|
|
|
|
|
|
by Teknoman117
3960 days ago
|
|
|
You'd be safe. First thing is that they are probably uninterested in we Linux & BSD users to begin with, but, entertaining the notion, I have a few thoughts. The two methods of how this works could be blocked. For systems without support for WPBT, where the firmware attempts to overwrite system files, one could use whole drive encryption (like LUKS) on Linux to prevent the firmware from being able to write directly onto your drive. If they are more sneaky and have this tied directly to the firmware methods for writing to disk, you can always compile the Linux kernel to not require the bios after loading the kernel. This may be the default mode of operation now, i'm not entirely certain. For the systems using WPBT, its even easier. There is no way in hell they could get a patch into the mainline or any real community kernels that would load contents of the system firmware and immediately execute them. No self respecting distribution would enable this either without the user explicitly authorizing it in the first place either. If they are super evil and actually attempt to inject code directly into the system memory, this would depend on a explicit kernel version because the in memory model & organization aren't guaranteed to be the same between kernel versions. The last thing someone wanting to take over your computer wants to do is render it unstable. It just makes what they are doing more apparent. The fact that Microsoft actually provided a way of having binaries executed without the user's permission (or ability to turn it off) is absolutely unacceptable. It's like they want to be able to run what they want on our systems... |
|
|
There's only so much you can do against evil firmware, unfortunately. Getting a coreboot/libreboot capable machine is the only real way out.