Filtering Against Persistent Firmware Rootkits - BadUSB, HDDHack, UEFI

grarpamp grarpamp at
Wed Mar 22 23:12:38 UTC 2017

> It is virtually impossible to guard against firmware rootkits because
> cpu cannot prevent the card's or device's cpu from from executing that code.
> This was made known by the malware embedded in disk drives' FW, and
> other peripherals' FW, such as wifi and graphics, to name a couple.
> It is possible for such device FW to insert malware into,
> or modify, the RAM resident OS.
> Apparently making OS's executable segments "non-writeable" can be gotten
> around.

There are two very different write directions involved...
HW -> OS / SW ... Yes, as above, you're screwed.
SW -> OS -> HW ... However, as before, you can add kernel filters
to further help prevent software from writing the screwed firmware
to your hardware in the first place.

More information about the freebsd-questions mailing list