"so we can assume that only BIOS setup application can touch BIOS flash" Nope. I... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

mjg59 on April 5, 2013 | parent | context | favorite | on: AMI-Bios Sourcecode and UEFI Signing Key leaked?

"so we can assume that only BIOS setup application can touch BIOS flash"

Nope. Intel (at least) let you program the flash controller so it'll forbid writes from the OS but permit writes from System Management Mode. Load the firmware into RAM, hand a list of addresses to an SMM trap and wait for it to flash it. Entirely secure, as long as you're using signed images.

qb45 on April 5, 2013 [–]

How is non-SMM code prevented from doing the same stuff this SMM routine does?

mjg59 on April 5, 2013 | [–]

The flash controller knows if you're in SMM or not.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact