back to article Noobs can pwn world's most popular BIOSes in two minutes

Millions of flawed BIOSes can be infected using simple two-minute attacks that don't require technical skills and require only access to a PC to execute. Basic Input/Output Systems (BIOS) have been the target of much hacking research in recent years since low-level p0wnage can grant attackers the highest privileges, …

  1. Number6

    OS Warning

    This is where someone with the necessary skills could do well with Linux - a nice little program to run that checks the BIOS version, compares with some friendly on-line database and reports back if you need an upgrade. Or does dmidecode already provide the information that just needs a parsing script and the friendly website?

    1. Charles 9

      Re: OS Warning

      A BIOS is basically a Ring -1. It can intercept any verification and return good results.

      1. Number6

        Re: OS Warning

        A BIOS is basically a Ring -1. It can intercept any verification and return good results.

        I wasn't thinking of situations where it's already hacked, because such a BIOS can report good results by any means, even on the boot-up screens. It was more an informational thing for people to be aware that there is a BIOS update available, in the same way they get informed of other updates. I bet most people aren't even aware they can upgrade the BIOS anyway - how many of them ever go through the BIOS settings? (OK, I suspect a higher proportion of Linux users are probably aware.)

        Once your BIOS is hacked, it can probably simulate being upgraded too, so you're into some sort of JTAG reprogramming to be sure.

    2. Anonymous Coward
      Anonymous Coward

      @Number6 - Re: OS Warning

      Unfortunately Linux people have to fight with BIOS manufacturers who can't be arsed to follow the very specs they've developed.

  2. Herby

    Maybe the operating system shouldn't use the BIOS.

    Then the running operating system wouldn't have vulnerabilities. The BIOS could be sent out to pasture and basically ignored.

    Oh, wait, there is already an operating system that does much of this.

    The other alternative is a BIOS that the OS vendor controls.

    1. Anonymous Coward
      Anonymous Coward

      Re: Maybe the operating system shouldn't use the BIOS.

      They have to if they want to support ACPI low power states. The OS has to have full knowledge of the hardware to avoid that - i.e. this is an option for Apple alone.

      Even ignoring that, if the OS didn't use the BIOS at all if the OS can be made to alter the BIOS then it is game over next time you boot.

      1. joeldillon

        Re: Maybe the operating system shouldn't use the BIOS.

        A reminder that Coreboot is a thing, for some machines. That's the only way to be sure.

        1. Anonymous Coward
          Anonymous Coward

          Re: Maybe the operating system shouldn't use the BIOS.

          > A reminder that Coreboot is a thing, for some machines. That's the only way to be sure.

          Sure of what? Still shoves blobs of binary "video driver" and microcode and so on into the system... better, perhaps... if better is even a thing in this context... but are you sure you're sure?

          ...and that's before you start heading down recursive compiler trust rabbit holes and the like...

          ...and then there's the hardware itself of course... Intel openly admits it'll secretly bake whatever secret instructions it's secretly given into its consumer chips as long as it's adequately profitable... ...other designers?... ...and fabs?...

          Who do you trust? Of what are you "sure"?

          1. Primus Secundus Tertius

            Re: Maybe the operating system shouldn't use the BIOS.

            @AC

            Or even "Whom do you trust?".

            1. David Haworth 1

              Re: Maybe the operating system shouldn't use the BIOS.

              @ Primus Secundus Tertius

              I trust neither of them.

      2. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: Maybe the operating system shouldn't use the BIOS.

      Without a BIOS of some sort, operating systems would need drivers to provide the missing API layer to the countless variants of motherboard hardware out there.

    3. Lusty

      Re: Maybe the operating system shouldn't use the BIOS.

      "Then the running operating system wouldn't have vulnerabilities."

      It would still be vulnerable because there would still usually be a moron sitting in front of it. Anyone remember sheep.exe? Why don't virus writers use that kind of thing to spread these days, I'd probably still run it and I should know better :)

  3. Anonymous Coward
    Anonymous Coward

    Didn't PCs used to require switching a jumper to flash the BIOS?

    Whatever happened to that? Too user unfriendly? Maybe we need to go back to those days, it isn't like a new BIOS comes out the second Tuesday of every month.

    1. John Tserkezis

      Re: Didn't PCs used to require switching a jumper to flash the BIOS?

      "Whatever happened to that? Too user unfriendly?"

      I remember when we had to remove the EPROM chip, erase it, program it with the new BIOS, and re-insert.

      Ah, for the good 'ole days, way back in the era when seeing "your PC is now stoned" was funny.

      1. DropBear

        Re: Didn't PCs used to require switching a jumper to flash the BIOS?

        Indeed. Nothing was quite as hilarious as seeing a slightly panicking mate at the uni go into full panic mode when the antivirus he launched because letters were falling on his DOS screen started to display messages with falling letters as well. And that was long before the Matrix! Oh, and no worries - the virus we installed that did that to him was a special, neutered version - it did not infect and disappeared on reboot...

    2. ScottME

      Re: Didn't PCs used to require switching a jumper to flash the BIOS?

      Yes but... as I understand it, physical access to the machine is needed in order to install the hacked BIOS - so a simple hardware switch isn't going to help a lot.

      1. Anonymous Coward
        Anonymous Coward

        Re: Didn't PCs used to require switching a jumper to flash the BIOS?

        Why would physical access be required to flash the BIOS? Any PC that supports flashing the BIOS with a Windows app (i.e., probably all of them made for the last decade at least) can be flashed with malware that can be made to run on that PC. That malware can be delivered via an email from China, no physical access required.

    3. Daggerchild Silver badge
      Childcatcher

      Re: Didn't PCs used to require switching a jumper to flash the BIOS?

      For similar 'wait, didn't this use to have security?' things, try looking for a USB stick with a readonly switch. Now check again whether its a hardware protection or just a bypassable software flag.

      Suddenly a floppy/CD for a secure boot medium looks almost sane.

      1. Anonymous Coward
        Thumb Up

        Re: Didn't PCs used to require switching a jumper to flash the BIOS?

        Yar, I had one of those. An Amiga 1000 (#2038 of the first run). Just bright enough at boot to ask for it's Kickstart "ROM" contents via a floppy disk. It was actually quite handy as I was able to verify which versions of AmigaDOS each file uploaded to the Amiga forums on CompuServe worked with what.

  4. Christian Berger

    This wouldn't be (much of) a problem...

    ...except that UEFI implementations commonly have a network stack. Some even stay running in service mode and listen on your network card. So it's not unlikely that at least some security holes are exposed over the network.

    The problem with UEFI is that it is _far_ to complex for the problem it needs to solve. So we can expect loads of security critical problems in there as well as completely new attack surfaces.

    1. Anonymous Coward
      Facepalm

      Re: This wouldn't be (much of) a problem...

      Yes, but all of them will by cryptographically signed...won't that be exciting.

      1. Neil Barnes Silver badge

        Re: This wouldn't be (much of) a problem...

        As you say, UEFI in particular is *way* too complex for what it needs to do - basically, provide a way of loading and running the first sector of the disc (ooh, look, two options to lie to the user already!) and a list of peripherals and their states. Making the bios also responsible for approving the operating system image is not really helpful (and of course, a pain if you want to run something other than what came in the box).

        There's an awful lot to be said for a little switch on the motherboard to make the bios chip writeable. It shouldn't be possible to rewrite the bios from userland at all.

        (Apropos of which - what's the situation if you've turned the UEFI off for a standard bios boot? Is it a standard bios, or is it UEFI pretending?)

    2. Paul Crawford Silver badge

      Re: This wouldn't be (much of) a problem...

      Its not just the UEFI stuff that is stupidly complex, its all of the pointless "eye candy" that MB makers seem to think you want/need. Really, the only folk who should ever be fiddling with BIOS/UEFI settings are the sort who really know what they are doing, and they are quite capable of using text-mode operations.

      Its high time that we started pressing for MB makers to fully and openly support coreboot, at least then you have a chance of getting the source code inspected and maybe bugs fixed. Might even save them money in the long term for support and development.

