[coreboot] kasten.core backdoor? new weird message after each coreboot build
Mike Banon
mikebdp2 at gmail.com
Sat Feb 10 20:52:01 CET 2018
While building a coreboot now I'm getting this "kasten.core" message
(see below), it wasn't like that earlier! Tried to search through all
the coreboot sources with ' find . -type f -print0 | xargs -0 grep
"kasten" ' but no results! So thats not a new coreboot build script.
It almost looks like instantly after I complete a coreboot build,
something malicious modifies my coreboot.rom file. Haven't analyzed
the .rom yet, I wanted to submit these findings as soon as possible.
What do you think? Meanwhile I will take my system offline and remove
a hard drive from it, so that someone couldn't remotely delete this
backdoor before I find it
CBFS payload_config
CBFS payload_revision
CBFS coreboot.rom
kasten.core: "/home/mikeb/coreboot/build/coreboot.rom"
CBFSPRINT coreboot.rom
Name Offset Type Size Comp
cbfs master header 0x0 cbfs header 32 none
fallback/romstage 0x80 stage 320396 none
fallback/ramstage 0x4e480 stage 131631 none
config 0x6e700 raw 84 none
revision 0x6e7c0 raw 575 none
cmos_layout.bin 0x6ea40 cmos_layout 1164 none
fallback/postcar 0x6ef40 stage 13268 none
fallback/dsdt.aml 0x72380 raw 9016 none
fallback/payload 0x74700 payload 67370 none
payload_config 0x84e80 raw 1611 none
payload_revision 0x85540 raw 239 none
(empty) 0x85680 null 3581720 none
s3nv 0x3efdc0 raw 32768 none
(empty) 0x3f7e00 null 31704 none
bootblock 0x3ffa00 bootblock 928 none
Built lenovo/g505s (LENOVO G505S)
mikeb at testing:~/coreboot$ kasten.core: "/home/mikeb/coreboot/build/coreboot.rom"
More information about the coreboot
mailing list