Slashdot Mirror
AMI Firmware Source Code, Private Key Leaked
Trailrunner7 writes "Source code and a private signing key for firmware manufactured by a popular PC hardware maker American Megatrends Inc. (AMI) have been found on an open FTP server hosted in Taiwan. Researcher Brandan Wilson found the company's data hosted on an unnamed vendor's FTP server. Among the vendor's internal emails, system images, high-resolution PCB images and private Excel spreadsheets was the source code for different versions of AMI firmware, code that was current as of February 2012, along with the private signing key for the Ivy Bridge firmware architecture. AMI builds the AMIBIOS BIOS firmware based on the UEFI specification for PC and server motherboards built by AMI and other manufacturers. The company started out as a motherboard maker, and also built storage controllers and remote management cards found in many Dell and HP computers. 'The worst case is the creation of a persistent, Trojanized update that would allow remote access to the system at the lowest possible level,' researcher Adam Caudill said. 'Another possibility would be the creation of an update that would render the system unbootable, requiring replacement of the mainboard.'"
I could care less about the security implications. Where's the link to the full key and source code?
Samsung took back my unlocked bootloader because Google wants me to rent movies. They're both evil.
No.
Besides all the gloom and doom, I can see a use case for this. someone tell coreboot.org? it would make updating your (ami)bios with embedded linux a bit simpler, eh?
And this also could be great. Like everything, 90% of firmware sucks. Unlike most other software, replacing the firmware usually isn't even close to an option, and I loathe almost every single hardware company as a result of this.
...it's not even funny.
Bad? Part of the UEFI barrier for other OS's has just been Open Sourced.
And there was much rejoicing.
We should learn what we need to know about issues, before we decide what we need to feel about them.
I runz the Linux!
I runz the Coreboot! ftfy
Spelling/grammar nazis welcome (English is not my first language and I am trying to improve my spelling/grammar)
Actually, yes it can.
"“By leaking this key and the firmware source, it is possible (and simple) for others to create malicious UEFI updates that will be validated and installed for the vendor’s products that use this Ivy Bridge firmware,” "
It will allow those with secure boot, that is on and has no user visible way of shutting it off. Because every extra option in a uefi/bios costs system builders like dell and hp money. a way of disableing it by flashing a bios,uefi image with that option or it permanently set to off.
No it hasn't. You're not going to be able to use this to bypass UEFI secure boot even on AMI hardware let alone it being applicable to hardware at large.
Care to elaborate a little?? Please?
Sometimes it's better not having signature
Why is only the worst case is mentioned? This can actually be good and help projects like coreboot support more hardware. Or maybe someone will make opensource fork of their firmware as there is a lot to improve in current uefi implementation.
As for the viruses I don’t think even with the signing key we will not see many bios viruses as it is really hard to write that actually does anything beside bricking the hardware. And on most systems it is impossible to update bios after the os is loaded.
What a waste of time.
'The worst case is the creation of a persistent, Trojanized update that would allow remote access to the system at the lowest possible level,' researcher Adam Caudill said. 'Another possibility would be the creation of an update that would render the system unbootable, requiring replacement of the mainboard.'
It's safe to assume the latter, as malware commanders don't want the computer offline or under scrutiny. Just give them another vector to attack and easier ways to cover up the bot.../p
There isn't anything useful that has been leaked.
When the copyright term is "forever minus a day", live every day like it's the last.
Unlike most other software, replacing the firmware usually isn't even close to an option If you do some research before buying a new main board its a lot closer.
Spelling/grammar nazis welcome (English is not my first language and I am trying to improve my spelling/grammar)
No, never trust upgradable bios. Put the damn chip into a socket, and do upgrades by snail-mail... The internet will never be safe. Which is a good thing, because I don't want anybody telling me what I can upload or download.
“He’s not deformed, he’s just drunk!”
If Adam Caudill won't disclose it then I will.
ftp.asus.com.tw (which is currently down)
Assuming for a moment that the validity of this key is confirmed independently then any further question about the technical feasibility of using this to sub/pervert a Secure Boot arrangement is moot when you consider the deeper and more practical implication which is that you can't trust a major motherboard vendor to keep a signing key properly secured. Secure Boot is dead, long live security.
Regards, Phil
magnet:?xt=urn:btih:bd8b50ebfc73b4f0ea53bda4f7f6a1861b1eb19c&dn=leaked%5Fbios
It will allow those with secure boot, that is on and has no user visible way of shutting it off. Because every extra option in a uefi/bios costs system builders like dell and hp money. a way of disableing it by flashing a bios,uefi image with that option or it permanently set to off.
Did you write my stereo instructions in the 1980s?
The road to tyranny has always been paved with claims of necessity.
How can you trust what you can never see, or even know is there?
Thesis: Security requires trust.
You are not trusted to know these secrets, therefore you are not secured through their application.
The whole UEFI boondoggle is false security. Worse, this proves that it is vulnerability risk, sold under masquerade, as security.
"Flyin' in just a sweet place,
Never been known to fail..."
It might do even better than that! You might be about to create a custom bios image; with the secure boot check deliberately broked to not actually check the boot loader is signed but still return attest that it was.
This could allow you to compromise the DRM all the way up the chain.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Of course, considering the selection of coreboot applicable hardware is extremely limited and mostly ancient...
XML is like violence. If it doesn't solve the problem, use more.
I'm hoping we're about two years away from a real PC motherboard initiative along the lines of Raspberry PI. Wouldn't that be nice? A motherboard that isn't infected with vulnerable OEM black boxes and proprietary BS code and OS lock-in?
Posting as AC for hopefully obvious reasons. I discovered the server while Googling for some obscure AMD datasheets and passed the information off to Mr. Wilson. Not going to provide the exact domain name of the server, but it's operated by Jetway.
In addition to this BIOS code, it contains what appear to be full design files for a few motherboards (Gerbers, schematics, test software) and a number of datasheets (with prominent CONFIDENTIAL watermarks) for chips made by Nvidia, Intel, Atheros, Realtek and others.
The basis of your whole rant was that Microsoft invented this technology, but you were wrong. I suggest that you go read up on the UEFI before you start making these sorts of proclaimations. The standard was originally developed by Intel, not Microsoft, and they contributed the initial version to the UEFI Forum (which includes reprentatives from ten other companies other than Microsoft on their board).
I have no doubt that you will consider me to be a "Microsoft stooge" for pointing this out.
Would it be possible that more ambitious/less sinister programmers and/or modders could create a highly customized firmware or BIOS that allowed for more options? I guess I see a positive outcome to any leaked source code rather than the negative weaponry most people imagine.
Libera te ex Inferis!
What some hardware does (not just motherboards) is it has a physical jumper which has to be closed in order to allow the firmware to be changed. No chance of malicious flashing of the firmware (unless someone has physical access, but then you've got bigger problems) but without having to ship firmware on chips.
What did you "tell them"? Since you didn't elaborate I fail to see what you are going for or how this is insightful.
I can only guess this is something along the lines of the people crying about "Waaaaa security through obscurity!" in which case I want to hear their solution to code signing/verification on a system that doesn't involve a secret private key. You might note that public/private key signing is how Linux distros secure and verify their application distribution services.
This has the link, but that'll do you no good at this point.
In related news, I'm more interested in buying an AMI motherboard now. Especially one with CoreBoot flashed over it.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Bad? Part of the UEFI barrier for other OS's has just been Open Sourced.
And there was much rejoicing.
Or a piece of malware will now sign itself and change the keys making it impossible to remove. It would be better totally unlocked otherwise. If the keys were in ROM where they could not be rewritten then yes there will be much rejoicing but who is to say the malware wont reimage itself in the UEFI and put another set of keys maybe randomly generated on the host?
http://saveie6.com/
Or a piece of malware will now sign itself and change the keys making it impossible to remove. It would be better totally unlocked otherwise. If the keys were in ROM where they could not be rewritten then yes there will be much rejoicing but who is to say the malware wont reimage itself in the UEFI and put another set of keys maybe randomly generated on the host?
You mean like a root kit? That's only existed for forever, and UEFI has been shown to be infeffective in the real world at stopping them. So your illusion of security was shattered. Pick up your hat and move on ... designing a more workable security scheme.
We should learn what we need to know about issues, before we decide what we need to feel about them.
Implications to secure boot are probably none, when it comes to exposing this key. However, there may be weaknesses in the AMI code that could eventually lead to circumventing secure boot. It's rather academical at this moment, but they may have made some implementation faults that will allow an attacker to falsely keep their checks happy while still modifying boot files. The key is probably only useful for signing firmware, probably only for this vendor and possibly only for this chipset, maybe even a single main board.
I was promised a flying car. Where is my flying car?
The basis of my rant is that this technology is a DRM, causes problems for all non-MS participants,
That is your unsupport assertion that this is just about DRM. The PDF that your linked to does actually say that there are benefits to secure boot, something that you have conveniently omitted (to coin your phrase).
Microsoft controls this technology (by controlling key distribution) and Microsoft has already abused its control.
And yet it is the OEMs who control the platform keys, or so says your document. There is no reason why you couldn't have an OEM that actively supported open source operating systems by including their required keys (just like they provide Linux drivers now). Or you just switch off secure boot.
Regarding UEFI itself: yes, Intel designed original version of it but it was Microsoft who forced additional requirements that made Secure Boot such a pain.
I'm not sure which requirements you were talking about here. Is it that motherboards have to implement secure boot, or that they also have to provide a method to turn it off?
So I still think that anyone supporting this broken standard either misguided or is a liar. Should I add "useful idiots" to my list of "Microsoft stooges" and "paid trolls" ?
I guess the alternative is "Microsoft-hating zealot". You know, the ones who make huge errors, and then "conveniently omit" any further discussion on those points during follow-ups. They are also the ones who know that their claims can be refuted, but try to preempt those arguements by saying:
please don't reply to me with "any OS vendor can request a key from Microsoft" or "any vendor can request hardware vendors to install its key" crapola. These are just lies spewed around by Microsoft stooges and paid trolls.
Great idea! Rather than tell us what is wrong with those claims, just call them lies instead. So how exactly are they lies? Or were you lying when you said that?
yes, on systems where you can boot anything you want anyways! HAHA
world was created 5 seconds before this post as it is.
Very nicely put!
The tyrant will always find a pretext for his tyranny - Aesop
A rootkit in a non signed way is impossible on UEFI unless you disable it by default.
However if it is signed and the AV software does not have the access to it then you are fucked. It is an OS reinstall. Worse if it uses the keys to reimage the rom then it is bricked.
http://saveie6.com/
In the best and most possible case it would allow the evil open sources projects to boot the computer without asking the permission and paying the Microsoft.
Ok. And in the real world, there is no evidence that it is possible to prevent rootkits from eventually being signed on a UEFI. Because now, they are going to be...agreed?
So that means we are right back to where we started in the first place. UEFI is useless at best, burdensome and unfair for people wanting to add/change the OS at worst.
Time to toss it.
We should learn what we need to know about issues, before we decide what we need to feel about them.