Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> If those supervisor cores want, they can literally just tamper with the entropy in your pool directly

Go ahead and try to tamper with that pool. On all existing and future kernel versions. After undoing kASLR.

Not arguing, that it is impossible, but malware writers usually choose easier paths. When Samsung backdoored their phones [1], they didn't make a pure TrustZone rootkit. Instead they created a companion app, acting as helper for performing high-level tasks within OS bounds. Intel ME rootkit has it's own network stack and can use Intel network card, because it is both easier and safer than trying to interact with constantly updating OS, written by different people.

A rootkit, trying to perform any kind of complex interactions with host OS, may be exploited and taken advantage of, — for example see bugs [2] in AMD's PSP, that allowed host OS to take over by giving it specially crafted certificate.

[1]: https://www.zdnet.com/article/backdoor-in-samsung-galaxy-dev...

[2]: https://seclists.org/fulldisclosure/2018/Jan/12



Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: