"The hashing and comparison is not done in real-time, but rather after the machine finishes booting, the Endpoint Suite will send it to Dell. "
The obvious exploit would be for any BIOS malware (or any other malware) to swap out a 'good' hash for whatever real hash the Endpoint Suite would be about to upload.
If it'd work would depend on where the hashing is done. Some enterprise management tools run on processors other than the CPU the OS uses; if that's the case here malware in the OS or BIOS wouldn't be able to get at it due to hardware isolation. OTOH I've only seen this type of software mentioned in terms of servers not client computers. Other than PCB space being extremely tight, there's no reason Dell couldn't've crammed it into their laptop though.
I've seen this mistake in a lot of tech writing, and I'd really like it to stop. UEFI Secure Boot has next to nothing to do with a TPM. The related TPM-based technology would be some form of a measured boot, where you collect measurements of firmware in the TPM registers so you can (later) report on what executed. Windows boxes have support for measured boot, too, but that's completely separate from UEFI Secure Boot.
Sorry I meant Measured Boot, not Secure Boot. I was referring to the Windows mechanism and not the BIOS one. I've fixed up the text. Thanks for the feedback!
It's when I read posts like this one, a long time after the release of Snowden documents like this one (https://www.eff.org/document/20131230-appelbaum-ns... that I realize how far behind the US government the industry is. There are weak links in a system like Dell's, but at least someone's trying.
I've had many desktop PCs whose motherboard has a jumper to disable bios flash updates. Why not just use this? On a laptop, put a switch in the battery compartment. Or under a flap.
Seriously, do you really need to update your bios or firmware more than once a year? Or once *ever* if you buy a newly released product which was released a bit early.
We’ve updated our terms. By continuing to use the site and/or by logging into your account, you agree to the Site’s updated Terms of Use and Privacy Policy.
Facebook
Twitter
RSS
8 Comments
Back to Article
edzieba - Thursday, February 4, 2016 - link
"The hashing and comparison is not done in real-time, but rather after the machine finishes booting, the Endpoint Suite will send it to Dell. "The obvious exploit would be for any BIOS malware (or any other malware) to swap out a 'good' hash for whatever real hash the Endpoint Suite would be about to upload.
DanNeely - Thursday, February 4, 2016 - link
If it'd work would depend on where the hashing is done. Some enterprise management tools run on processors other than the CPU the OS uses; if that's the case here malware in the OS or BIOS wouldn't be able to get at it due to hardware isolation. OTOH I've only seen this type of software mentioned in terms of servers not client computers. Other than PCB space being extremely tight, there's no reason Dell couldn't've crammed it into their laptop though.letsief - Thursday, February 4, 2016 - link
I've seen this mistake in a lot of tech writing, and I'd really like it to stop. UEFI Secure Boot has next to nothing to do with a TPM. The related TPM-based technology would be some form of a measured boot, where you collect measurements of firmware in the TPM registers so you can (later) report on what executed. Windows boxes have support for measured boot, too, but that's completely separate from UEFI Secure Boot.Brett Howse - Thursday, February 4, 2016 - link
Sorry I meant Measured Boot, not Secure Boot. I was referring to the Windows mechanism and not the BIOS one. I've fixed up the text. Thanks for the feedback!onlynowyoufixit - Friday, February 5, 2016 - link
It's when I read posts like this one, a long time after the release of Snowden documents like this one (https://www.eff.org/document/20131230-appelbaum-ns... that I realize how far behind the US government the industry is. There are weak links in a system like Dell's, but at least someone's trying.onlynowyoufixit - Friday, February 5, 2016 - link
Heh, OK, first time posting a link in the comments here. Again. https://www.eff.org/document/20131230-appelbaum-ns...speculatrix - Thursday, February 18, 2016 - link
I've had many desktop PCs whose motherboard has a jumper to disable bios flash updates.Why not just use this?
On a laptop, put a switch in the battery compartment. Or under a flap.
Seriously, do you really need to update your bios or firmware more than once a year? Or once *ever* if you buy a newly released product which was released a bit early.
XmppTextingBloodsport - Saturday, March 19, 2016 - link
Bend over and accept a return to the Client Server model.