Binary blobs

A binary blob is a piece of firmware, usually distributed by a manufacturer, that runs on a machine that does not have source code available. As it isn't distributed with code, it's impossible to determine if it contains security vulnerabilities, backdoors, or other issues that would compromise a Security model. The most common sources of binary blobs are:

Bios

The Bios is a basic set of software that is normally responsible for setting up the hardware for the operating system and starting the boot process. It is generally closed source, and it is a common target for rootkits (especially in UEFI mode). CoreBoot contains an open source bios implementation.

SMM

System management mode(SMM) is code that runs on the main CPU that cannot be removed or modified by the operating system. It's generally closed source and a common target for rootkits. CoreBoot contains an open source SMM implementation.

ME/PSP

The Intel Management Engine (and the AMD equivalent the AMD Platform Security processor ) are essentially operating systems that "manage" the main operating system. They have full access to the operating system and all hardware, and cannot be read or modified by the main operating system. They have had security vulnerabilities in the past, and are closed source. They also cannot be fully disabled, as the hardware will cease to operate. An ME cleaner exists that will remove as much of the ME as possible whilst still allowing the system to boot.

Hardware firmware

Things like hard drive firmware, network card firmware, graphics card firmware, etc. These can be mitigated in various ways: Pcie devices can be mitigated via the IOMMU. Usb devices can be managed as long as the root usb controller they are attached to is attached to Sys USB. This does not protect against things like a compromised keyboard firmware acting as a keylogger, however.

See also

https://www.malwaretech.com/2015/04/hard-disk-firmware-hacking-part-1.html

Security/BinaryBlobs (last edited 2018-11-21 07:29:09 by admin)