Hello,

I found out about Flashrom after researching the Mac EFI exploit. I have several reasons to suspect that my machine (early 2013 macbook pro) is compromised at the EFI level. I am reaching out to you for help because this article from Ars Technica (link below) mentions Flashrom:

"The flash is unlocked and now you can use flashrom to update its contents from userland, including EFI binaries," Friday's blog post stated, referring to the freely available utility for reading, writing, erasing, and verifying firmware contained in flash chips. "It means Thunderstrike like rootkit strictly from userland."

Here's the links about the exploit and how to fix it (according to the guy who found it):

https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken/

https://reverse.put.as/2015/07/01/reversing-prince-harmings-kiss-of-death/

"Both chips use SPI, meaning that a SPI reader/writer such as the one introduced by Trammell Hudson can be used to read and write its contents.
This is the best and safest way to do it and you should definitely get or build one if you plan to do EFI research."

https://trmm.net/SPI

This article (http://arstechnica.com/security/2015/06/new-remote-exploit-leaves-most-macs-vulnerable-to-permanent-backdooring/)

links also to OSX verification software:

https://github.com/osresearch/rwmem

But I already ran this tool

https://01.org/linux-uefi-validation

And the results had "405 fails"

I don't want to verify, I just want a clean EFI ROM. Is this possible using Flashrom? I have been unable to find any tutorials online, only videos that involve custom hardware connected to the chip to unlock the EFI password.

Please help or advise in any way, thank you

Frank

_______________________________________________________________
Get the Free email that has everyone talking at http://www.mail2world.com
Unlimited Email Storage – POP3 – Calendar – SMS – Translator – Much More!