I understand you're being really really REALLY anal about security, but think of how ridiculous it sounds for someone to open up your laptop, solder a jumper on the board, close it without damage(modern shitty laptop designs with clips make it impossible) and then somehow make a patch for the bios.
There's nothing ridiculous about this at all. Several of the attacks described in the Snowden documents are exactly this.
Not to bloody mention there's really no standard way of flashing bioses nowadays
There really is - UEFI capsule updates provide a standardised mechanism for handing payloads off to the firmware.
Also Secure Boot has yet to be used as it was intended to be used as a security feature. Right now it's just an annoyance.
Nonsense. Several attacks against UEFI are entirely mitigated by Secure Boot. Several bootkits in the wild (including the GrayFish attack in the news today) are entirely prevented by Secure Boot.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2015-02-16 11:50 pm (UTC)There's nothing ridiculous about this at all. Several of the attacks described in the Snowden documents are exactly this.
There really is - UEFI capsule updates provide a standardised mechanism for handing payloads off to the firmware.
Nonsense. Several attacks against UEFI are entirely mitigated by Secure Boot. Several bootkits in the wild (including the GrayFish attack in the news today) are entirely prevented by Secure Boot.