Re: Boot loader uses INT 13h [WAS BIOS call fallback]

2015-12-24 Thread Raul Miller
What would a "malicious application of hypervisor" look like? How would that be different from a "malicious application of hardware"? Generally speaking, we're talking "grey boxes" here, I imagine. And, I guess, I'd expect either unwanted internet traffic or unwanted radio traffic. Detection of

Re: Boot loader uses INT 13h [WAS BIOS call fallback]

2015-12-24 Thread Dragos Ruiu
>>Returning back to the discussion where I suggested it would be nice to >>build OS kernels that would fail deliberately when virtualized to close >>off that class of malware, especially on the new Intel Skylake chips >>that have fixed so many virtualization bugs that they can (reportedly) >>run

Re: Boot loader uses INT 13h [WAS BIOS call fallback]

2015-12-24 Thread Peter Kay
On 24 December 2015 08:00:01 GMT+00:00, Dragos Ruiu wrote: >Returning back to the discussion where I suggested it would be nice to >build >OS kernels that would fail deliberately when virtualized to close off >that >class of malware, especially on the new Intel Skylake chips that

Re: Boot loader uses INT 13h [WAS BIOS call fallback]

2015-12-24 Thread Dragos Ruiu
gt; Cc: 'Read, James C' <jcr...@essex.ac.uk>; 'Theo de Raadt' <dera...@cvs.openbsd.org>; 'OpenBSD general usage list' <misc@openbsd.org>; owner-m...@openbsd.org Subject: Re: Boot loader uses INT 13h [WAS BIOS call fallback] >On 2015-12-23 10:04, Dragos Ruiu wrote: >>

Re: Boot loader uses INT 13h [WAS BIOS call fallback]

2015-12-23 Thread Tinker
On 2015-12-23 10:04, Dragos Ruiu wrote: Ok let me short circuit this meta discussion by saying that AFAIK now that the new Intel Skylake chips fixed many virtualization bugs Curious, where can I read about this, URL? and it's possible to efficiently nest VMs there might not be a way to

Re: Boot loader uses INT 13h [WAS BIOS call fallback]

2015-12-23 Thread Tinker
On 2015-12-23 18:14, Dragos Ruiu wrote: Sure you could spend the rest of your life checking all the firmware and trying to design separate specialized tools for the myriad of devices in a modern PC - and there is a lot more than your simple list, see the presentation Mickey Shkatov and Jesse

Re: Boot loader uses INT 13h [WAS BIOS call fallback]

2015-12-23 Thread Theo de Raadt
> But I get it, it's hard, so you can throw up your hands and give up by > saying that's not our problem, not an OS issue. As coders, it is very much not our problem. We just happen to run on some vendor hardware, often poorly documented and inconsistant generation to generation (even when it is

Re: Boot loader uses INT 13h [WAS BIOS call fallback]

2015-12-23 Thread Dragos Ruiu
>On 2015-12-23 10:04, Dragos Ruiu wrote: >> Ok let me short circuit this meta discussion by saying that AFAIK now >> that the new Intel Skylake chips fixed many virtualization bugs > >Curious, where can I read about this, URL? The canonical reference is still (and I looked for better summaries

Re: Boot loader uses INT 13h [WAS BIOS call fallback]

2015-12-23 Thread Raul Miller
On Wed, Dec 23, 2015 at 5:14 AM, Dragos Ruiu wrote: > If you aren't paranoid enough to worry about it, then you've already lost. What did you lose? -- Raul

Re: Boot loader uses INT 13h [WAS BIOS call fallback]

2015-12-23 Thread Dragos Ruiu
...@cvs.openbsd.org> Cc: 'OpenBSD general usage list' <misc@openbsd.org>; 'OpenBSD general usage list' <misc@openbsd.org> Subject: Re: Boot loader uses INT 13h [WAS BIOS call fallback] On 23 December 2015 02:04:01 GMT+00:00, Dragos Ruiu <d...@kyx.net> wrote: >I would be in

Re: Boot loader uses INT 13h [WAS BIOS call fallback]

2015-12-23 Thread Peter Kay
On 23 December 2015 02:04:01 GMT+00:00, Dragos Ruiu wrote: >I would be interested in any code that can knowingly break inside a VM >to >verify unvirtualized status, esp. on Skylake. Older processors can >probably >use the virtualization bugs in the hardware for this function. Who

Re: Boot loader uses INT 13h [WAS BIOS call fallback]

2015-12-22 Thread Dragos Ruiu
Sent: December 22, 2015 9:51 AM To: Theo de Raadt <dera...@cvs.openbsd.org> Cc: OpenBSD general usage list <misc@openbsd.org> Subject: Re: Boot loader uses INT 13h [WAS BIOS call fallback] >> a security consideration, as far as I can see the bootloader loads >> using I

Re: Boot loader uses INT 13h [WAS BIOS call fallback]

2015-12-22 Thread Read, James C
>> a security consideration, as far as I can see the bootloader loads using INT >> 13h calls. How can the kernel be sure it is really operating in ring 0 and not >> in some VM given that this is the case? >Hey, it looks like you are just trying to be a dick. On the assumption that you are not

Re: Boot loader uses INT 13h [WAS BIOS call fallback]

2015-12-22 Thread Theo de Raadt
> >> a security consideration, as far as I can see the bootloader loads using= > INT > >> 13h calls. How can the kernel be sure it is really operating in ring 0 a= > nd not > >> in some VM given that this is the case? > > >Hey, it looks like you are just trying to be a dick. > > On the

Re: Boot loader uses INT 13h [WAS BIOS call fallback]

2015-12-22 Thread Theo de Raadt
> a security consideration, as far as I can see the bootloader loads using INT > 13h calls. How can the kernel be sure it is really operating in ring 0 and not > in some VM given that this is the case? Hey, it looks like you are just trying to be a dick. Does your mother know?