[coreboot] dealing with a malicious OS
Peter Stuge
peter at stuge.se
Mon Apr 21 23:23:45 CEST 2008
On Fri, Apr 18, 2008 at 12:07:00PM -0400, Jonathan M. McCune wrote:
> What happens if the BIOS doesn't relinquish control of the EHCI?
A well-behaved OS will wait.
An ill-behaved OS will try to exploit.
> Does hardware somehow prevent the OS from accessing the USB
> controller?
Hardware can never know which software (firmware or OS) is accessing
the controller.
> What happens if the OS tries to use the USB controller without
> using these semaphores at all? It seems to me that the OS can at
> least cause a Denial-of-Service by sending commands to the USB
> controller, but I suspect it can also eavesdrop on keyboard events.
> Can anybody confirm or deny this attack?
A malicious OS could poll the controller frequently in order to
eavesdrop on firmware<->hw communication, but the eavesdropping is a
race condition, since firmware and OS probably will not execute in
parallell.
A malicious OS could certainly feed constant junk to a controller in
order to disrupt any firmware use.
The semaphore is only a convenience primitive for use by cooperating
firmware and OS.
> If this is outside the scope of coreboot, I'm sorry for bothering
> the list.
Mh, well maybe just a little. :)
//Peter
More information about the coreboot
mailing list