If UEFI runs under the OS, that's a security issue
When the NSA is considered a potential opponent, that's an explicit security hazard. Let me explain: Suppose the NSA plants keylogger code in a commerical BIOS, and that BIOS is in your encrypted machine. Assume the code is a keylogger. It has to be running to log your keystrokes. When you boot your encrypted DM-crypt partition, the kernel loads and takes over the keyboard prior to cryptsetup calling for the passphrase. A simple keylogger aimed at the Truecrypt bootloader will no longer be running, unless more complex and more easily found changes are made to the BIOS code.
If UEFI does not hand over control but keeps running, the danger from a firmware keylogger is greatly increased, as it would continue running at all times. We know the NSA got MS to put in back doors, we know they tried and failed to get Torvald Linus to code backdoors into the Linux kernel as they would be found. We should assume commercial UEFI to be similarly compromised until proven otherwise. I don't know how hard it will be for police and the FBI to get such a backdoor turned on, it can't export data over the network by default without being caught by someone monitoring network traffic. That's why the Guardian machine used to decrypt messages from Snowden had to be bought randomly with cash and never hooked to any network-to prevent activation of any such code.
It appears that BIOS keyloggers have not been common to date, otherwise we would not have key disclosure laws in countries that are allied with the US. The existance of attempt by courts to subpeona people for encryption keys here in the US implies the failure of technical means to defeat encryption. My worry is will this continue going forward as scandals about NSA snooping cause encryption use to spread and pressure to backdoor UEFI implementations this increases. If UEFI has the kind of power Intel V-Pro does, that's really worrysome and in my book has "Coreboot Needed!" written all over it.
Originally posted by uid313
View Post
If UEFI does not hand over control but keeps running, the danger from a firmware keylogger is greatly increased, as it would continue running at all times. We know the NSA got MS to put in back doors, we know they tried and failed to get Torvald Linus to code backdoors into the Linux kernel as they would be found. We should assume commercial UEFI to be similarly compromised until proven otherwise. I don't know how hard it will be for police and the FBI to get such a backdoor turned on, it can't export data over the network by default without being caught by someone monitoring network traffic. That's why the Guardian machine used to decrypt messages from Snowden had to be bought randomly with cash and never hooked to any network-to prevent activation of any such code.
It appears that BIOS keyloggers have not been common to date, otherwise we would not have key disclosure laws in countries that are allied with the US. The existance of attempt by courts to subpeona people for encryption keys here in the US implies the failure of technical means to defeat encryption. My worry is will this continue going forward as scandals about NSA snooping cause encryption use to spread and pressure to backdoor UEFI implementations this increases. If UEFI has the kind of power Intel V-Pro does, that's really worrysome and in my book has "Coreboot Needed!" written all over it.
Comment