 Mar 2017 11:16:54 -0700 (PDT) Received: from localhost.localdomain (50-243-4-3-static.hfc.comcastbusiness.net. [50.243.4.3]) by smtp.googlemail.com with ESMTPSA id p70sm3477676itg.0.2017.03.22.11.16.53 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 22 Mar 2017 11:16:53 -0700 (PDT) Subject: Re: Filtering Against Persistent Firmware Rootkits - BadUSB, HDDHack, UEFI To: freebsd-questions@freebsd.org References: From: JD Message-ID: <58D2BF97.3000109@gmail.com> Date: Wed, 22 Mar 2017 12:16:55 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.0.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Mar 2017 18:16:55 -0000 It is virtually impossible to guard against firmware rootkits because cpu cannot prevent the card's or device's cpu from from executing that code. This was made known by the malware embedded in disk drives' FW, and other peripherals' FW, such as wifi and graphics, to name a couple. It is possible for such device FW to insert malware into, or modify, the RAM resident OS. Apparently making OS's executable segments "non-writeable" can be gotten around. On 03/22/2017 03:19 AM, Tomasz CEDRO wrote: > I have created www.libswd.com and www.iCeDeROM.com for low-level access to > embedded system resources, all developed on FreeBSD :-) Still no interest > from investors/sponsors to support iCeDeROM so I could focus 108% on its > development :-/ > > -- > CeDeROM, SQ7MHZ, http://www.tomek.cedro.info > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >