30 Jul
2008
30 Jul
'08
11:23 p.m.
"There are many ways to get code into the EFI environment. An attacker can modify the bootlader directly, modify bootloader varibles in NVRAM, modify and reflash firmware or exploit an implementation flaw in the driver.
Nothing specific to EFI here, as far as I can see. All of this is true as well for traditional BIOS, Open Firmware, and even coreboot.
Segher