blibbet at gmail.com
Sat Feb 22 20:13:47 UTC 2014
> This is kinda hard to say. I've heard that on x86, it is possible that
> the BIOS keeps executing code even after it started the system, so
> perhaps something like that can happen too.
UEFI remains running while the loaded OS runs. The OS (and apps) can
communicate with EFI.
EFI is a complex standalone realtime embedded event-driven OS, not just
a simplistic firmware/loader.
EFI has "Runtime Services" which can communicate with the OS (Linux,
Windows, etc.). The main one is for accessing variables (like
environment variables). Others OS vendors or OEMs or firmware vendors
can add other runtime services. For example, I believe (unconfirmed)
that Apple moved some of their OSX DRM code into an EFI runtime service.
Malware authors can write EFI runtime service drivers and -- if they can
install them on your system -- you'll have a hard time determining it is
There is a standared firmware update mechanism in EFI, so these drivers
can be easily updated. UEFI is on modern ARM32/ARM64 systems these days,
not just Intel systems. APPL uses it for iPod/etc, MSFT uses it for
The firmware software is one threat. The other threats are out-of-bounds
processors, like IPMI, AMT, etc. There're more of these kinds of chips
on Intel systems, but ARM appears to be catching up... :-(
More information about the Replicant