Protection Rings and Firmwares


#1

If we are to assume that we know exactly how many negative protection rings exist (be it -4 or -5, the bottom one) and that we were to control them all, does it mean that we should not be worrying about all the other HW components with closed source firmwares (except those who do compute, like GPUs)?

Why I’m asking the question? Because of the recent info I leaned:

  • Mostly all HW components of a computer have their own firmware, which sure is not freedom-respecting simply because it’s closed sourced.
  • Protection Rings which consist of at least 7 rings are very important, security-wise and it’s dependent on the control we have over the CPU and the chipset. The lower the ring is that we control, the more control we have on the rest of them, for example, ring -4 controls -3, -2 … 3.

Finding out these two pieces of information, made me question if we’ll need eventually to work on freeing all the firmwares, or it is enough to have complete control over the chipset and the CPU.

Thanks.


#2

If your wifi firmware is malicious, it does not matter how well you control your computer. You are compromised. If your drive firmware is malicious, this could be bad if your drive has access to sensitive data. If you only store encrypted data on your drive, malicious firmware could still destroy data or refuse to delete files you want deleted. Less of an issue than if your network hardware is compromised but take a look at those flashdrives that report larger sizes than they have. Malicious speaker firmware could attempt to communicate via ultrasound though even then it could only speak of things it knows.


#3


https://trmm.net/Heads_33c3