The described mechanism does not affect me, because Linux kernel or any distro does not take a binary from RAM and installs it into the rootfs.
I don't claim that Linux could not be made to execute arbitray code injected by the BIOS. So far I am somewhat optimistic that no HW vendor does it, it's a bit more tricky because different from Windows Linux does not offer a specified API to do such installation. With enough dedication and effort the BIOS could install programs to be run every boot also in Linux. I have no illusions that Linux prevents that (unless you use image signing, dm_verity and whatnot), I am just somewhat optimistic PC vendors don't bother to make the effort required.
How can an SMM handler be vulnerable? The biggest problem with SMM is that they run in ring -2. Nothing on the machine can see what they are doing. Well, they are using memory, if you can manipulate the memory they are using you can manipulate what the handler does, even if you cannot see it executing. But wasn't that the hole closed in 2011? https://www.theregister.co.uk/2015/08/11/memory_hole_roots_i...
This is fascinating to discuss or very worrying to use. That's why I wrote I'd prefer ARM over Intel any time. It just does not have such a horrible mess of BIOS, SMM, ME and whatnot taking control away from the programmer/machine owner.
But setting a simple Windows API like WPBT described in the article in relation to SMM is comparing apples and oranges. Linux has nothing comparable to WPBT, but of course it cannot be more trustworthy than the Intel/PC platform to begin with. For a dedicated 3 letter agency that's probably equivalent to not at all, but for the average PC vendor trying to force their idea of "user support" on you it's a sufficient hurdle, I'd hope.
> The BIOS can just install vulnerable SMM handlers and then you're screwed.
Writing SMM handlers is not an easy job. Using the API provided by Windows to make installations as described by the article is an easy job. The installed program is just plain simple user space code that can use all services of the operating system. No special skills required to make it phone home.
Are there any reports of an SMM handler able to phone home? (Honestly curious)
usr1106|6 years ago
I don't claim that Linux could not be made to execute arbitray code injected by the BIOS. So far I am somewhat optimistic that no HW vendor does it, it's a bit more tricky because different from Windows Linux does not offer a specified API to do such installation. With enough dedication and effort the BIOS could install programs to be run every boot also in Linux. I have no illusions that Linux prevents that (unless you use image signing, dm_verity and whatnot), I am just somewhat optimistic PC vendors don't bother to make the effort required.
em-bee|6 years ago
in fact weren't there mainboards with linux in the firmware already? they weren't doing nefarious things, but they could have.
usr1106|6 years ago
How can an SMM handler be vulnerable? The biggest problem with SMM is that they run in ring -2. Nothing on the machine can see what they are doing. Well, they are using memory, if you can manipulate the memory they are using you can manipulate what the handler does, even if you cannot see it executing. But wasn't that the hole closed in 2011? https://www.theregister.co.uk/2015/08/11/memory_hole_roots_i...
This is fascinating to discuss or very worrying to use. That's why I wrote I'd prefer ARM over Intel any time. It just does not have such a horrible mess of BIOS, SMM, ME and whatnot taking control away from the programmer/machine owner.
But setting a simple Windows API like WPBT described in the article in relation to SMM is comparing apples and oranges. Linux has nothing comparable to WPBT, but of course it cannot be more trustworthy than the Intel/PC platform to begin with. For a dedicated 3 letter agency that's probably equivalent to not at all, but for the average PC vendor trying to force their idea of "user support" on you it's a sufficient hurdle, I'd hope.
usr1106|6 years ago
Writing SMM handlers is not an easy job. Using the API provided by Windows to make installations as described by the article is an easy job. The installed program is just plain simple user space code that can use all services of the operating system. No special skills required to make it phone home.
Are there any reports of an SMM handler able to phone home? (Honestly curious)