Lettura interessante dal punto di vista tecnico e politico. https://blogs.gnome.org/hughsie/2020/01/27/hunting-uefi-implants/ Di seguito ometto i passaggi più tecnici, per riportare le considerazioni che credo possano essere interessanti per Nexa. Ovviamente, la soluzione proposta non può funzionare. E incrementerebbe il potere delle poche aziende "affidabili" (tutte rigorosamente USA). E' dunque probabile che verrà accolta con entusiasmo dal mercato. Giacomo ____ My fellow students were a mixture of security professionals and employees from various government departments from all over the world. We talked, a lot. My personal conclusion quite simply is that we’re failing as an industry. In the pursuit to reduce S3 resume time from 2s to 0.5s we introduce issues like the S3 bootscript vulnerability. With the goal to boot as quickly as possible, we only check the bare minimum certificate chain allowing additional malicious DXEs to be added to an image. OEMs are choosing inexpensive EC hardware from sketchy vendors that are acting as root of trust and also emulating hardware designed 30 years ago, whilst sharing the system SPI chip. By trying to re-use existing power management primitives like SMM as a security boundary the leaky abstractions fail us. Each layer in the security stack is assuming that the lower below it is implemented correctly, and so all it takes is one driver with SMM or CSME access to not check a memory address in a struct correctly and everything on top (e.g. BootGuard, ALSR, SELinux, etc) is broken. Coreboot isn’t the panacea here either as to get that to run you need to turn off various protections [...] Worst still, if you allow your “assumed secure” laptop out of sight then all bets are off with security. About a quarter of people at the UEFI training had their “travel laptop” tampered with at some point – with screws missing after “customs inspections” or with tamper seals broken after leaving a laptop in a hotel room. You really don’t need to remove the screws to image a hard drive these days. But, lets back away from the state-sponsored attacker back to reality for a minute. The brutal truth is that security costs money. [...] My proposal would be as follows: - SEC1: SecureBoot, BIOS_WE, BLE, SMM_BWP, and updates on the LVFS, with no existing detectable SMM issues (like ThinkPwn for example) - SEC2: PRx set correctly, if not using BootGuard or BIOSGuard, with PCR0 attestation data - SEC3: BootGuard enabled, with the EC controller requiring signed images - SEC4: Intel BIOSGuard or HP SureStart - SEC5: Hardware attestation like Apple T2 or Google Titan [...] Perhaps we could let the consumer vote with their wallet and make the ecosystem more secure.