UEFI changing rootk...
 
Notifications
Clear all

UEFI changing rootkit

4 Posts
2 Users
0 Likes
371 Views
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

How to protect the BIOS/UEFI settings from being changed by rootkit? I am the first claiming that this is not an IT Security forum, but we in-lab want to improve protection. You may nevertheless can give us a hint. BIOS passwording does not help.

Thank you.

 
Posted : 13/08/2017 5:36 pm
(@c-r-s)
Posts: 170
Estimable Member
 

This is commonly solved through TPM attestation (not really, but sort of; see all of Joanna Rutkowska's talks and related ones).

Edit typo in Joanna's name.

 
Posted : 13/08/2017 8:22 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

C.R.S - you have a high knowledge of security aspects. Great respect & Thank you!

 
Posted : 13/08/2017 8:27 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

Pls see the CPU's features of an Intel i7-7500 processor

http//ark.intel.com/products/95451/Intel-Core-i7-7500U-Processor-4M-Cache-up-to-3_50-GHz-

Does any of the features of 'Security & Reliability' cover the protection against UEFI-changing rootkits? In short Does a CPU with higher security (e.g. vPro) help to protect (e.g. OS Guard)?

We had a machine with this CPU which was rootkit-infected while testing.

 
Posted : 13/08/2017 8:34 pm
Share: