Getting into SMM means you can circumvent flash protection, which means you can ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mjg59 on Aug 9, 2024 \| parent \| context \| favorite \| on: Researchers discover potentially catastrophic expl... Getting into SMM means you can circumvent flash protection, which means you can rewrite the firmware to backdoor the OS on every boot without needing to leave any evidence in the filesystem, which a normal compromise of ring 0 wouldn't. I don't think most people need to worry about this, but if the claims are accurate this is a genuine circumvention of a privilege boundary.

broknbottle on Aug 12, 2024 | [–]

No need to speculate and worry about this sort of thing, PC manufacturers have been doing this for years..

https://www.techdirt.com/2015/08/13/lenovo-busted-stealthily...

https://www.dell.com/support/kbdoc/en-us/000130396/what-is-a...

https://i.dell.com/sites/content/business/solutions/brochure...

ori_b on Aug 13, 2024 | [–]

Yeah. it sounds like SMM was a mistake, and we should have a user-controlled OS at that level (or, nothing at all).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact