±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 32607
New Yesterday: 2 Visitors: 139

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

UEFI changing rootkit

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

UEFI changing rootkit

Post Posted: Sun Aug 13, 2017 11:36 am

How to protect the BIOS/UEFI settings from being changed by rootkit? I am the first claiming that this is not an IT Security forum, but we in-lab want to improve protection. You may nevertheless can give us a hint. BIOS passwording does not help.

Thank you.  

RolfGutmann
Senior Member
 
 
  

Re: UEFI changing rootkit

Post Posted: Sun Aug 13, 2017 2:22 pm

This is commonly solved through TPM attestation (not really, but sort of; see all of Joanna Rutkowska's talks and related ones).

Edit: typo in Joanna's name.  

Last edited by C.R.S. on Sun Aug 13, 2017 2:34 pm; edited 1 time in total

C.R.S.
Senior Member
 
 
  

Re: UEFI changing rootkit

Post Posted: Sun Aug 13, 2017 2:27 pm

C.R.S - you have a high knowledge of security aspects. Great respect & Thank you!  

RolfGutmann
Senior Member
 
 
  

Re: UEFI changing rootkit

Post Posted: Sun Aug 13, 2017 2:34 pm

Pls see the CPU's features of an Intel i7-7500 processor

ark.intel.com/products...-3_50-GHz-

Does any of the features of 'Security & Reliability' cover the protection against UEFI-changing rootkits? In short: Does a CPU with higher security (e.g. vPro) help to protect (e.g. OS Guard)?

We had a machine with this CPU which was rootkit-infected while testing.  

RolfGutmann
Senior Member
 
 

Reply to topicReply to topic

Share and Like this forum topic to get more replies




Page 1 of 1