Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Linux' boot process is at its core designed around mechanisms that allow the bootloader to control binary execution: they're called the kernel command line (init=) and the initramfs. Granted, the bootloader is not the firmware, but since everyone is using GRUB these days it wouldn't be too hard for firmware to locate the right configuration pieces to overwrite. And since initramfs is by design unencrypted because you need it to decrypt the rest, it's trivial to get your evil.ko injected in there.

There's only so much you can do against evil firmware, unfortunately. Getting a coreboot/libreboot capable machine is the only real way out.



And for now, there is no report about a ThinkPad getting an unknown kernel module or any config tamper attempt from an unknown source?

The problem with coreboot/libreboot capable machine is they can't longer be shipped with Intel newer stuff. (thanks to Intel bastards).

I feel we are kind of stuck in eating proprietary and evil software until we die.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: