boot loader

Blibbet blibbet at gmail.com
Sat Feb 22 20:13:47 UTC 2014


> This is kinda hard to say. I've heard that on x86, it is possible that
> the BIOS keeps executing code even after it started the system, so
> perhaps something like that can happen too.

UEFI remains running while the loaded OS runs. The OS (and apps) can 
communicate with EFI.

EFI is a complex standalone realtime embedded event-driven OS, not just 
a simplistic firmware/loader.

EFI has "Runtime Services" which can communicate with the OS (Linux, 
Windows, etc.). The main one is for accessing variables (like 
environment variables). Others OS vendors or OEMs or firmware vendors 
can add other runtime services. For example, I believe (unconfirmed) 
that Apple moved some of their OSX DRM code into an EFI runtime service. 
Malware authors can write EFI runtime service drivers and -- if they can 
install them on your system -- you'll have a hard time determining it is 
there.

There is a standared firmware update mechanism in EFI, so these drivers 
can be easily updated. UEFI is on modern ARM32/ARM64 systems these days, 
not just Intel systems. APPL uses it for iPod/etc, MSFT uses it for 
Surface/etc.

The firmware software is one threat. The other threats are out-of-bounds 
processors, like IPMI, AMT, etc. There're more of these kinds of chips 
on Intel systems, but ARM appears to be catching up... :-(




More information about the Replicant mailing list