      And yes, I would like to see the return of a physical switch to allow BIOS writing, that would put a stop to most of these issues (aside from pre-installed malware, obviously).

      1. DragonLord

        Re: This wouldn't be (much of) a problem...

        How would that work for tablets, phones, and other sealed hardware where you still want to be able to update the bios occasionally?

        1. Anonymous Coward
          Anonymous Coward

          Re: This wouldn't be (much of) a problem...

          >How would that work for tablets, phones, and other sealed hardware where you still want to be able to update the bios occasionally?

          A "locked/unlocked" dip switch beside the sim socket doesn't seem unreasonable to me. Unlike the de facto "locking" and "rooting" pantomime.

          If these things weren't designed by/for intelligence agencies there'd be dip switches for "radio" and "mic" there too which actually (physically... verifiably!) disabled those circuits.

          The truly sealed disposable crap would have to offer the switches along an edge or under covers of course, for the owner's convenience until the battery fails and it's dispatched off to landfill.

          1. joeW

            Re: This wouldn't be (much of) a problem...

            And how would a mobo jumper or 'A "locked/unlocked" dip switch beside the sim socket' help, when the threat discussed in the article is one that requires physical access to the machine in question?

            1. This post has been deleted by its author

              1. Cryo

                Re: This wouldn't be (much of) a problem...

                While I agree that a write-protect jumper or switch could help prevent remote attackers from updating a BIOS, it doesn't sound like it would help much at all in the scenario described in the article. A jumper is definitely something a maid or border official could handle within a minute or so. While the article describes it as being performed by someone "unskilled", this might not be an actual maid, but someone posing as one, who's had some practice performing this task. They'll know exactly where the jumper is for the target device, and how to get to it in an efficient manner. Even if they were a "complete noob", whoever put them up to it would have surely shown them how to do it. I doubt many maids will be randomly compromising BIOSes on their own.

                And of course, the manufacturer isn't going to hide the jumper in some inaccessible location if they intend for people to actually apply patches. On a laptop or mobile device, it might be accessible from the battery compartment, or some other relatively convenient location.

                Also, there should be no need to boot the device to verify that it worked. If there's only a few minutes available, it can simply be assumed that the patch worked. Otherwise, they can try again the next time an opportunity presents itself. If they happened to brick the device, its owner will probably just assume it broke in transit.

                As for soldering in a new chip, that would obviously greatly increase the necessary time and skill requirements, as well as the failure rate. There's a pretty big difference between moving a jumper and soldering dozens of tiny pins in close proximity to one another. Again, the whole point of this is that it's something that can be done by someone with little training in a very short amount of time. And sure, there are many other ways a system could be compromised by someone with direct access, but not so many that would allow such relatively undetectable low-level hardware access.

                1. Christian Berger

                  Re: This wouldn't be (much of) a problem...

                  " A jumper is definitely something a maid or border official could handle within a minute or so. "

                  Yes, but seriously protecting against physical attackers is another problem all together. You cannot protect your computer from physical attackers easily. The whole "secure boot" crowd claims that they can, but in reality they only make the problem worse by keeping you from installing a simpler BIOS.

                  Keep in mind that physical access to a laptop can also mean that the attacker buys the same model you have, then installs a password prompt looking exactly like yours, and then swapping it with yours at a conference. While you enter your password into the fake password prompt, the attacker mirrors the harddisk. And when you notice the mistake he comes back with your laptop, apologizing for the mistake.

        2. Paul Crawford Silver badge

          Re: This wouldn't be (much of) a problem...

          "tablets, phones, and other sealed hardware "

          The sort with various power & volume buttons on the side that could be held down in some odd manner to enable it passers?

    3. Anonymous Coward
      Anonymous Coward

      Re: This wouldn't be (much of) a problem...

      " Some even stay running in service mode and listen on your network card."

      Unless its running on a server IMM then how exactly does it "stay running" if the OS doesn't call it periodically? Its not a hypervisor, its just code sitting in a ROM, not magic.

      1. Anonymous Coward
        Anonymous Coward

        Re: This wouldn't be (much of) a problem...

        "Its not a hypervisor"

        How exactly does one determine that?

        1. Anonymous Coward
          Anonymous Coward

          Re: This wouldn't be (much of) a problem...

          "How exactly does one determine that?"

          The OS checks the ring level its running at against the type of CPU. If its not at or can't switch to the most priviledged level for that CPU then it can assume a hypervisor is sitting between it and the hardware.

          1. Anonymous Coward
            Anonymous Coward

            Re: This wouldn't be (much of) a problem...

            >The OS checks the ring level its running at against the type of CPU. If its not at or can't switch to the most priviledged level for that CPU then it can assume a hypervisor is sitting between it and the hardware.

            Nowhere near that simple. Sadly. Bluepill etc?

            ...and that was back in the halcyon times before "the industry" contrived and installed into our machines: SEPARATE bespoke processors CONSTANTLY running their own bespoke proprietary OSs and bespoke proprietary network stacks in their own dedicated RAM and permanently hooked in to our networks and CPUs with omnipotent omniscient control of the machine. All separate from and with greater privilege than "the most priviledged level for that CPU". Those bespoke proprietary OSs etc, of course, residing on the "BIOS" flash chip and constituting part of a modern "BIOS" payload.

            http://invisiblethingslab.com/resources/bh09usa/Ring%20-3%20Rootkits.pdf

      2. joeldillon

        Re: This wouldn't be (much of) a problem...

        http://en.wikipedia.org/wiki/System_Management_Mode

        Note that the motherboard can enter it via an interrupt entirely behind the operating system's back.

    4. Frumious Bandersnatch

      Re: This wouldn't be (much of) a problem...

      The problem with UEFI is that it is _far_ to complex for the problem it needs to solve

      Don't worry. We'll all be running systemd on top of it. That'll help manage the complexity.

      Right?

  5. G2
    Mushroom

    manufacturers are to blame 100%

    this ball is in squarely in the manufacturer's court. Almost every device i have encountered so far comes with a disclaimer that you, as user, are shit out of luck if you try to upgrade it's bios/firmware and it's no longer working after that and that the warranty will be voided by ANY changes that you make to the original as-shipped bios. ("any" meaning including trying to upgrade it with a bios downloaded from the manufacturer's site).

    Until the manufactures provide full support for bios/firmware upgrading and drop the associated warranty-nuking legalese from the warranty terms, the users won't even consider patching them.

    1. TheProf
      Mushroom

      Re: manufacturers are to blame 100%

      I've just looked at the ASUS website and they seem to encourage people to update the BIOS to wit the 8 series m/b has a BUTTON to initiate the update.

      Flashing the bios ------->

    2. Anonymous Coward
      Anonymous Coward

      Re: manufacturers are to blame 100%

      EXACTLY what I was thinking...

      > "Because almost no one patches their BIOSes, almost every BIOS in the wild is affected by at least one vulnerability, and can be infected," Kopvah says.

      > "The point is less about how vendors don't fix the problems, and more how the vendors' fixes are going un-applied by users, corporations, and governments."

      Bollocks! Absolute bollocks. The problem is the vendors and the BIOS cartel. 100% vendors and the BIOS cartel.

      BIOS and its (astonishingly) even more clusterfuck successor, the name of which I dare not invoke, is an unbelievably opaque morass of unnecessary antiquated obsolete demented crap. It's difficult to imagine that even a very well funded government TLA could contrive a better abomination with which to disseminate little "accidents" if it had been tasked with pwning the whole world's computers. A BIOS is an ancient, barely maintained, bug-ridden clusterfuck when the vendors buy it in. Obsolete before the the hardware even ships, the only "updates" the vendors seem to dare touch are trivial compatibility additions like adding IDs for new CPUs or pissing about with the UI. Blaming the end-user for this is psychotic.

      > The need for better BIOS security is "starting to sink in" with top vendors Lenovo, Dell and HP moving to squash flaws in their gear. ASUS Kopvah says a good example of those which had not patched or acknowledged BIOS flaws.

      > Some BIOS are woefully insecure. The pair found Giagbyte's BIOS had borked access controls that did nothing to prevent attacks.

      See. Told you so! I wonder what, EXACTLY, is supposed to be the point of my flashing on "some woefully insecure BIOS." I'll also happily wager a fiver that even "top vendors Lenovo, Dell and HP" BIOSes are NOT free of "0-days" either.

      > "The point is less about how vendors don't fix the problems, and more how the vendors' fixes are going un-applied by users, corporations, and governments."

      Really? REALLY?

      Bollocks.

      Sincerely,

      Incandescent with Indignation, Chipping Sodbury.

      PS. +1 to the jumper/dip revival movement, +1 to coreboot. Shirely it's time to put an end to this shit-by-design shit. Sometimes it almost seems like some great unseen power actually wants to keep computing insecure and is scuttling about spewing demented overcomplexity and turbidity to that end. http://www.theregister.co.uk/2015/03/18/is_the_dns_security_protocol_a_waste_of_everyones_time_and_money/

      PPS. Thank god these opaque, archaic, over complex, "woefully insecure" clusterfuck blobs are now cryptographically signed by the NSA's Redmond division. Taking away my jumper switch and handing control of my computer to the trusted (by reciprocal definition - as I seem to have been told rather a lot lately) US government certainly makes me feel all safe and fuzzy. They're cryptographically secure clusterfuck blobs now FFS! Awesome!

      /indignant ranting

      1. phuzz Silver badge
        Facepalm

        Re: manufacturers are to blame 100%

        There's an interesting insight from someone who actually programs UEFI's here, from a thread on When you have thousands and thousands of different devices, all of which are expected to 'just work', while also providing new features coming from multiple different manufacturers with no governing body, is it any wonder that it's turned into a complete fustercluck?

    3. Steve Crook

      Re: manufacturers are to blame 100%

      It's not just the computer. It's the TV, printer, that streaming box you purchased a couple of years ago and a bunch of other network connected kit that appears to be running Android or BusyBox.

      The manufacturers customise the software, do a couple of updates during the first 18 months to fix the most shocking bugs and, perhaps, introduce a few new features. Then that's it. Support is finished and the world rolls on.

      I'm not sure what the answer is, I did wonder if manufacturers should be forced to open source their code/build environment for each device as it gets to the end of its support life...

  6. amanfromMars 1 Silver badge

    Sublime Words Command and Control Surreal Worlds and Virtual Realities/Prime & Sub-Prime Existences

    Good steganography beats all bad, which be lesser than quite perfectly secure, cryptography. And all quite perfectly secure cryptography too, for there is always a way into systems and attendant services. They are, after all is said and done, imagined and run by easily corrupted and perverted humans/beings/entities, which in many cases be fronting as departments and businesses.

    1. Anonymous Coward
      Anonymous Coward

      @Manfrommars

      Ah, the Manfrommars isnt dead after all although his post seem strangely coherent, replicant or braindump?

  7. This post has been deleted by its author

    1. Anonymous Coward
      Anonymous Coward

      You severly understimate the amount of x86 servers out there... and the more your server is "outsourced" somewhere else, the more someone outside your control can physically access it...

      And most servers can now even upgrade the BIOS remotely from their management interfaces, for example Dell iDRAC can do it (and several other firmware also, given even PSUs have firmware today)

      1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      <blockquote>2. As described in the article, the attack requires physical access to the machine...</blockquote>

      As described in the article

      Intel® AMT/vPro™ enabled anywhere?

    3. Paul Crawford Silver badge

      "2. As described in the article, the attack requires physical access to the machine. Frankly, if somebody has this, it's always going to be game over."

      Indeed, but p0wning the BIOS has the big advantage of getting the SMI and boot stages so it becomes possible to have an infection that is totally transparent to any booted OS, and can't even be seen when booting a rescue CD sort of tool. And if you can automate that to slip in USB, boot and press F11, 30 seconds later job done and power off, that is pretty tidy.

  8. Mage Silver badge
    Pirate

    require only access to a PC

    If you have physical access, then no security will save the owner / user.

    1. Michael Wojcik Silver badge

      Re: require only access to a PC

      If you have physical access, then no security will save the owner / user.

