[coreboot] some interesting quotes

[Stefan Reinauer]

ron minnich wrote:
> you may or may not have seen them
>
> http://eecue.com/log_archive/eecue-log-724-Black_Hat_2007___Day_2___John_Heasman.html
>
> "There are many ways to get code into the EFI environment. An attacker
> can modify the bootlader directly, modify bootloader varibles in
> NVRAM, modify and reflash firmware or exploit an implementation flaw
> in the driver. Once the attacher is in, they can shim a boot service,
> modify an ACPI table like in the tradition BIOS attack, load an SMM
> driver, or hook interrup handlers. Modifying the boot loader is
> actually quite simple in Mac OSX as the bootloader binary is located
> in user disk space: /System/Library/CoreSerbvice.boot.efi. This isn't
> very stealthy as you are modifying a file on disk which could easily
> be detected by verifying checksums with an application like tripwire."
>   
Our goal, too, is not being stealthy.

Which is why I was quite surprised that not using the locked away memory
areas for my SMM handler was considered a knock-out criterionfor that
approach.
> now we've been trying to get this message across for eitght years now
> and it's good to see people are independently figuring it out.
>   
The one thing that transports our message best, in my opinion, is ports
to new chipsets and ports to new boards.


Stefan

-- 
coresystems GmbH • Brahmsstr. 16 • D-79104 Freiburg i. Br.
      Tel.: +49 761 7668825 • Fax: +49 761 7664613
Email: info at coresystems.de  • http://www.coresystems.de/
Registergericht: Amtsgericht Freiburg • HRB 7656
Geschäftsführer: Stefan Reinauer • Ust-IdNr.: DE245674866