This is kinda hard to say. I've heard that on x86, it is possible that the BIOS keeps executing code even after it started the system, so perhaps something like that can happen too.
UEFI remains running while the loaded OS runs. The OS (and apps) can communicate with EFI.
EFI is a complex standalone realtime embedded event-driven OS, not just a simplistic firmware/loader.
EFI has "Runtime Services" which can communicate with the OS (Linux, Windows, etc.). The main one is for accessing variables (like environment variables). Others OS vendors or OEMs or firmware vendors can add other runtime services. For example, I believe (unconfirmed) that Apple moved some of their OSX DRM code into an EFI runtime service. Malware authors can write EFI runtime service drivers and -- if they can install them on your system -- you'll have a hard time determining it is there.
There is a standared firmware update mechanism in EFI, so these drivers can be easily updated. UEFI is on modern ARM32/ARM64 systems these days, not just Intel systems. APPL uses it for iPod/etc, MSFT uses it for Surface/etc.
The firmware software is one threat. The other threats are out-of-bounds processors, like IPMI, AMT, etc. There're more of these kinds of chips on Intel systems, but ARM appears to be catching up... :-(
_______________________________________________ Replicant mailing list Replicant@lists.osuosl.org http://lists.osuosl.org/mailman/listinfo/replicant
