On 05.08.2017 21:58, Philipp Stanner wrote:
Do we have any idea what exactly they do to update the firmware internally?
Well, I don't. Though, the flash chip is usually only partially
protected (something like the upper 128KiB?). They probably only
update the unprotected part or put an UEFI capsule (or something
similar) into another part of the chip and update the protected
part from within the firmware on the next boot.
The wiki says once coreboot is flashed you can flash it internally. I
suppose this means the blockade protecting the flash can be switched of
somehow, as the vendor's have to do it to install firmware-updates.
The upper most part of the chip is protected by a Protected Range
Register (PRR). These PRRs are reset on each reboot. So the only
chance to write to the protected region is during early boot before
the firmware writes the PRR.
In case they do support updates to the protected region at all, it's
likely that the code therein writes the PRR. So it's the update mecha-
nism in the firmware that could be attacked (maybe it's just a check-
sum, who knows?). You probably can't flash a whole coreboot image this
way, but if you can make it write a modified firmware that doesn't set
the PRR (or locks it to all zero early), you'd have won.
But first things first, we'd have to find out when the PRR is written
and whether the protected region is updatable.
coreboot mailing list: firstname.lastname@example.org