Filtering Against Persistent Firmware Rootkits - BadUSB, HDDHack, UEFI
grarpamp at gmail.com
Wed Mar 22 23:12:38 UTC 2017
> It is virtually impossible to guard against firmware rootkits because
> cpu cannot prevent the card's or device's cpu from from executing that code.
> This was made known by the malware embedded in disk drives' FW, and
> other peripherals' FW, such as wifi and graphics, to name a couple.
> It is possible for such device FW to insert malware into,
> or modify, the RAM resident OS.
> Apparently making OS's executable segments "non-writeable" can be gotten
There are two very different write directions involved...
HW -> OS / SW ... Yes, as above, you're screwed.
SW -> OS -> HW ... However, as before, you can add kernel filters
to further help prevent software from writing the screwed firmware
to your hardware in the first place.
More information about the freebsd-questions