On 02/01/2016 08:59 PM, Clarke Sideroad wrote:
> On 02/01/2016 06:12 PM, Wim wrote:
>> Hi all,
>>
>> It seems you can delete EFI vars if you're not careful. Someone found
>> that executing "rm -rf --no-preserve-root /" also deleted EFI vars,
>> turning his MSI Notebook into a brick.
>>
>> It also seems mounting these is hardcoded into systemd:
>>
>> https://bbs.archlinux.org/viewtopic.php?id=207549
>>
>> efibootmgr needs to write to EFI vars, it seems. Here's Poettering's answer:
>>
>> https://github.com/systemd/systemd/issues/2402
>>
>> Well, you've probably guessed the answer - Won't fix.
>>
>
> The guy is unbelievable, but as you point out predictable.
> There is a big difference between hosing a operating system install and
> bricking a piece of hardware.
>
> Lots of hardware has bugs that need a work around and stuff like ROMs
> that should only be RW if required. Ignoring it, not even stating a
> logical position and closing the topic just shows the quality of the man
> and his products.
>
> Looking around he seems to have a lot of apologist on his side that
> really don't have a grasp of the situation.
>
> One wonders if it is confined only to the one piece of hardware or if
> there are others that may share the code, looks like a potential exploit
> to me.
>
> Some of you can just be glad that there is no room on most embedded
> systems for the systemd shenanigans. (-;
>
>

I just received this link in an email:
http://blog.virustotal.com/2016/01/putting-spotlight-on-firmware-malware_27.html

As usual I may be over reacting, but it may add a bit of perspective to
the problem of leaving the backdoor open with read write permissions.

Clarke