On Sat, Aug 25, 2001 at 01:00:10AM -0700, Russell Williams wrote: > > The iBook2 is new enough, isn't it? yup. all AGP G4s have a firmware update that adds the security, currently sold models already have it. ibook2 has it, tibook has it with firmware update (and maybe without). ibook1 has it with the firmware update. and the firewire powerbooks have it with a firmware update. > Are you sure that there are no master passwords? I > have only had x86 computers so far and there have > always been master passwords for the BIOSs. there is not, i know someone who reverse engineered the entire OpenFirmware bootrom of a tibook, i can see no evidence of any backdoor passwords. there is one backdoor, if the ammount of RAM in the machine changes command option p r will be reenabled for one boot (the immediate boot after the ram change) that will reset OF to defaults, without a password. the idea is that changing the ammount of ram is inconvenient, and on desktops impossible to do without damaging the case or breaking the lock you should have installed (all newworld desktop cases have a internal locking mechenism) there is one security hole in the Linux kernel (all versions) however that will allow any users with an account on your machine to learn the OpenFirmware password. the kernel exports all of OpenFirmare's configuration variables, including security-password, in files located in /proc/device-tree/options/ unfortunatly it makes no exceptions in regards to permissions and leaves them all world readable (mode 0444). Apple stores the password in a obfuscated manner, i suspect simple XOR, the key is constant, that is ascii `d' will always be hex `ce' and such so cracking this obfuscation is not difficult. > Yes I'm going to encrypt my data, but that would be > useless if you could easily install a trojan if I > leave it unattended for some minutes. OpenFirwmare password protection, with security-mode=command (allows unattended booting, but only to the set boot-device) and yaboot password protection in restricted mode (see yaboot.conf(5)) which allows booting, but no arguments such as init=/bin/sh, along with locking your terminal/X session (don't use startx without taking care to lock the tty its started on) should be sufficient to protect you from such attacks. with this configuration they will have to open your laptop and add/remove some ram to remove the OpenFirmware password, then boot from another media to bypass yaboot's security and then install the backdoor. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgp4yJq0jfSXx.pgp
Description: PGP signature