Hacker News new | past | comments | ask | show | jobs | submit login

I don't see how BIOS signing could be really that important.

BIOS flash must be write protected in silicon before the OS boots to prevent flashing by pwned kernel or drivers so we can assume that only BIOS setup application can touch BIOS flash. Flashing inside BIOS setup application can be prevented by password. And if somebody has physical access to the motherboard to reset this password it's game over anyway.

Call me when somebody leaks something interesting or useful like the Secure Boot private key of Microsoft.




Usually there isn't much protection, if you have root on a system.

On an infrequent basis I've used Flashrom (http://www.flashrom.org) to burn new system BIOS's into flash on a running Linux system. Much easier than fiddling with DOS boot disks, etc. Thus, anyone who can exploit to root could theoretically reflash the BIOS in a system with code that would be persistent through OS reinstallations. Personally, I'd focus on the PXE ROM if asked to compromise systems in this way.

Some older systems have jumpers on board that can write protect the BIOS, but frequently they either default to being in the writable state. I haven't noticed these jumpers on modern PC hardware for a while.

This isn't unique to UEFI Secure Boot systems - I'd assume once you're in OS, all bets are off in terms of who can do what to the hardware.


>I'd assume once you're in OS, all bets are off in terms of who can do what to the hardware.

A common misconception. Even if you are running as ring-0, there are things that you cannot do, and only BIOS can. For example, executing code in SMM mode, mapping/hiding portions of memory, or changing some PCI configuration options that get "locked" after BIOS.


Sounds like a chicken/egg scenario if you're able to reflash the BIOS arbitrarily.


I'm talking about really secure systems, although I'm not sure if such exist in real world.

If we take BIOS security seriously, access to BIOS flash must be restricted to BIOS setup application, for example by programming some non-resettable "write protect" bit before booting the OS.


Corporate espionage rarely rises to this standard, which was the author's concern.


Dumpster diving seems to be the high point, if Larry[1] is anything to go by.

At least this is what people have be caught doing!

[1] http://www.time.com/time/magazine/article/0,9171,49039,00.ht...


"so we can assume that only BIOS setup application can touch BIOS flash"

Nope. Intel (at least) let you program the flash controller so it'll forbid writes from the OS but permit writes from System Management Mode. Load the firmware into RAM, hand a list of addresses to an SMM trap and wait for it to flash it. Entirely secure, as long as you're using signed images.


How is non-SMM code prevented from doing the same stuff this SMM routine does?


The flash controller knows if you're in SMM or not.


>Flashing inside BIOS setup application can be prevented by password.

That is disabled by default. Most likely the BIOS checks this signature before booting or flashing itself, no difference if you are root or not. It IS useful for a bios rootkit. The private key of Microsoft would be useful for a regultar boot-sector rootkit.


[now this comment became much too long and rambling... ;-) ]

Regarding erase/write protection of flash-memories:

Besides the actual user-acessible bulk-data, a flash-chip typically has additional configuration data that store write-protection of the whole device or parts of the memory (pages). This protection typically is done so that the device is not accidentally overwritten by a misbehaving program (e.g. a process in kernel-space writing randomly to addresses).

Take for example the Intel 28F128[1] (128Mbit) which will appear as a 16bit wide memory on a processor's address/data bus (or some version interfaced to the processor by the northbridge, the details can be found in the AMI Bios sourcecode :-) ). Normally you only read the addresses the flash is mapped to, and you will get your stored data (called "read matrix" mode).

But to make the flash do something special, like identifying itself, executing erase-commands, protecting or un-protecting sectors, you will write some special word to its "command" address: Subsequently the flash will no longer output the stored user-data on reads to its address, but rather whatever the chosen command defines.

For example to identify the flash according to the CFI specificytion, you write the data-value 0x55h to the flash-address 0x98[2], then you will no longer read out user-data, but information about the flash-chip, the manufacturer, timing, ...

To see how that works, you can have a look at the code in u-boot, a pretty common bootloader for arm-, m68k- or mips(?) devices[3], e.g. write_buff() in line #1313, flash_Erase() in #1049. The feature for "write protecting" pages in the 28F128 is called locking/unlocking the data-sheet. "Protection" in the datasheet refers to a different mechanism.

Also the 28F128 _does_ _indeed_ have a hardware write-protect pin (called #WP), and this might be connected to a jumper, or to a GPIO pin as a added layer of protection. But I haven't seen that being implemented "in the wild", at least in embededd devices.

So the only thing a application needs to flash your BIOS is typically a mapping of the processors address/data-bus to the flash-chip, and access to these addresses, either directly from a driver running in 1:1 mapped kernel address-space or mmap()-ed to user-memory. That's how the typical butt-ugly flash-program running directly under Windows7 does it.

(and yes, I know, some devices nowadays employ a mask-programmed mini-loader that loads the 2nd-stage bootloader e.g. from a serial memory, or a mmc/sdcard, as parallel flash such as the 28F128 is a little outdated already)

[1] http://media.digikey.com/pdf/Data%20Sheets/Intel%20PDFs/28F1...

[2] http://wayback.archive.org/web/20090306191719/http://www.jed...

[3] http://git.denx.de/?p=u-boot.git;a=blob;f=drivers/mtd/cfi_fl...


My point is that to secure the BIOS you must latch this WP bit after the "press whatever to enter setup" message is gone and you must not accept SWAWARD as wildcard password.

If you fail at these, your system is insecure even in presence of BIOS signing.

If you implement these properly, your system is secure even without BIOS signing.

Ergo, BIOS signing is pointless as a security measure and author's whining about this leak putting users at risk is unjustified.


Well, BIOS flash tools would work in this case by flashing the new BIOS on reboot using a feature of the existing BIOS, which is when the BIOS signature would be validated.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: