Flashing unsigned BIOS #2

Closed
haarp opened this Issue Jul 5, 2016 · 4 comments

Comments

Projects
None yet
4 participants

haarp commented Jul 5, 2016

Hey,

nice find!

Running of arbitrary System Management Mode code allows attacker to disable flash write protection

Could this be used to flash unsigned (i.e. modded) BIOS versions? This has been a major challenge in newer Thinkpads (**30+ Generation). Being able to flash without a hardware programmer could be an actual valid use case of this vulnerability!

c0d3z3r0 commented Jul 6, 2016

Even if it was possible to write an unsigned UEFI/BIOS it won't boot since Intel BootGuard prevents it

haarp commented Jul 6, 2016 edited

BootGuard is not present/activated on all Thinkpad hardware. At least the **30 generation will boot unsigned firmware if it is flashed externally.

trilader commented Jul 6, 2016

That also applies to (at least some of) the *20 Thinkpads. Source: I have an x220 running Coreboot.

Owner

Cr4sh commented Jul 11, 2016 edited

Project issues is not a proper place for such discussions

Cr4sh closed this Jul 11, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment