[Secure-testing-team] how to handle SMM attacks?
Michael S Gilbert
michael.s.gilbert at gmail.com
Mon Aug 10 05:38:20 UTC 2009
On Mon, Aug 10, 2009 at 1:25 AM, Florian Weimer wrote:
> * Michael S. Gilbert:
>
>> any thoughts on how to address SMM (System Management Mode) attacks?
>> this code resides in the vulnerable motherboard's bioses, and hence
>> outside of the os.
>
> It's really not much different than flashable components of any other
> kind (NIC or disk firmware). The aproach may be new, but the dangers
> aren't.
right, but debian now has almost all free software firmwares for those
devices, and hence those threats are mostly nullified, right?
i think one of the key problems is that SMM updates can be initiated
by the remote attacker without authentication; in fact this is
intentional to be able to track stolen laptops. the solution proposed
to the vendor is in fact an authentication mechanism, but asus hasn't
responded, which is very very disappointing, but tends to be the case
in the hardware industry, so isn't unexpected.
mike
More information about the Secure-testing-team
mailing list