| |||||||||||||
Ronald Minnich of LinuxBIOS on EFIRonald Minnich of LinuxBIOS on EFIPosted Feb 7, 2007 0:09 UTC (Wed) by moxfyre (subscriber, #13847)Parent article: Second batch of FOSDEM interviews Ronald Minnich's interview about LinuxBIOS is *very* interesting to me, especially his description of EFI. The way he describes it makes it sounds like effectively enables a form of Blue Pill malware for DRM purposes! From the article: Another important thing to realize about EFI is that it also contemplates enabling chipset features that will trap certain OS operations to an EFI-based control system running in System Management Mode. In other words, under EFI, there is no guarantee that the OS owns the platform. Accesses to IDE I/O addresses, or certain memory addresses, can be trapped to EFI code and potentially examined and modified or aborted. Many see this as an effort to build a "DRM BIOS". I am not sure what the real intent of this design is, but is is a real concern in secure environments (such as those found in governments, banks, and large search engine companies). A number of vendors and users have told me that they are not sure they can ship an EFI system they are willing to trust in a secure environment.What it sounds like is that EFI allows vendors to include a hypervisor that traps and redirects certain operations that might infringe on system "security" (e.g. DRM). Yikes!! That is enough to move me out of the "fan of EFI" column in a hurry...
(Log in to post comments)
Ronald Minnich of LinuxBIOS on EFI Posted Feb 7, 2007 2:54 UTC (Wed) by zlynx (subscriber, #2285) [Link] Everyone should be aware that this "problem", having the system BIOS/firmware/EFI executing unknown code, already exists. This is why the NSA has groups of people who disassemble and examine the firmware of every component of secure government PCs.
So, if vendors desired it, they could already be doing what you fear. There is nothing special about SMM+EFI that SMM+BIOS cannot already do.
Those on-board NICs? How do you know they don't already accept signed code packets from the FBI, NSA, or their Japanese, Taiwanese, Chinese equivalents and execute them in SMM? Like that Firewire unrestricted DMA hack, it'd be a great way to sneak into the system and pull the encrypt keys out of RAM.
And it isn't just the motherboard BIOS to worry about. Operating systems trust the hardware. The OS tells it to read a block and DMA to memory location X. Nothing prevents hardware from reading two blocks and writing to X and Y (except an IOMMU, perhaps). Your video card could by spying on you. It could even be writing the spy data to hard drive or the network: PCI bus mastering allows that.
Why worry about the future when you're already far too trusting.
Ronald Minnich of LinuxBIOS on EFI Posted Feb 7, 2007 5:15 UTC (Wed) by moxfyre (subscriber, #13847) [Link] Everyone should be aware that this "problem", having the system BIOS/firmware/EFI executing unknown code, already exists. This is why the NSA has groups of people who disassemble and examine the firmware of every component of secure government PCs.Does the NSA publish their evaluations of such firmware? I know that they *sometimes* publish their evaluations of various cryptography systems (though sometimes keeping them secret, presumably to take advantage of weaknesses). That would be very valuable, I'd say. I know that hardware/firmware can already do such treacherous things... many high-end laser printers secretly reveal their serial numbers and timestamps on every printed page. However, I imagine that the cost pressure and generally chaotic short time scales on which most hardware is produced means that these kind of practices aren't widespread or effective. EFI worries me because it seems to explictly ENCOURAGE and standardize this kind of treachery...
Ronald Minnich of LinuxBIOS on EFI Posted Feb 7, 2007 9:32 UTC (Wed) by eklitzke (subscriber, #36426) [Link] Does the NSA publish their evaluations of such firmware? I don't actually know for sure, but my guess is that securities issues aside, publishing such a technical evaluation would be forbidden because it could reveal the manufacturer's trade secrets. Similarly, it could be construed as an endorsement (or lack thereof). These are all things that the NSA does not want to involve itself with.
Ronald Minnich of LinuxBIOS on EFI Posted Feb 7, 2007 22:07 UTC (Wed) by lutchann (subscriber, #8872) [Link] This is why the NSA has groups of people who disassemble and examine the firmware of every component of secure government PCs. Really? Wouldn't it be easier for them to tell Dell or whoever, "We'll pay you 20x list price for your PCs if you let us compile the BIOS ourselves?" Of course, it wouldn't improve the security of the system one bit to audit the BIOS or other firmware, which is why they could care less what's in there. Military data security is all about paranoia, yes, but let's be serious here...
Ronald Minnich of LinuxBIOS on EFI Posted Feb 8, 2007 0:15 UTC (Thu) by zlynx (subscriber, #2285) [Link] You believe that the government which had cameras installed in Xerox machines shipped to the USSR trusts the firmware provided in computers built in China?
Let's be serious here...
Ronald Minnich of LinuxBIOS on EFI Posted Feb 8, 2007 1:22 UTC (Thu) by lutchann (subscriber, #8872) [Link] If the firmware warrants so much scrutiny then of course the hardware (which is even more likely to be from China) can't be trusted either. Do you think they decap and trace every chip in every computer used in a classified environment?
Ronald Minnich of LinuxBIOS on EFI Posted Feb 9, 2007 16:36 UTC (Fri) by moxfyre (subscriber, #13847) [Link] Maybe not, but they have TEMPEST to prevent unwanted electromagnetic emmissions, and classified computer networks are physically isolated from non-classified networks. So that rules out a lot of the shenanigans that could happen...
|
|||||||||||||