OSDev.org

The Place to Start for Operating System Developers
It is currently Thu Mar 28, 2024 3:15 am

All times are UTC - 6 hours




Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 24 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: Modifying BIOS settings from within an operating system
PostPosted: Mon Apr 12, 2021 3:28 pm 
Offline
Member
Member
User avatar

Joined: Thu Oct 13, 2016 4:55 pm
Posts: 1584
Your latest post is a clear sign that you're not here to do civilized discussions, you're just hopefully trying to provoke. Don't even bother, won't work on me. This is my last post to you.
You have already been warned by a moderator, so please behave. If you can't answer politely in a civilized manner, then please don't answer.

And just for the records, I've already answered that question to you, citing multiple CVE tickets all with working PoCs. So as you can see, unlike you, I did answer your question, despite what you say.

Have a nice day,
bzt


Top
 Profile  
 
 Post subject: Re: Modifying BIOS settings from within an operating system
PostPosted: Tue Apr 13, 2021 11:38 am 
Offline
Member
Member

Joined: Sun Jun 23, 2019 5:36 pm
Posts: 618
Location: North Dakota, United States
bzt wrote:
Your latest post is a clear sign that you're not here to do civilized discussions, you're just hopefully trying to provoke. Don't even bother, won't work on me. This is my last post to you.
You have already been warned by a moderator, so please behave. If you can't answer politely in a civilized manner, then please don't answer.

You have been warned too, good sir. I have not committed any rule violations in this thread. I have maintained civility throughout this entire discussion. The only reason I was warned was because you reported me -- or someone did. If I've committed a rule violation, I'd like proof, because I don't see how calling someone a conspiracy theorist is violating civil discourse.
bzt wrote:
And just for the records, I've already answered that question to you, citing multiple CVE tickets all with working PoCs. So as you can see, unlike you, I did answer your question, despite what you say.

Have a nice day,
bzt

For the records, those PoCs you provided did not, in fact, answer my question at all. You continue to sidestep the problem. I have asked you, innumerable times, to provide me a PoC that bypasses secure boot and tricks UEFI firmware into loading an image even if its signature is not within the list of KeKs or its signature is explicitly within the DBX database. You have not provided me a single shred of evidence to prove that is possible; all you have provided me is proof that it is possible to hijack firmware subroutines *after* an application has been verified, loaded and executed, which does not prove that secure boot is vulnerable. As I have said previously, try again. Unless, of course, you can't find any and can't come up with any PoCs on your own. And if you can't, you might as well indicate so.


Top
 Profile  
 
 Post subject: SHUT UP!!!
PostPosted: Tue Apr 13, 2021 11:52 am 
Offline
Member
Member
User avatar

Joined: Sat Mar 31, 2012 3:07 am
Posts: 4591
Location: Chichester, UK
Get a room, you two. You're both going on my ignore (foes) list.


Top
 Profile  
 
 Post subject: Re: SHUT UP!!!
PostPosted: Tue Apr 13, 2021 12:38 pm 
Offline
Member
Member
User avatar

Joined: Thu Oct 13, 2016 4:55 pm
Posts: 1584
iansjack wrote:
Get a room, you two. You're both going on my ignore (foes) list.
Do you honestly believe that this post of yours is adequate, civilized and free of attempted personal insults?

Cheers,
bzt


Top
 Profile  
 
 Post subject: Re: SHUT UP!!!
PostPosted: Tue Apr 13, 2021 2:42 pm 
Offline
Member
Member

Joined: Wed Aug 30, 2017 8:24 am
Posts: 1593
bzt wrote:
Do you honestly believe that this post of yours is adequate, civilized and free of attempted personal insults?

I believe this "debate" was already past that point, before iansjack threw his hat in the ring.

Getting back to the topic, while it is possible that a firmware implementation would use System Management mode or Intel Management Engine (or whatever the AMD equivalent of that thing is called) to lock away BIOS settings such that the OS cannot change them, TianoCore does not do that, and many old-school BIOS implementations did not do that, either. In fact, parts of the CMOS RAM were standardized in the Intel MP specification, because they were needed before Startup IPIs were a thing to make a starting CPU jump to a given address. And I have seen listings of what several bytes of the CMOS RAM mean on the internet. But obviously nothing important was ever standardized.

_________________
Carpe diem!


Top
 Profile  
 
 Post subject: Re: Modifying BIOS settings from within an operating system
PostPosted: Tue Apr 13, 2021 2:44 pm 
Offline
Member
Member

Joined: Sun Jun 23, 2019 5:36 pm
Posts: 618
Location: North Dakota, United States
bzt has made his way onto my foes list. I'm tired of his useless vendetta against things he deliberately chooses not to understand.
@nullplan: Definitely true. But I think this topic answered that question a long time ago.


Top
 Profile  
 
 Post subject: Re: SHUT UP!!!
PostPosted: Tue Apr 13, 2021 9:56 pm 
Offline
Member
Member
User avatar

Joined: Thu Oct 13, 2016 4:55 pm
Posts: 1584
nullplan wrote:
I believe this "debate" was already past that point, before iansjack threw his hat in the ring.
I agree. This is @ethin's fault, started with this post and @ethin totally lost it in his very next post here, however this does not make okay for @iansjack to try to make things worse. This just lowers @iansjack to @ethin's level, which is sad thing to see.

nullplan wrote:
TianoCore does not do that
Watch out, @ethin freaked out after I said exactly that, now you'll be the next target.
Otherwise yes, this is the truth. With the modification, you could go one step further, you could use EFI_VARIABLE_WRITE_ARCH_PROTOCOL directly (same that SetVariable uses at the end of the day), circumventing the "protection" implemented in SetVariable. I'm pretty sure there's no "who-is-the-caller" check in that protocol's implementation if such a check even possible with the UEFI ABI.

Cheers,
bzt


Top
 Profile  
 
 Post subject: Re: Modifying BIOS settings from within an operating system
PostPosted: Tue Apr 13, 2021 11:58 pm 
Offline
Member
Member

Joined: Mon Feb 02, 2015 7:11 pm
Posts: 898
On my foe list as well. I had enough of his immaturity, as demonstrated over and over in this thread and others.

_________________
https://github.com/kiznit/rainbow-os


Top
 Profile  
 
 Post subject: Re: Modifying BIOS settings from within an operating system
PostPosted: Wed Apr 14, 2021 12:12 am 
Offline
Member
Member
User avatar

Joined: Tue Dec 25, 2007 6:03 am
Posts: 734
Location: Perth, Western Australia
I've locked this thread as it has degenerated into off-topic bickering.

I believe the OP's question has been answered (... well, a full gamut of answers have been provided) so hopefully this locking isn't preventing their question being addressed.

A reminder to ALL forum members: Please try to keep conversations civil, I (and the rest of the mods) don't want to have to be banning anyone but spambots.

_________________
Kernel Development, It's the brain surgery of programming.
Acess2 OS (c) | Tifflin OS (rust) | mrustc - Rust compiler
Currently Working on: mrustc


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 24 posts ]  Go to page Previous  1, 2

All times are UTC - 6 hours


Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 76 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group