luks and malware

General Tor and Anonymity Talk
1

If i have a malware running on my OS, that also have compromised my BIOS, with the Dm-crypt command and LUCKS can i definitly erase it?

2

Good day,

absolutely not. There is no software in the world (accessible to the public) that could do something like this successfully. In very rare cases, flashing a new BIOS from a secure source MIGHT help, though often this is not the case, because if the BIOS is compromised, often even the small 2mb flash in notebook keyboards and other rather unknown “memory’s” on the mainboard get compromised.

So, if you even suspect that your BIOS is/has been compromised, your best course of action would be throwing the PC away.

Have a nice day,

Ego

3

thank you ego.
As seen that the malware today are becaming always more and more sofisticated, using a separate virtual machines not internet connected to the OS, will be sufficient in order to avoid to get a BIOS malware?
Basically: Is it the virtual machine a good way to download from internet without to be compromized by malware or bios malware?

4

Compartmentalization by using everything inside virtual machines is good a good level of defense to prevent hardware being compromised. However, it’s not a 100% protection. If the malware can break out of the VM, it can still permanently infect the hardware.

And once the hardware is infected, conceptually VMs can’t help anymore.

This is indeed a very undesirable state of affairs.

Joanna - if I got her right - is proposing to make the hardware stateless, which means everything, BIOS, keyboard firmware, and so forth should be read-only. I think ideally hardware write protection switches would be ideal. Then we could get rid of malware by formatting the disk after booting from trusted read-only boot medium (dvd or so).

Some more information here:
State considered harmful - A proposal for a stateless laptop (new paper) | The Invisible Things

It doesn’t exist yet. It’s up to hardware vendors to follow this very reasonable advice or to support Open Hardware (hardware that is Libre Software). The former is probably very unlikely.