> It is virtually impossible to guard against firmware rootkits because > cpu cannot prevent the card's or device's cpu from from executing that code. > This was made known by the malware embedded in disk drives' FW, and > other peripherals' FW, such as wifi and graphics, to name a couple. > It is possible for such device FW to insert malware into, > or modify, the RAM resident OS. > Apparently making OS's executable segments "non-writeable" can be gotten > around.
There are two very different write directions involved... HW -> OS / SW ... Yes, as above, you're screwed. SW -> OS -> HW ... However, as before, you can add kernel filters to further help prevent software from writing the screwed firmware to your hardware in the first place. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-hardware To unsubscribe, send any mail to "[email protected]"
