[heythere22]

Am I reading this correctly: * 1st: Adjust the overprovisioning area and hope that the filesystem does not budge, * 2nd: run the malware as it is now accessible and * 3rd: change the overprovisioning again to hide the malware again?

Or is the malware executing from non-partitioned disk space?

[Arnavion]

Both. The paper isn't concerned with how the malware is executed, and malware is only one of the things it talks about storing in the OP area in the first place. The paper is just about the fact that there exist SSDs where the OP area can be made to grow and shrink dynamically through external factors, and thus can be used to store things that an unprivileged program won't find.

Basically, whether a program can read the data from the OP area directly doesn't really matter. The privilege needed for that is equal or greater than the privilege needed to resize the OP area anyway.

[feupan]

I’m not sure I follow. While resizing such area seems excessive to even be possible by the owner, I don’t see how essentially writing on unreadable sectors is a concern. This is essentially piping to /dev/null if you can’t read from it.

[Arnavion]

Growing the OP area == making previously accessible area inaccessible.

Shrinking the OP area == making previously inaccessible area accessible.