|
|
|
|
|
|
by usr1106
2473 days ago
|
|
|
The described mechanism does not affect me, because Linux kernel or any distro does not take a binary from RAM and installs it into the rootfs. I don't claim that Linux could not be made to execute arbitray code injected by the BIOS. So far I am somewhat optimistic that no HW vendor does it, it's a bit more tricky because different from Windows Linux does not offer a specified API to do such installation. With enough dedication and effort the BIOS could install programs to be run every boot also in Linux. I have no illusions that Linux prevents that (unless you use image signing, dm_verity and whatnot), I am just somewhat optimistic PC vendors don't bother to make the effort required. |
|
|
in fact weren't there mainboards with linux in the firmware already? they weren't doing nefarious things, but they could have.