Doh!
This is why boot ROMs should be tiny and actually ROM, not flash.
Boot up... "Would you like to continue booting from hard-disk, USB, serial, or network?"
Researchers Trammel Hudson and Xeno Kovah have built a self-replicating Apple firmware malware that can infect peripherals to spread to new computers. The ThunderStrike 2 malware is the second iteration of the attack forged earlier this year and liberates the requirement for attackers to have physical access to machines. …
I'd be pretty happy with a simple switch that forcibly de-asserts the write enable line or whatever. Presumably there are even more clever ways to go about it, but firmware is written to so rarely that making the user take some action is not unreasonable. It could even be one of those tiny ones you operate with a paperclip. Probably there are more complications to it than I am imagining.
"Probably there are more complications to it than I am imagining."
If there are, it's the fault of the software designer designing that "BIOS". A "BIOS" should be simple enough you should virtually never experience any software bugs, and therefore never have any need to update your firmware.
Unfortunately UEFI is just a huge mess, providing the same use as OpenFirmware with _way_ more code.
"If there are, it's the fault of the software designer designing that "BIOS""
I think you mispleled "the fault of the project manager, ruled by marketing, defining the specification that the poor kids attempting to write code need to follow".
Remember, kiddies: This is all in the name of "ease of use". Marketing has spoken.
<quote>Presumably there are even more clever ways to go about it, but firmware is written to so rarely that making the user take some action is not unreasonable.</quote>
Simple, just insert in the write enable line a single DIP jumper plug that must be in place to enable writes to the flash chip.
<sarcasm> (Wait, that can't be done as profit margins are too small.) </sarcasm>
I bet some of the yoof are wondering to themselves: "What the fuck is he talking about???"
>And what happens when an actual ROM has an exploit in it? Good luck trying to fix it...
That's why you keep it small and using well-tested tech with very limited functionality. (You could put it on a SD card in a slot which can't be written to by the general OS.)
If you need to update things, you write the software to an external device, move a slider switch (or hold a pin in a "reset" hole) to "config mode" and reboot. The rom then looks at the external device loads all local device drivers and updates the flash (now enabled by the slider switch).
It wouldn't be fool-proof, but it would prevent firmware malware from being downloaded an installed on the sly.
"It wouldn't be fool-proof, but it would prevent firmware malware from being downloaded an installed on the sly."
But then you get caught between a rock and a hard place. If the firmware can't be rewritten, odds are an undetectable bug (that require perhaps a rare but distinct liminality condition) will come along that gets exploited. And if it CAN be updated, odds are social engineering and a famous Douglas Adams quote will undermine any safeguards you try to put on it.