Joanna Rutkowska's blog points to recent paper on a survey of the various problems and attacks presented against the x86 platform over the last 10 years. The paper does not present new exploits but does cover: the BIOS (UEFI) and booting; peripherals; the Intel Management Engine; and several other aspects of x86 insecurity. Some of the problems appear insurmountable as described.
(Score: 1, Insightful) by Anonymous Coward on Friday October 30 2015, @03:25PM
and perhaps even going from firmware to an old-school ROM
You have hit on it right there. We want field up-gradable firmware. Yet do not want to add in a jumper to make it read only.
If your utility can write to it then someone else can too.
(Score: 0) by Anonymous Coward on Friday October 30 2015, @05:02PM
And instead of solving problems like BIOS malware with a simple jumper, the industry resorts to horribly over-engineered solutions like secureboot.
(Score: 2) by NCommander on Friday October 30 2015, @05:40PM
Most EEPROM chips have a write-lock which is tripped by most firmware to prevent it from being updated. This is standard on UEFI systems where the environment can take a capsule file, and then flash it to the ROM chip without making said EEPROM writable by the operating system.
Still always moving