> > Many boards do infact have a jumper on the board, which removes the
> > ability to flash the BIOS without having physical access to reset
Boards like the L440GX+ can always be written, regardless of the "BIOS
Write" jumper, if you know the code (I think we do). But then again, even
if you snip the WE# line on the flash parts, we aren't safe because of the
PCI Extension BIOS regions on individual peripherals! A typical BIOS
scans the PCI cards for said extension BIOS, then blindly jumps wherever
the BIOS tells it to jump. We discussed a scenario where an Outlook Virus
hitched onto the video BIOS of some standard (Nvidia or ATI) card.
Nothing would find it, and reinstalling or even replacing most parts
wouldn't help. SCSI, Ethernet, IDE, and many other PCI devices have flash
parts... LinuxBIOS lacks the PCI Extension BIOS "feature".
I would call this attack an example of why not to implement Software in
Hardware (cousin to the problem of implementing Hardware in Software).
I'm going to try to find a PCI card with a DIP socket to develop LinuxBIOS
without flashing the BIOS (for an Intel ISP1100 board); the plan will be
to let the bios scan this region and jump -- it will never regain control.
- James
