Without...
>any other tricks other than a suspend-resume cycle, a kernel extension, flashrom, and root access
Erm... doesn't root access mean you already own the machine anyway? Dizzy. Have to lie down. Maybe nap...
Respected Apple hacker Pedro Vilaça has uncovered a low-level zero day vulnerability in Mac computers that allows privileged users to more easily install EFI rootkits. Vilaça says the attack, first thought to be an extension of previous research rather than separate zero day, took advantage of unlocked flash protections when …
Somehow I think needing to reflash the laptop and rebuild the OS up from scratch might be a bit beyond the geniuses at the Genius Bar. I could be wrong on that though. While I'm capable of doing something like this kind of job, it wouldn't occur to me that this was even the fault!
Yeah, it's pretty epic. Surprised I haven't heard of a PC doing this but Cryptolocker variants seems to be all I see/hear lately. Definite Wow! factor here.
If you can rewrite the EFI firmware and bypass the signature check, you can install your own checks to make it nigh-impossible to remove, meaning you either go about with a pwned machine or consign it as a brick. As for checking the hardware, the thing about a low-level hack is that it's low enough to lie to the OS unless the OS itself can go straight to the metal.
Sure you can brick a Macbook, but few hackers are interested in being destructive for no reason. They want a way to make money off it, and if you already had root on the Macbook you have all the access you need to do that. Destroying it is counterproductive to that goal.
If there was a desire for such destruction you'd see hackers who p0wnd Windows machines brick them by messing up the CMOS settings or doing a bad firmware upgrade. Yeah, those would be recoverable, but not for the average PC owner who would conclude "my PC is broken, time to buy a new one". I'm sure this happens, but it is pretty rare.
The original Intel EFI standard was, but there are newer UEFI standards which are commonplace in modern computers. That said, the Apple implementation is non-standard anyway (even though OS X seems to have no problem booting in more generic UEFI firmware).
>> He says Apple should follow the lead of Google with its Chromebook and attempt to validate the integrity of underlying hardware, not just the software running on top. ®
Just as long as I don't have to crack the case in order to turn off firmware write-protect or run an OS not otherwise using an obscure bootloader, sure. Otherwise, no, please DON'T. I run Linux on a Mac Mini and Windows on a MacBook. I see already that Apple are discarding CSM support in their latest models. So if any "Protection" makes Macs less generic, then they lose much value IMO.