[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Libreboot] Zero-day vulnerability - system management mode arbitrar
From: |
Duncan Guthrie |
Subject: |
Re: [Libreboot] Zero-day vulnerability - system management mode arbitrary code execution |
Date: |
Wed, 06 Jul 2016 01:34:10 +0100 |
User-agent: |
K-9 Mail for Android |
Hi all,
All right, reading the article, it seems one of the given exploits can disable
SPI flash write-protection mechanisms. This might mean that we can install
Libreboot/Coreboot without an external flash tool on systems with proprietary
BIOS.
I will read it more carefully, and test this on my Lenovo X200, which has
proprietary BIOS installed. If it doesn't work one suspects it will just refuse
access to me. If it does, this is very useful, even if the rest of the exploits
don't remove ME from recent models.
Hope this helps anyone,
D.
On 6 July 2016 00:52:11 BST, Duncan Guthrie <address@hidden> wrote:
>Hi all,
>Poking around the internet, I happened upon this page:
>https://github.com/Cr4sh/ThinkPwn
>This is an exploit for System Management Mode of Intel x86 CPUs, tested
>on a number of recent models, including Lenovo ThinkPads, and tested on
>some other models including an HP Pavilion laptop. This suggests that
>this vulnerability exists in a wide range of recent Intel hardware. The
>page links to this extensive blog post:
>http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html
>What excites me about this is that as we are running code at such a low
>level, we might in theory be able to bypass the Intel ME signature
>checking and similar "protections", and run unsigned BIOS software.
>This would be great for Libreboot.
>Can anyone else comment on this? I am quite excited at the potential of
>this, especially as it seems to be able to target many new models of
>Intel hardware, perhaps even Intel hardware produced this year, as
>Intel, as far as I know, didn't introduce any major design changes for
>a long time as they did not need to.
>Thanks,
>D.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.