By: Kronos (invalid.delete@this.invalid.com), July 24, 2004 2:04 pm
Room: Moderated Discussions
Igor () on 7/23/04 wrote:
---------------------------
>tom vier (no@thanks.net) on 7/22/04 wrote:
>---------------------------
>>if you can write protect your mobo's flash, it's not as big a deal. i wonder how
>>much ucode rom intel had to add to support the update decryption.
>
>Write-protecting flash wouldn't help much, it would only prevent you from making
>the hack permanent by flashing it into the BIOS. Anyway, you can issue an update
>at any time provided that you run it in kernel mode because WRMSR is privileged instruction.
Well, if you can load a module to update the microcode it means that the machine is already compromised (and you can bring the machine down in other funny ways). Eeprom lock ensures that you cannot crash it another time without gaining root priviledges again (modulo other bugs, of course).
---------------------------
>tom vier (no@thanks.net) on 7/22/04 wrote:
>---------------------------
>>if you can write protect your mobo's flash, it's not as big a deal. i wonder how
>>much ucode rom intel had to add to support the update decryption.
>
>Write-protecting flash wouldn't help much, it would only prevent you from making
>the hack permanent by flashing it into the BIOS. Anyway, you can issue an update
>at any time provided that you run it in kernel mode because WRMSR is privileged instruction.
Well, if you can load a module to update the microcode it means that the machine is already compromised (and you can bring the machine down in other funny ways). Eeprom lock ensures that you cannot crash it another time without gaining root priviledges again (modulo other bugs, of course).