Modifying BIOS settings from within an operating system

Question about which tools to use, bugs, the best way to implement a function, etc should go here. Don't forget to see if your question is answered in the wiki first! When in doubt post here.
User avatar
bzt
Member
Member
Posts: 1584
Joined: Thu Oct 13, 2016 4:55 pm
Contact:

Re: Modifying BIOS settings from within an operating system

Post by bzt »

Your latest post is a clear sign that you're not here to do civilized discussions, you're just hopefully trying to provoke. Don't even bother, won't work on me. This is my last post to you.
You have already been warned by a moderator, so please behave. If you can't answer politely in a civilized manner, then please don't answer.

And just for the records, I've already answered that question to you, citing multiple CVE tickets all with working PoCs. So as you can see, unlike you, I did answer your question, despite what you say.

Have a nice day,
bzt
Ethin
Member
Member
Posts: 625
Joined: Sun Jun 23, 2019 5:36 pm
Location: North Dakota, United States

Re: Modifying BIOS settings from within an operating system

Post by Ethin »

bzt wrote:Your latest post is a clear sign that you're not here to do civilized discussions, you're just hopefully trying to provoke. Don't even bother, won't work on me. This is my last post to you.
You have already been warned by a moderator, so please behave. If you can't answer politely in a civilized manner, then please don't answer.
You have been warned too, good sir. I have not committed any rule violations in this thread. I have maintained civility throughout this entire discussion. The only reason I was warned was because you reported me -- or someone did. If I've committed a rule violation, I'd like proof, because I don't see how calling someone a conspiracy theorist is violating civil discourse.
bzt wrote:And just for the records, I've already answered that question to you, citing multiple CVE tickets all with working PoCs. So as you can see, unlike you, I did answer your question, despite what you say.

Have a nice day,
bzt
For the records, those PoCs you provided did not, in fact, answer my question at all. You continue to sidestep the problem. I have asked you, innumerable times, to provide me a PoC that bypasses secure boot and tricks UEFI firmware into loading an image even if its signature is not within the list of KeKs or its signature is explicitly within the DBX database. You have not provided me a single shred of evidence to prove that is possible; all you have provided me is proof that it is possible to hijack firmware subroutines *after* an application has been verified, loaded and executed, which does not prove that secure boot is vulnerable. As I have said previously, try again. Unless, of course, you can't find any and can't come up with any PoCs on your own. And if you can't, you might as well indicate so.
User avatar
iansjack
Member
Member
Posts: 4703
Joined: Sat Mar 31, 2012 3:07 am
Location: Chichester, UK

SHUT UP!!!

Post by iansjack »

Get a room, you two. You're both going on my ignore (foes) list.
User avatar
bzt
Member
Member
Posts: 1584
Joined: Thu Oct 13, 2016 4:55 pm
Contact:

Re: SHUT UP!!!

Post by bzt »

iansjack wrote:Get a room, you two. You're both going on my ignore (foes) list.
Do you honestly believe that this post of yours is adequate, civilized and free of attempted personal insults?

Cheers,
bzt
nullplan
Member
Member
Posts: 1790
Joined: Wed Aug 30, 2017 8:24 am

Re: SHUT UP!!!

Post by nullplan »

bzt wrote:Do you honestly believe that this post of yours is adequate, civilized and free of attempted personal insults?
I believe this "debate" was already past that point, before iansjack threw his hat in the ring.

Getting back to the topic, while it is possible that a firmware implementation would use System Management mode or Intel Management Engine (or whatever the AMD equivalent of that thing is called) to lock away BIOS settings such that the OS cannot change them, TianoCore does not do that, and many old-school BIOS implementations did not do that, either. In fact, parts of the CMOS RAM were standardized in the Intel MP specification, because they were needed before Startup IPIs were a thing to make a starting CPU jump to a given address. And I have seen listings of what several bytes of the CMOS RAM mean on the internet. But obviously nothing important was ever standardized.
Carpe diem!
Ethin
Member
Member
Posts: 625
Joined: Sun Jun 23, 2019 5:36 pm
Location: North Dakota, United States

Re: Modifying BIOS settings from within an operating system

Post by Ethin »

bzt has made his way onto my foes list. I'm tired of his useless vendetta against things he deliberately chooses not to understand.
@nullplan: Definitely true. But I think this topic answered that question a long time ago.
User avatar
bzt
Member
Member
Posts: 1584
Joined: Thu Oct 13, 2016 4:55 pm
Contact:

Re: SHUT UP!!!

Post by bzt »

nullplan wrote:I believe this "debate" was already past that point, before iansjack threw his hat in the ring.
I agree. This is @ethin's fault, started with this post and @ethin totally lost it in his very next post here, however this does not make okay for @iansjack to try to make things worse. This just lowers @iansjack to @ethin's level, which is sad thing to see.
nullplan wrote:TianoCore does not do that
Watch out, @ethin freaked out after I said exactly that, now you'll be the next target.
Otherwise yes, this is the truth. With the modification, you could go one step further, you could use EFI_VARIABLE_WRITE_ARCH_PROTOCOL directly (same that SetVariable uses at the end of the day), circumventing the "protection" implemented in SetVariable. I'm pretty sure there's no "who-is-the-caller" check in that protocol's implementation if such a check even possible with the UEFI ABI.

Cheers,
bzt
kzinti
Member
Member
Posts: 898
Joined: Mon Feb 02, 2015 7:11 pm

Re: Modifying BIOS settings from within an operating system

Post by kzinti »

On my foe list as well. I had enough of his immaturity, as demonstrated over and over in this thread and others.
User avatar
thepowersgang
Member
Member
Posts: 734
Joined: Tue Dec 25, 2007 6:03 am
Libera.chat IRC: thePowersGang
Location: Perth, Western Australia
Contact:

Re: Modifying BIOS settings from within an operating system

Post by thepowersgang »

I've locked this thread as it has degenerated into off-topic bickering.

I believe the OP's question has been answered (... well, a full gamut of answers have been provided) so hopefully this locking isn't preventing their question being addressed.

A reminder to ALL forum members: Please try to keep conversations civil, I (and the rest of the mods) don't want to have to be banning anyone but spambots.
Kernel Development, It's the brain surgery of programming.
Acess2 OS (c) | Tifflin OS (rust) | mrustc - Rust compiler
Currently Working on: mrustc
Locked