[coreboot] not really new news ... but ...
FENG Yu Ning
fengyuning1984 at gmail.com
Tue Mar 24 05:31:27 CET 2009
ron minnich wrote:
> And they used flashrom, it appears. :-)
The SPI controllers in ICH7 and up have several security mechanisms to
prevent unauthorized modification of the flash memory. Boards from
intel utilize those mechanisms, but many more boards from other
By gaining security from those mechanisms, one loses freedom. One
mechanism seems to involve public key cryptography. AFAIK, one can
only use the IFlash utility from intel to reflash their BIOS, and I am
not awared of any cross-flash ability of IFlash. Thus, intel boards
are flashrom unfriendly.
That said, I think there is still chance that the cryptographical
security mechanism could be cracked. (I am not good at cryptography,
so expect errors and correct me.) Since IFlash needs to authenticate
itself (to the SMI handler), the process might be:
SMI handler generates a random number
SMI handler encrypts that number with the public key.
SMI handler publish the challenge
IFlash decrypt that with a private key(!)
IFlash writes its answer
IFlash sends a modification request
SMI handler receives the request
SMI handler compares the answer with the original number
confirmed and unlocked
IFlash needs to carry the private key with it.
If that is true and someone implements an attack, the public-key
cryptography security mechanism for the flash memory will be a
joke. If the knowledge is not publicly known, then the security
mechanism becomes a path for the malware and an obstacle for utilities
More information about the coreboot