Slashdot Mirror
AMI Firmware Source Code, Private Key Leaked
Trailrunner7 writes "Source code and a private signing key for firmware manufactured by a popular PC hardware maker American Megatrends Inc. (AMI) have been found on an open FTP server hosted in Taiwan. Researcher Brandan Wilson found the company's data hosted on an unnamed vendor's FTP server. Among the vendor's internal emails, system images, high-resolution PCB images and private Excel spreadsheets was the source code for different versions of AMI firmware, code that was current as of February 2012, along with the private signing key for the Ivy Bridge firmware architecture. AMI builds the AMIBIOS BIOS firmware based on the UEFI specification for PC and server motherboards built by AMI and other manufacturers. The company started out as a motherboard maker, and also built storage controllers and remote management cards found in many Dell and HP computers. 'The worst case is the creation of a persistent, Trojanized update that would allow remote access to the system at the lowest possible level,' researcher Adam Caudill said. 'Another possibility would be the creation of an update that would render the system unbootable, requiring replacement of the mainboard.'"
I could care less about the security implications. Where's the link to the full key and source code?
Samsung took back my unlocked bootloader because Google wants me to rent movies. They're both evil.
...it's not even funny.
Bad? Part of the UEFI barrier for other OS's has just been Open Sourced.
And there was much rejoicing.
We should learn what we need to know about issues, before we decide what we need to feel about them.
Assuming for a moment that the validity of this key is confirmed independently then any further question about the technical feasibility of using this to sub/pervert a Secure Boot arrangement is moot when you consider the deeper and more practical implication which is that you can't trust a major motherboard vendor to keep a signing key properly secured. Secure Boot is dead, long live security.
Regards, Phil
It will allow those with secure boot, that is on and has no user visible way of shutting it off. Because every extra option in a uefi/bios costs system builders like dell and hp money. a way of disableing it by flashing a bios,uefi image with that option or it permanently set to off.
Did you write my stereo instructions in the 1980s?
The road to tyranny has always been paved with claims of necessity.
How can you trust what you can never see, or even know is there?
Thesis: Security requires trust.
You are not trusted to know these secrets, therefore you are not secured through their application.
The whole UEFI boondoggle is false security. Worse, this proves that it is vulnerability risk, sold under masquerade, as security.
"Flyin' in just a sweet place,
Never been known to fail..."
It might do even better than that! You might be about to create a custom bios image; with the secure boot check deliberately broked to not actually check the boot loader is signed but still return attest that it was.
This could allow you to compromise the DRM all the way up the chain.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Would it be possible that more ambitious/less sinister programmers and/or modders could create a highly customized firmware or BIOS that allowed for more options? I guess I see a positive outcome to any leaked source code rather than the negative weaponry most people imagine.
Libera te ex Inferis!