[coreboot] Intel NIC security
Taiidan at gmx.com
Taiidan at gmx.com
Sat Jun 10 00:26:12 CEST 2017
Is it worth figuring out how to externally re-flash grey market "intel"
nics - or is the onboard NVM flash unable to do anything too terrible?
In the newer (the 3 digit i/x series like i350, x540 etc) nics intel has
added a "security" flash write protect feature so I imagine their flash
stuff isn't as potentially innocent as in the older chips. If so does
anyone how to do this?
How is this dealt with from a coreboot onboard NIC perspective?
Obvious stuff applies, such as a general NIC exploit leading to a
WAN>LAN pivot bypassing IOMMU if both WAN and LAN are processed on the
same chip but that isn't what I am referring to.
You may find this interesting:
https://www.servethehome.com/investigating-fake-intel-i350-network-adapters/
When this news first came out there was a conspiracy theory started on
the pfsense forums and a lot of smart people bought in to the idea that
they were some kind of foreign intelligence agency scheme to spy on
american companies (I myself know a few important corps that use DIY
routers, so it could be true)
More information about the coreboot
mailing list