grarpamp
2017-Mar-22 23:11 UTC
Filtering Against Persistent Firmware Rootkits - BadUSB, HDDHack, UEFI
> It is virtually impossible to guard against firmware rootkits because > cpu cannot prevent the card's or device's cpu from from executing that code. > This was made known by the malware embedded in disk drives' FW, and > other peripherals' FW, such as wifi and graphics, to name a couple. > It is possible for such device FW to insert malware into, > or modify, the RAM resident OS. > Apparently making OS's executable segments "non-writeable" can be gotten > around.There are two very different write directions involved... HW -> OS / SW ... Yes, as above, you're screwed. SW -> OS -> HW ... However, as before, you can add kernel filters to further help prevent software from writing the screwed firmware to your hardware in the first place.