[Arm-netbook] ARM's OOB para-virtualization & FreeZone in A10?

Henrik Nordström henrik at henriknordstrom.net
Tue Jul 10 21:42:51 BST 2012


tis 2012-07-10 klockan 19:45 +0100 skrev Gordan Bobic:

> Do you have any idea how hard it is to actually modify the BIOS without 
> rendering the machine completely unbootable?

With most BIOS brands (and there really isn't very many BIOS brands)
adding custom payloads is not very complicated.

What kinds of attacks you can launch from the BIOS level is another
stoy. BIOS have very little relevance today only managing the POST and
initial system load, and in most boards there simply is not sufficient
space to fit any meaningful malware in the BIOS flash area that can have
any effect on the installed OS.

> I do not recall off the top of my head of a single instance where some
> well known, widely propagated  malware infected the machine's BIOS.

There was some in the old days.. but far more common with malware that
destroys BIOS if the flash is left in default reprogrammable state.

> Disk HPA is inaccessible from the userspace. It is inaccessible in just 
> about every way by everything, until you re-configure the disk's 
> firmware setting to expose the area.

There is some BIOS:es which supports HPA for recovery booting. Enabling
access to the HPA area is not difficult IF you have the unlock key.

> In practice it is far easier for malware to encrypt itself to hide itself

110% agreed.

> Not that this is particulary 
> effective since there has to be a part that is executable to handle the 
> decryption, and that part will be detectable. Again, not an issue or 
> worth worrying about.

There is some technologies on the market which makes reverse engineering
and inspection extremely difficult.

> Similar for the graphics cards. While you could put malware into the GPU 
> BIOS, this comes with the same difficulties as having malware in the 
> motherboard BIOS.

The only attack vector I see there is using the VGA BIOS area as storage
for the malware. The VGA BIOS is a plugin to the system BIOS.

> And even if these as-good-as-impossible difficulties were overcome 
> because some entity with near unlimited resources REALLY has it in for 
> you, they would still have to plant the malware onto your machine 
> somehow in the first place, which should be at the very least extremely 
> difficult if you have done your homework right.

Yes. Which requires already having full control over the machine and
possibly even physical access.

Regards
Henrik




More information about the arm-netbook mailing list