Re: Modern hw-killing virus feasible

[Gregor Binder <gbinder () sysfive com>]

Crist Clark on Thu, Mar 08, 2001 at 11:13:35AM -0800:

Crist,

> And you have effectively put that box out of commision until someone
> crack open the case and replaces the EEPROM chip. Upon reboot, the
> system will demand the EEPROM password before booting. If the administrator
> of the machine does not have it, she can't get a boot prompt. And since
> the machine will not boot into single- or multi-user mode, having the
> root password or alternate boot media is no help.

IIRC you'd have to either power off the box for it to ask for a NVRAM
password (shutdown -g0 -i5 -y), or set auto-boot? to false, or set
boot-device to something that wont boot the box. A warm reboot will not
be enough.

To make this harder to exploit, you could remove the eeprom driver.

> Sun hardware is designed so the EEPROM can be replaced (at least that's
> what the docs say and Sun techs/engineers have told me), but this is a
> serious and potentially expensive PITA. And it's so-o easy.

There is a highly unsupported way of unsetting the NVRAM password, which
involves unplugging the NVRAM with power to the machine.
A new NVRAM chip will be less than $50, and it is mounted in a socket.

Regards,
  Gregor.

--
Gregor Binder  <gregor.binder () sysfive com>  http://sysfive.com/~gbinder/
sysfive.com GmbH               UNIX. Networking. Security. Applications.
PGP id: 0x20C6DA55 fp: 18AB 2DD0 F8FA D710 1EDC A97A B128 01C0 20C6 DA55