Looks like there was the old hidden window of okteta hex editor that I forgot to close, and for each rebuild of coreboot.rom okteta's core printed these spooky messages :P Sorry for the false alarm... (although its never wrong to be on high alert)
On Sat, Feb 10, 2018 at 10:52 PM, Mike Banon <[email protected]> wrote: > While building a coreboot now I'm getting this "kasten.core" message > (see below), it wasn't like that earlier! Tried to search through all > the coreboot sources with ' find . -type f -print0 | xargs -0 grep > "kasten" ' but no results! So thats not a new coreboot build script. > It almost looks like instantly after I complete a coreboot build, > something malicious modifies my coreboot.rom file. Haven't analyzed > the .rom yet, I wanted to submit these findings as soon as possible. > What do you think? Meanwhile I will take my system offline and remove > a hard drive from it, so that someone couldn't remotely delete this > backdoor before I find it > > CBFS payload_config > CBFS payload_revision > CBFS coreboot.rom > kasten.core: "/home/mikeb/coreboot/build/coreboot.rom" > CBFSPRINT coreboot.rom > > Name Offset Type Size Comp > cbfs master header 0x0 cbfs header 32 none > fallback/romstage 0x80 stage 320396 none > fallback/ramstage 0x4e480 stage 131631 none > config 0x6e700 raw 84 none > revision 0x6e7c0 raw 575 none > cmos_layout.bin 0x6ea40 cmos_layout 1164 none > fallback/postcar 0x6ef40 stage 13268 none > fallback/dsdt.aml 0x72380 raw 9016 none > fallback/payload 0x74700 payload 67370 none > payload_config 0x84e80 raw 1611 none > payload_revision 0x85540 raw 239 none > (empty) 0x85680 null 3581720 none > s3nv 0x3efdc0 raw 32768 none > (empty) 0x3f7e00 null 31704 none > bootblock 0x3ffa00 bootblock 928 none > > Built lenovo/g505s (LENOVO G505S) > mikeb@testing:~/coreboot$ kasten.core: > "/home/mikeb/coreboot/build/coreboot.rom" -- coreboot mailing list: [email protected] https://mail.coreboot.org/mailman/listinfo/coreboot
