On Fri, 12 Feb 1999, Kragen Sitaker wrote: > Firmware that is flashable without requiring inconvenient physical > access really scares me. Let me open another can of worms of this kind and quote from FAQ on one well-known PC motherboard maker's web: <quote type=spammy> 2.10 I flashed the BIOS without changing the jumper! How? The only situation where a jumper change is necessary is when you are using an Intel flash BIOS chip and are flashing everything including the boot block. In this case, the boot block protect jumper needs to be changed to "unprotect" in order for the flash to be successful. Here's more information about this issue: For a PNP system, the ESCD will be updated at runtime. Because of this, the Flash ROM has to remain writable at all times during runtime. In order to protect the Flash ROM from being damaged accidentally, Intel introduced the concept of the "boot block". Intel allowed the boot block to be hardware protected by disabling a jumper. If this jumper is disabled, the boot block is absolutely safe. This allows the user to boot from a floppy and reflash the main BIOS. That means users can always recover from damage in any case. The boot block is a patent of Intel's. Nobody else has this feature. The boot block feature is a good feature, but it does not necessarily make it the only choice. Without using the boot block feature, SST and some other vendors have carefully designed the programming sequences of each sector in the BIOS. These sectors are totally independent. During sector programming, if the power fails, it will not affect other sectors. This means that the boot sectors are protected from being damaged. The only possible exception to this is if someone specifically tries to destroy the boot sectors on purpose. In order to do this, that person or virus must know how to program SST's (or other vendor's) Flash ROM and how to enable the read/write shadow function of the core chipset (the BIOS is write-protected by the chipset as well). Even if this person knows how to do all of this, he/she can only destroy the boot content of the BIOS, which would make your system unbootable. The virus cannot infect the main BIOS unless it knows every bit of the BIOS code, which is different between vendors, models, and even revisions. In this case, it is no longer a boot block issue because the virus can change the main BIOS anyway. In the real world, we have not found any program or virus that can do this. </quote> ("Flashing Instructions" for their new motherboards do not mention anything about jumpers or BIOS settings.) I leave it up to the reader to ponder the consequences... --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "NSA GCHQ KGB CIA nuclear conspiration war weapon spy agent... Hi Echelon!"
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:04 PDT