      Oh, this canard again.

      Physical access is not God Mode.

      There's a vast difference between physical access to, say, an unlocked smartphone on the one hand, and a headless server rack with the components tightly bolted down (and perhaps locked) on the other.

      Physical access plus unlimited resources (particularly time, tools, and knowledge) is pretty sweeping, but even then doesn't guarantee an attacker full access. For example, if the system in question uses drive encryption with the key supplied by an external source, and currently doesn't have the key (eg because the system is powered down), then the attacker can retrieve the drives and still face breaking the encryption. Or modify the system and leave it in place in hope of collecting the key later - but that requires the modifications not be detected.

      Pro tip: Any security slogan that fits on a bumper sticker is sophomoric and should be discarded. Security is always complicated. It can (and must be) reduced to a simpler form for any given application - that's the whole point of threat models - but outside that specific context generalizations about the potential success of a given attack mode are useless.

      1. Pascal Monett Silver badge

        Re: Physical access is not God Mode

        Sorry, but it pretty much is.

        With physical access I can take out the hard disk, put it on an external USB reader and have my way with anything that is not encrypted. And anything that is I can copy and do what I want with later while the user finds his disk back in his PC and is none the wiser.

      2. Adam 1

        Re: require only access to a PC

        Let's play through that encrypted drive scenario and assume the server has no cold storage of the encryption key (a surprisingly hard problem). That means on boot that someone or something must provide the said key at startup, or the key must be derivable from data held locally. The problem with the latter is pretty self explanatory; if the server can calculate that, so can anyone with access to that data. If the former, and that server must request from another (presumably uncompromised) - did we just solve or move the problem? Next, the credentials for that other server must be available to the cold one. If on the other hand, someone has to physically type something at the console, then it is trivial to add a hardware key logger and capture it when it is typed.

        There are things you can do to minimise risk, but armed guards at data centres are not just to prevent people flogging kit.

  9. Anonymous Coward
    Anonymous Coward

    "require only access to a PC to execute."

    Can anyone spot the teensy flaw in this l337 way for hackers to take over the worlds computers?

    If you have physical access to a machine you can do pretty much whatever you like. This is a non story.

    1. Anonymous Coward
      Anonymous Coward

      Re: "require only access to a PC to execute."

      Physical access for now but some wizzo will find a way of cobbling together an exploit package and it's nightmare scenario number one, airborne Ebola

  10. Jack 23

    This update may brick your motherboard

    There's one good reason why users don't update *and* why vendors don't advertise their updates:

    "WARNING! There is a small chance this update may render your motherboard unusable."

    I've had boot problems when updating a BIOS that have only been resolved after flashing it again and again over several days with no obvious reason why the problems arose or why they suddenly stopped arising. There are few components whose failure can spoil my day so much. Therefore, I typically only update my BIOS when I'm doing a processor upgrade and need a newer BIOS version to handle it.

    Where's the motivation to update if you might be faced with buying new hardware? What is a small chance? One in 1,000? One in a million?

    1. Tom 13

      Re: This update may brick your motherboard

      Yep, back in the day when I was actually doing screwdriver work on pc internals I did get into the habit of updating the BIOS whenever I touched a PC. Right up until I'd lost the 3rd motherboard using the vendor's foolproof upgrade utility that went out on the internet and retrieved the current version for the motherboards.

      1. This post has been deleted by its author

      2. John Brown (no body) Silver badge
        Thumb Up

        Re: This update may brick your motherboard

        "Right up until I'd lost the 3rd motherboard using the vendor's foolproof upgrade utility that went out on the internet and retrieved the current version for the motherboards."

        I've probably flashed 1000's of motherboard BIOSs over the years. But we use the latest approved one that also puts our company logo in the boot screen. We also announce new BIOS updates to our customers which come with the same warning mentioned above not to update unless one or more of the listed "fixes" are something they need to deal with. I've never had a failed updated or bricked a board which, to be honest, surprises me :-)

        On the other hand, I have never seen a BIOS "fix list" mention anything AT ALL about security fixes.

  11. Anonymous Coward
    Anonymous Coward

    Cut to the chase

    Security starts with chip fabrication and involves every bit of code in every little peripheral microcontroller. So maybe when "silicon printing" becomes as accessible as 3D printing is today, security will start to become practical... for 1970s-PC-level hardware barely capable of encrypted text messaging. One would need to learn enough about circuits and VLSI to verify that the schematic matches the mask matches the finished product under a microscope. Think that's too hard? You haven't done web-dev lately...

    The endgame, decades from now, is 100% open hardware *and* software that's simple enough to give end users real control. If anybody ever cares about that...

    1. Primus Secundus Tertius
      Trollface

      Re: Cut to the chase

      There many be many layers of "open software that's simple enough". That's where the complexity will be.

    2. Cryo

      Re: Cut to the chase

      I kind of doubt printing your own microchips would really improve security. How do you verify that the microchip-printing machine wasn't compromised? Thoroughly examining each chip with a microscope? Good luck with trying to analyze the security of nanometer-scale circuits. Maybe for the most basic, pocket-calculator type chips it could work, but it will be next to impossible for any advanced chips as they continue to become more compact and complex.

  12. Anonymous Coward
    Anonymous Coward

    Did I misread it or...

    WTF happened to a write protect jumper on the board that ties the /WE or WE line so it cannot be written to?

    (Yes, I realise most BIOS are now in some sort of serial flash but even so... )

  13. Conundrum1885

    Yup

    Most of these can't be write protected at all because the settings storage area is part of the Flash.

    Some very recent chips have a "secure area" but these are normally >128Mbit.

  14. Grikath
    Facepalm

    non-issue...

    ".....and require only access to a PC to execute."

    With a level of security breach having the culprit touching the actual box, I think you have a different kind of problem, having very little to do with a BIOS.

    Especially in the consumer arena, you tend to have no PC ( and peripherals, and several others this-and-thats...) if Unfriendlies get that close.

    In a business environment? Really..

  15. Henry Wertz 1 Gold badge

    "Why would physical access be required to flash the BIOS? Any PC that supports flashing the BIOS with a Windows app (i.e., probably all of them made for the last decade at least) can be flashed with malware that can be made to run on that PC. That malware can be delivered via an email from China, no physical access required."

    This is true, I wouldn't think physical access would be required. But therein lies the solution.

    I did have have one or two socket 7-era boards (one with a K5 and later one with a K6) where the motherboard had a BIOS write protect jumper. This was shipped to disable writes, so to update you were supposed to enable writes, boot up, do your update, then shut it down and turn it back to disabled (although I would guess some people just left it enabled.) Flash updateable BIOSes were pretty recent then, I think they may have been concerned about accidental corruption more than maliciousness, but it works just as well for that.

  16. Henry Wertz 1 Gold badge

    "The endgame, decades from now, is 100% open hardware *and* software that's simple enough to give end users real control. If anybody ever cares about that..."

    There are VLSI designs online for open hardware components like VGA controller, ethernet, USB, flash controllers, IDE, SATA, etc. I think some wifi bluetooth etc.,stuff and some CPU designs. When I looked into it a while ago, it appeared these components usually use a standard on-chip bus, and some commercial ARM etc. designs were also compatible with this. Apparently there were enough suitable components to boot up to an X desktop (I think the open VGA core may have just been a framebuffer with no acceleration though. One unconventional accel solution is to put a general DMA core on there and have it do the framebuffer bitblts as well as wherever else it's useful to copy chunks of memory around.)

    I'm not sure if it's particularly active or not.

  17. Conundrum1885

    I hear

    That some TVs actually support reflashing over the (rarely used) VGA port.

    Certainly some monitors have this feature and a lot of Sky boxen can be updated this way using undocumented pins on the SCART port if the firmware goes Tango Uniform.

    Another often used method is to put the unit into a special flash mode using a keyed remote, sending out a sequence that is never normally seen.

    Typically typing a keycode followed by the model number will do the trick and enable the hidden menu containing things like timing adjust and backlight individual brightness adjustments for LCD and convergence for CRT based units.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like