UEFI "secure boot" - secure? wut?

Discussion in 'Mac OS X Lion (10.7)' started by goscuter1, Dec 30, 2011.

  1. goscuter1 macrumors newbie

    Dec 13, 2011
    I posted this on Intel's forum but of course, no responses from the Intel experts. Cross-posting it here, as it's arguably a Mac issue rather than an Intel one.

    My systems have been crashing under the weight of DDoS floods and networking carnage which - combined with my non-technical limitations - effectively presents a situation where access to my systems are a free for all, at the lowest levels. I've been reading up on UEFI "Secure Boot" and I'm having trouble understanding how anyone can expect the boot process to be 'secured' the way it's been setup.


    I can get training for the rest of my life and I'm simply not going to be able to protect myself when INTEL is giving access like this to people who have the ability to make my efforts at securing my systems something very near redundancy.

    In this article titled "Using the UEFI Shell for Bare Metal Provisioning", it sure sounds like anyone with access to any network which I inadvertently or unintentionally connect to, can bypass the almost non-existent 'security' by simply installing a public key on my computer. If I'm understanding this correctly, the servers are secured from me (they were secured by my ignorance, quite safely) but it would be almost impossible to secure my client machines from them.

    Well, that's very secure. Anyone who breaches the bubble can then ensure they have secure access to deploy firmware images. How does a certificate protect against this many avenues for access?


    You'd have to be almost a networking specialist just to have a chance.

    I'm never going to be able to have a chance, and what's more - assuming I understand the gist of what I'm reading - it's irrational to expect home users to be able to compete in firmware flashing games where the playing field between console and remote operators is almost completely leveled by INTEL. It's wrong, if we're being frank, it's far more outrageous than merely "wrong" - but after a year of this, I'm forced to be pragmatic and pretend the confusion of experts who can't possibly understand why I don't want unnecessary security exploits...is something other than nauseating.

    It should be as simple as my saying "I will never need to boot my system remotely, and would like to remove all capacity for remote access. Completely. Permanently. Irreversibly. I will never - ever - have any need or desire to remotely access or boot my system."

    Tick a radio button. Configure a setting. Simple. Now why is that so unreasonable in the year 2011 ?

    I'm not just talking philosophically. It's all very bleak really, after a year of destroyed machines and corruption almost - fascinating. It would be, if it wasn't so horrifying and just...so creepy. Using the rEFIt Shell (I'm not intelligent enough to compile Tiano), I can get a good look around underneath my Mac OS X Lion installations, and it's a god-awful mess with hundreds of "UNKNOWN" driver images and modules and mapping I can't make sense of (and I receive zero assistance from those I pay to assist in these things) - but everything is write-protected so I can't clean it out. I mount each EFI partition (which I've read Apple stating they don't use for booting on Intel Macs - oh?) a dozen times a day to delete this non-default firmware.scap file which is synced to any GPT partitioned disk I own within range. Synced a dozen times a day. I delete it from all my hard drives, but the EFI partitions are just routinely automounted with the firmware corruption synced right back.


    The firmware.scap file goes for hundreds or thousands of pages of this, but if I'm not mistaken that's a BIOS ROM listed right at the start? It's not even close to the one listed by SystemProfiler.


    Do I have any options here? You may safely assume I've exhausted my capacity to endure the horror that has gone on for almost 3 months, trying to ignore the feigned idiocy of frontline customer service creeps. Unfortunately, I can't get past them. It would suck if they killed me, all smirking and regretting that they didn't have the chance to direct me for the 48th time, to turn the power back off and back on again.

    You know. Cause sometimes that works.
  2. Offfffug macrumors newbie

    Aug 24, 2012
    Hi. I was hacked by the same stuff, still am trying to figure it out. The malware survives reinstalls, reformats etc... I had three laptops replaced by Apple already, they even hacked my iPhone. It is insane how it works and I'm not a programmer just good with computers but here's a few bullet points:

    #1 it is a Triad originated hack, I was a target while living in Asia and the Triads and Vietnamese mafia were my pursuers... My ex-wife helped these losers infiltrate my computers.
    #2 the malware spoofs DNS and has you get updates from imposter Apple update sites and windows update. You are not really getting the updates from there since they spoof the ip.
    #3 during a fresh install they hijack the installation somehow as its happening, I saw it in the install logs but forget exactly what it said. I can get anything you ask me for since I can recreate the problem. So feel free to ask me to do steps etc...
    #4 they somehow prevent my Mac from booting into Ubuntu live, the Mac claims the DVD is blank when I know it's not.
    #5 I have 2 untrusted Kerberos certs in the system keychain immediately after a fresh install of snow leapord from the DVD or Lion from the $60 purchased USB stick from Apple.
    #6 I noticed that my admin username was the only one to have read write permission in a folder located at /system/library/container where a video was located that I exported using QuickTime. There was also a text file recently created in that directory which was created 10 minutes before I booted my computer that had a million words all starting with Z, Zinteger, Z this, Z that.... Which led me to discover that they had a C.M.S running on my computer that they used to access my computer. I googled other stuff I stumbled on and realized they had sandbox running and then discovered that Sandbox can allow access to almost your entire system if set up to do so.

    I booted one of my windows computers to an Ubuntu live CD and tried to connect to my cable modem with a cat5 cable with wireless off on both my windows computers and my iPhone. I had a 6 th sense and decided to power down my iPhone when the windows computer running ubuntu live was hanging when trying to connect to the cable modem. The second I powered off my iPhone I was shocked to see a "network disconnected" notification appear on the Ubuntu screen. I powered the phone up and recreated the exact same thing 4 times in a row.

    I know that Airport has something to do with it and they also hacked my routers and cable modem so even the reset button didn't work.

    Lastly, I did an "Erase all settings and Content" on that iPhone and the welcome screen was in Chinese so I did it a second time and then it showed as English as the first choice. After that I noticed a ton of diagnostic logs from an app named monkey.app and I never installed anything with the name Monkey. Apple replaced that phone yesterday for free and told me to call the FBI because it was beyond their skill level at the Genius Bar.

    I am hooking up with a former D.O.D programmer next week, I assume he'll uncover it all but any help would be greatly appreciated.
  3. munkery macrumors 68020


    Dec 18, 2006

Share This Page