Since a BIOS isn’t connected to the internet, even if your BIOS is infected with a malware (say you used a usb to flash it but with files that wasn’t from the official motherboard manufacturer’s site). Is the damage limited locally to the functionality of your system? In that your data can’t really be transmitted through the internet to another party?
I know that BIOS can get virus but it’s very rare, but it seems to me it’s pretty impossible or improbable for a virus to creep into your BIOS via normal computer use. Let’s say I’m using windows 10, even if I go as far as downloading a malware on my windows 10, it would seem that the worst damage it can do it to my windows 10 itself, not the BIOS, is that accurate? (Or at least, it’s incredibly difficult). If I don’t deliberately take a usb drive, and go into BIOS to m-flash it, how can I possibly infect a BIOS? So similarly, since your network would only work in the OS level, how can anyone possibly modify your BIOS by hacking your operating system?
And in the other direction, Supposed by some means my BIOS was infected with some virus, how can anyone possibly steal information on an operating system using the BIOS when the BIOS itself cannot be connected to the internet?
It seems to me the damage a BIOS can do is very local.
I may be misunderstanding here– but are interrupts only found in BIOS and not UEFI systems?
I read guides on how to set up a TPM but none of them tells me how a TPM actually works in practice (under Linux/Ubuntu which I use).
My understanding is that a TPM can inform me whether any of the components which load before the main operating system (Bios, bootloader, firmware) have changed in any way since the TPM was activated.
But how exactly would I know whether something has actually changed? If someone (an attacker) has tampered with with the BIOS or some firmware component, will the next boot process simply not complete? If that is correct, will the system boot successfully again, if I manage to put the BIOS back into the state that is known to the TPM?
I have three SATA hard drives that I use every day. Suppose I disable the corresponding SATA ports of these hard drives through my BIOS, add another storage device to my PC, install another instance of Windows 10 and run unsafe executables on it – would my three SATA hard drives be completely isolated and safe?
As I understand it, unmounted partitions are at risk, but not partitions that I exclude by disabling the corresponding SATA ports.
Is this correct?
If a remote hacker or a malware gains full root/admin rights on a system, is there any way to access another SATA disk that has been hardware connected but disabled in BIOS ?
I am not sure if the disabled disk even has power in that case (I guess it has not) but I found the following post which raised some doubts : https://superuser.com/a/111009
OS considered : Windows or Linux
Threat Model : Physical access and BIOS reflash are out of scope as it is game over anyway in such cases.
Except this, consider full control of compromised disk system: hacker can issue any command, can modify MBR, kernel, flash the compromised disk firmware, …
I plan to create an airgapped laptop with a seperate bootloader that is on a permanently write protected SD card that i will cary on my pocket all the time.
I will also remove the wireless card on the motheboard. Only thing that makes me unsettled is the BIOS. It’s a pretty old BIOS and doesn’t even support UEFI.
I can’t be sure about it’s integrity so I thought can’t I just pour silicone to protect the BIOS chip? To prevent flashing new firmware I can just use a hard password.
when I press Ctrl+ alt + F2 terminal appears and works fine but .. while Ubuntu login screen is booting up this issue appears “iwlwifi .. :BIOS contains WGDS but no WRDS” and my Ubuntu 18.04 is not booting up in the start.
I got error /boot/grub/i386-pc/normal.mod not found after I used boot repair. Boot repair said the bios must boot from the new file it made, sda1/EFI/ubuntu/shix64.efi How do I change the boot file?
I just want TTY:s and lock screen to work. https://bugs.launchpad.net/ubuntu/+source/nvidia-graphics-drivers/+bug/958891/comments/3