Well you could test that assumption rather easily. Connect a throwaway PC to your home LAN, log or hack in, and either determine the motherboard brand and model and download the flashing app, or try some version of "modbin". If the BIOS isn't password protected it should be very easy. If it is password protected, it will just be a wee bit harder.

There was an Intel video years ago on youtube touting a way of accessing a computer even if it was turned off. It was advertised as a way tech support could 'help you out' even if you had left for the day and your computer was turned off. And while being access it would still appear turned off. Wish I'd have bookmarked it. But most of my friends didn't understand.

Did y'all know where is a cpu within the cpu nowadays. Forgot the tech term.

I don't trust UEFI myself and continue to use LILO and basic partitions.

Don't get me started on systemd and how systemd just loves TPM. TPM is a Microsoft deal. Download systemd code from github and do a search.

So yeah - it's FUBAR nowadays.

Has everybody forgot how SSL was compromised a few years back? It had been that way for years. And it appeared it wasn't an accident. So just because the code is available doesn't mean much. Who has time to wade through a million lines of code to verify things? And how do you know the pre-compiled package it really using the source code you see?

2 members found this post helpful.

These days the Intel Management Engine is in the chipset, and the software for it is stored on the same chip as the BIOS. The pair have severe flaws.

Here is one example of a known flaw:
The above quote was copied from https://en.wikipedia.org/wiki/Intel_Management_Engine

Sorry to inform you but the story gets a lot worse. Your hardware as well as the preferred software (windows and it's variants) are both most probably rooted.
Yeah you can disable the intel me engine and if you are lucky you will not brick your computer. Both intel AND amd have their own variants intel has v-pro active
management tech and amd has psp. This is probably going to get harder and harder to disable/bypass as time goes on. You can ask amd and intel to stop but they most
certainly have deals already with the intelligence community/military industrial complex so good luck with that. just look at http://techrights.org/home/
and get a better idea. Do what you can, hope and pray as well that can't hurt. Don't just worry about the small hackers but the Big ones as well. Also
those that will try to hack your dna/rna but that is another story. Myself i use linux and am in the process of learning to use the virtualization hardware
to run windows in a vm container for maybe a little better security as well as a technical exercise/challenge and have had some success doing single gpu passthrough:
"https://gitlab.com/risingprismtv/single-gpu-passthrough" but i still have doubts about why this hardware would be there when most people will never need it.

In any case here are some interesting links for reference:
(The True Story of the Windows _NSAKEY): "https://www.youtube.com/watch?v=x8JuUW41pbQ"
"https://github.com/corna/me_cleaner/wiki" as well as (Spyware at The Hardware Level - Intel ME & AMD PSP): "youtube.com/watch?v=HNwWQ9zGT-8"
Also: "https://www.zdnet.com/article/minix-intels-hidden-in-chip-operating-system/"

So don't wonder why it all seems so janky unstable and insecure because it WAS MADE THAT WAY!!

1 members found this post helpful.

Thanks for the YouTube link, SunnyJim, but it is old news and irrelevant since Windows 10 EULA in which users sign away any right to privacy or security. Since an operating system must store any encryption keys, and users agree to let Microsoft view everything (to catch those pesky pirates of course) including the encryption keys, it is rendered transparent. Your Windows system can "phone home" anything and everything even if it has to resort to unsecured wifi connections. I am unaware if any hackers have yet harvested data from such back doors, but I don't trust even the option.

It's not conspiracy. It's simply that computing is new enough and legislators are old and ignorant enough of computing that it is going to take years before all the wrinkles are hammered out and proper security measure become de rigeur. That mining data is so obviously a massive source of wealth will definitely add to the length of time that will take, if ever. Power, once given, is rarely given back.

Actually it is a bit worse than you put it. There will never become a time (unless our civilization crashes and we lose much of our technological base) when legislators will be able to catch up to the state of technology and the effect on society. There is a gap between the understanding of old politicians steeped in civil duty by years of experience and the current state of technology (and society). The gap was small in the 1700s and early 1800s, but has been expanding at an accelerating rate and will never close. The BEST we can get is a legislator that is well experienced in ONE OR TWO technologies or specialties, and that is the exception case. Most legislators are only specialized at raising money and getting votes, and that is really their main focus. Expecting legislators to be, or ever become, capable of making correct judgements about these issues on their own is unreasonable and unrealistic. The best that can be said is that the best of them KNOW this and listen to the experts and the constituents who are subject matter experts and directly involved. We have to engage with and inform those legislators who will LISTEN! The rest are the source of the problems. They will always be.

2 members found this post helpful.

It's probably not trivial, no, but the virus wouldn't need to to all the hardware init/etc that BIOS or coreboot does. It would "only" need to mimic how some vendors (Lenovo, among others) do filesystem injection to do things like kickstart driver or other OEM installs.

I'm getting the distinct impression that few respondents here have ever flashed a BIOS let alone modded an image to flash, spoofed an upgrade for a downgrade, forced a different mobo manufacturer's BIOS to load, or hot-swapped a BIOS chip. Surely you realize that efiboomgr easily writes to and erases from firmware and that's as nothing compared to what is possible.

Guys, permit me to ask you a question:

How are the BIOS viruses (and IME ethical issues) related to Slackware?

Maybe because BIOS viruses and IME run on/infect computers, and that's what we (me, at least) run Slackware on?
I'm not as knowledgeable as you, so that's only a guess.

1 members found this post helpful.

So, those theoretical BIOS viruses and this IME which run on/infect computers is an universal chatting subject, like is the weather, in any operating system forum?

Yeah, why not? More relevant and less controversial than politics or religion.

1 members found this post helpful.

Less controversial? Yes. More relevant? I do not think so.

In fact, it's all about this:

You do not want something to mess with your BIOS? Usually the motherboards have a physical jumper which disables the BIOS flashing. Remove it.
You are scared by the EFI malware? Use the Secure Boot.
You are scared by the Intel ME? Do not buy anything more modern that the hardware for Core 2 Duo. Or chose another vendor.

That's all.

But the people loves to put their own mistakes on the shoulders of others...

C'mon Lucky Cyborg, lighten up. I'm betting OP asked here because he/she assumed they would get better answers than on a Ubuntu, PopOS, or Windows Forum. ... and I agree.

2 members found this post helpful.

Hi LuckyCyborg,

I have read rather many of your posts, and according to my understanding English is not your native language. English is my native language. Unless you are intending to deform what the other people in this thread have been saying, then "scared" is not the appropriate word in this context.

According to what I have read of the history of the Intel ME, the early ME versions were put into at least some computers as far back as 2005. Do you have specific information to contradict this?

1 members found this post helpful.