[coreboot] Hardware vendors offering systems with Intel ME disabled

Zoran Stojsavljevic zoran.stojsavljevic at gmail.com
Sat Dec 9 10:22:00 CET 2017


> Due to its complexity and closed source approach, many different UEFI
implementations have
> suffered many different vulnerabilities. Many (all?) include a full
network stack.

I have closed UEFI shell UEFI. As you all, probably, if you use UEFI as
BSP. You could NOT enter UEFI shell, since
every vendor disables this. I can break into the UEFI shell in no time. Then,
you can imagine what I can do? As
example, write .efi rootkit file, to exploit UEFI. Etc...

NOT to mention that UEFI on my notebook is protected with the admin
password, but this does NOT prevent me to
break into the UEFI shell (I do NOT care about password protection, as it
does NOT exist at all).

Zoran

On Fri, Dec 8, 2017 at 4:26 PM, awokd <awokd at elude.in> wrote:

> On Fri, December 8, 2017 4:44 am, Zoran Stojsavljevic wrote:
> > Let me try again to state what I stated before, with some new insides,
> > because Tim brought the new equation: HAP into
> > this discussion.
>
> In addition to all the issues with ME listed so far, systems from Dell
> etc. ship with UEFI BIOS. Due to its complexity and closed source
> approach, many different UEFI implementations have suffered many different
> vulnerabilities. Many (all?) include a full network stack. Coreboot is
> open source and simply a bootstrap, closing out large swaths of attack
> surfaces.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20171209/cf0ffb9f/attachment.html>


More information about the coreboot mailing list