[flashrom] Flash EFI ROM on MAC with default ROM?
mr dude
developer at mail2dude.com
Thu Dec 8 21:53:29 CET 2016
Hello,
I found out about Flashrom after researching the Mac EFI exploit. I have
several reasons to suspect that my machine (early 2013 macbook pro) is
compromised at the EFI level. I am reaching out to you for help because
this article from Ars Technica (link below) mentions Flashrom:
"The flash is unlocked and now you can use flashrom to update its
contents from userland, including EFI binaries," Friday's blog post
stated, referring to the freely available utility for reading, writing,
erasing, and verifying firmware contained in flash chips. "It means
Thunderstrike like rootkit strictly from userland."
Here's the links about the exploit and how to fix it (according to the
guy who found it):
https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your
-mac-firmware-security-is-completely-broken/
https://reverse.put.as/2015/07/01/reversing-prince-harmings-kiss-of-deat
h/
"Both chips use SPI, meaning that a SPI reader/writer such as the one
introduced by Trammell Hudson can be used to read and write its
contents.
This is the best and safest way to do it and you should definitely get
or build one if you plan to do EFI research."
https://trmm.net/SPI
This article
(http://arstechnica.com/security/2015/06/new-remote-exploit-leaves-most-
macs-vulnerable-to-permanent-backdooring/)
links also to OSX verification software:
https://github.com/osresearch/rwmem
But I already ran this tool
https://01.org/linux-uefi-validation
And the results had "405 fails"
I don't want to verify, I just want a clean EFI ROM. Is this possible
using Flashrom? I have been unable to find any tutorials online, only
videos that involve custom hardware connected to the chip to unlock the
EFI password.
Please help or advise in any way, thank you
Frank
<span id=m2wTl><p><font face="Arial, Helvetica, sans-serif" size="2" style="font-size:13.5px">_______________________________________________________________<BR>Get the Free email that has everyone talking at <a href=http://www.mail2world.com target=new>http://www.mail2world.com</a><br> <font color=#999999>Unlimited Email Storage – POP3 – Calendar – SMS – Translator – Much More!</font></font></span>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.flashrom.org/pipermail/flashrom/attachments/20161208/7519532a/attachment.html>
More information about the flashrom
mailing list