[sillysaurus2]

This is probably one of the most important problems of our generation to solve (as hackers, not philanthropists) and it's sort of amazing that it's hardly known, let alone discussed. I've brought it up before and it seems like everyone's reaction is that it's not worth worrying about. But there are adversaries besides the NSA, such as malware. And since userspace programs can upgrade your BIOS, then therefore it's possible to write a viruses to infect your BIOS exactly as described here. If the BIOS security model is even slightly broken, then malware will find a way into it, and security is hard to do perfectly. Why are we trusting proprietary motherboard manufacturers not to have backdoors in their closed-source systems? The answer is probably because we have little choice in the matter. Thus we're giving up a basic right: for us to have faith in our security practices. If, say, Colin Percival's careful security habits can simply be circumvented by his motherboard, then none of us are safe.

We need an open source motherboard for people who care about protecting themselves from this kind of thing. Or at least an open source BIOS. But it's an insidious problem, because once a BIOS is infected, it controls everything that may ever replace the BIOS. Therefore it's almost impossible to detect if your BIOS has been "man in the middle'd," and hence even an open source BIOS may not be enough.

I don't have a good solution, but this is a terribly important problem to solve.

[userbinator]

> Or at least an open source BIOS.

http://www.coreboot.org/

I remember when most motherboards would have a physical BIOS write-protect switch, which would've prevented all software from modifying it. These days it's been eliminated from most if not all, for reasons of cost and "but it'll require the user to open the case to upgrade the BIOS!" -- and apparently, the automatic updating software for some laptops will update the BIOS in the background without warning, which is even more disturbing to me...

[sillysaurus2]

Unfortunately an open source BIOS isn't sufficient unless it's coupled with an external BIOS chip reader that can dump a motherboard's ROM and verify its checksum matches the expected checksum of a Coreboot BIOS.

I did a more extensive writeup here, and I'd love to get anyone's thoughts on it: https://news.ycombinator.com/item?id=6983405

[harshreality]

Can the bios chips/eeproms be replaced on a running computer?

Can you remove the bios chip, put it in a different (running) computer, use flashrom to read it, put it back, use flashrom to read it again, and compare the two?

Either the virus doesn't hide itself (on calls to read from the bios nvram), and it will be visible on comparison with a pristine (if you have one) copy of the same bios, or it does hide itself and it will be visible on comparison to itself once put in a running machine that didn't boot from the contaminated code, right?

[userbinator]

Yes, this used to be how you flashed a BIOS for a bricked motherboard, when BIOS chips used to be socketed: boot the good board, pull the BIOS chip (while it's running), put the bad/blank one in the socket, and flash, then power everything off again and put the good one back.

[sillysaurus2]

I'm so glad someone is thinking about the problem of "how do we know our hardware hasn't been subverted?" It's hard, and there are many facets.

As far as I can tell, what's needed is: (a) an open source BIOS, (b) coupled with some physical BIOS chip reader. And the chip reader needs to be cheap enough for us to assemble ourselves; we can't really trust some company to make it for us, because the company could be coerced into subverting it or it could be subverted in transit after we order it. So it seems like we need an open source blueprint of a BIOS chip reader that's cheap and easy enough for anyone to make themselves. (A tall order, to be sure.)

(a) is a requirement because if the BIOS is closed source, then there's no way to know whether it's backdoored. (b) is a requirement because if it's impossible for an external device to obtain a memory dump of the ROM, then we won't be able to verify that the open source BIOS hasn't been subverted. And it has to be a memory dump obtained by an external device; we certainly can't trust a BIOS to verify its own integrity. Hence a separate, physical device is going to be a necessary and standard security requirement for the first time in the history of the open source community's security practices.[1]

So when we build a new computer, the first step is to order the parts. (Note: the parts may be subverted by an adversary in transit.)

Then we'd either (1) order the parts for the open source BIOS verifier device, or (2) order the fully assembled BIOS verifier from some trusted company. As I said before, (2) is a dangerous idea because an adversary can simply intercept your packages in transit and subvert the verifier. So this whole process is unfortunately going to be so much of a pain in the ass that few people are going to want to do it. But a painful option is better than no option.

Now, the packages for your new computer arrive, along with the components for the BIOS verifier. You assemble the computer and the verifier. Then you boot from a bootdisc which is designed to replace your motherboard's BIOS with the open source one.

At this point -- and this is the part I'm unclear about -- the verifier somehow needs to be able to obtain a dump of the motherboard's ROM containing the BIOS. Then the verifier calculates the checksum of the dump, and you can finally verify that the checksum matches the expected one (the expected checksum would be published on the open source BIOS's website alongside each of its download links).

If all of these steps are followed, then we are safe. Otherwise no one can be sure they're safe, not even Colin. (I'm hoping if I mention often enough that Colin's security practices can be defeated by this, then people will realize the magnitude of the danger facing us.)

I'm sad because there's almost no way to turn this idea into a company. All companies (especially US companies) are constantly coerced or subverted by governments. So it's unlikely that the steps I've outlined will ever be widely adopted. But without these steps, there's no way to trust any of our security measures. This BIOS malware technique must have been one of the NSA's most lucrative and powerful, because nobody has yet even bothered to care about verifying BIOS integrity at the hardware level.

[1] - It's interesting to consider the question: Have even our most paranoid and trusted figureheads like Stallman ever verified the integrity of their computer's BIOS? Or did they simply trust that their Yeelong Lemote laptop BIOS wasn't subverted in transit after they ordered it? I'd bet the latter, because I've never heard of an external tool that can obtain a memory dump of a laptop motherboard's ROM, though I'd love to be wrong about that.

EDIT: And now this submission has been totally buried off the frontpage. So no one will even read this. Awesome. http://hnrankings.info/6983099/

[nitrogen]

In light of https://news.ycombinator.com/item?id=6980058 and https://www.usenix.org/system/files/conference/woot12/woot12..., you also need a way of verifying that your BIOS chip is a dumb EEPROM or verifying its own micro-firmware.

[userbinator]

> coupled with some physical BIOS chip reader. And the chip reader needs to be cheap enough for us to assemble ourselves; we can't really trust some company to make it for us, because the company could be coerced into subverting it or it could be subverted in transit after we order it. So it seems like we need an open source blueprint of a BIOS chip reader that's cheap and easy enough for anyone to make themselves. (A tall order, to be sure.)

BIOS chips these days are almost invariably SPI serial interface, which means it is not difficult to make a bare-minimal "manual" one with a battery, a couple of LEDs, resistors, and switches. Just key in a read command by hand, then read out each bit as you pulse the clock line. Pretty hard to subvert something as simple as that, but the problem is how long it will take, so maybe you could do this just to verify the bits that comprise a "root of trust" and not the entire BIOS image.