[opensuse] Levono rootkit
On another list I received this warning: https://news.ycombinator.com/item?id=10039870 http://arstechnica.com/civis/viewtopic.php?p=29497693&sid=ddf3e32512932172454de515091db014#p29497693 It seems the levono bios is checking that its won files are installed and if not then installing them. I'm not sure how this works out in a Linux Environment, but I'll enquire further. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, Aug 13, 2015 at 08:49:39AM -0400, Anton Aylward wrote:
On another list I received this warning:
https://news.ycombinator.com/item?id=10039870 http://arstechnica.com/civis/viewtopic.php?p=29497693&sid=ddf3e32512932172454de515091db014#p29497693
It seems the levono bios is checking that its won files are installed and if not then installing them.
I'm not sure how this works out in a Linux Environment, but I'll enquire further.
Windows loads an EXE from an ACPI blob. Linux does not do this, so no problem for us. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, 13 Aug 2015 15:49, Christopher Myers wrote:
Windows loads an EXE from an ACPI blob. Linux does not do this, so no problem for us.
What would the implications be if you're running wine?
Hmm, at the first glance, not much. Lets look deeper: A great part of the 'infrastructure' needed do get such programs installed and running is simply 'not there'. Access to UEFI / BIOS from Wine is a no-go as far as I can see and test, and the other way round, The UEFI does not find the 'hooks' it needs to start such programs during the Linux boot cycle. Hopefully it stays that way. Wine itself does not boot, and as such the complete boot-cylce as done by MS-Win is not implemented. Hopefully the creators of "full" emulators (e.g. VMware, Virtualbox) do NOT implement such feces in their UEFI / BIOS code. - Yamaban. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-08-13 16:12, Yamaban wrote:
Hopefully the creators of "full" emulators (e.g. VMware, Virtualbox) do NOT implement such feces in their UEFI / BIOS code.
They could, if they have some reason to do it. But it would affect the virtual bios/uefi, and the guest system, not the host. Now, what reason does Lenovo has to do it? What is the purpose of this thing? I have not been able to see that in what I have read in the links posted, perhaps I missed it. Yes, that they replace Microsoft code with their own, in a dirty manner, but what for? - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlXMrD0ACgkQja8UbcUWM1wgWwEAiS9Unyq2iqmhN0lo2D3bXr5w 755PDbcCFyZM895pV5QA/2J2zOLL3EezaG7mML+srhc0pHwHeh/+lpWgsGAoR2n6 =sxET -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/13/2015 09:39 AM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 2015-08-13 16:12, Yamaban wrote:
Hopefully the creators of "full" emulators (e.g. VMware, Virtualbox) do NOT implement such feces in their UEFI / BIOS code. They could, if they have some reason to do it. But it would affect the virtual bios/uefi, and the guest system, not the host.
Now, what reason does Lenovo has to do it? What is the purpose of this thing? I have not been able to see that in what I have read in the links posted, perhaps I missed it. Yes, that they replace Microsoft code with their own, in a dirty manner, but what for?
Most Linux os's make modifications to the desktop for their own distribution. Styles and colors mostly. That's what Lenovo is doing. using their rootkit to load their own "look". -- A cat is a puzzle with no solution. Cats are tiny little women in fur coats. When you get all full of yourself try giving orders to a cat. _ _... ..._ _ _._ ._ ..... ._.. ... .._ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-08-13 16:49, Billie Walsh wrote:
Most Linux os's make modifications to the desktop for their own distribution. Styles and colors mostly. That's what Lenovo is doing. using their rootkit to load their own "look".
Ie, force some Lenovo theming on their hardware, even if you install "vanilla" Windows. But this is possible because Microsoft purposely runs the code that does this alteration from the uefi. Or do they do something else than theming? - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlXMsFsACgkQja8UbcUWM1wPEQD/ZkGg+e958dn8UFJWzdskDoWe Ey0eXjNvrGizcw/Epe0A+gJVKxnrBlU7ipA++fSg5puZF8gPsVs/WZYvK7etYzLy =SXMV -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-08-13 16:57, Carlos E. R. wrote:
On 2015-08-13 16:49, Billie Walsh wrote:
Or do they do something else than theming?
They might say that, instead of giving out DVDs customized for Lenovo, you can install a vanilla windows and get all customizations, applications, and drivers, later, on line, automatically. That this way, if you update a machine to a later windows release, you get all the appropriate customization for your machine, as it had when you bought it. Not a bad idea, but IMO, it should be optional. But it is Windows itself which starts the code, I understand. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlXMs2kACgkQja8UbcUWM1w+lgD9HFnX79ctsv/rioJQ8RfprUyL zHTLSIJF6U7QU0UpLAYA/1hk13CUSpIkCHMleGmqBZgzrbv00Vkopvoq/9oBcC3M =KVhk -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
They might prepare to run an optional executable "just in case". For international espionage. Even under OpenSUSE there are ways to run executable if BIOS/UEFI is bloated. There is no escape : only light and transparency will make these "tricks" nearly gone. Dsant, from France On 08/13/2015 04:57 PM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 2015-08-13 16:49, Billie Walsh wrote:
Most Linux os's make modifications to the desktop for their own distribution. Styles and colors mostly. That's what Lenovo is doing. using their rootkit to load their own "look". Ie, force some Lenovo theming on their hardware, even if you install "vanilla" Windows. But this is possible because Microsoft purposely runs the code that does this alteration from the uefi.
Or do they do something else than theming?
- -- Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)
iF4EAREIAAYFAlXMsFsACgkQja8UbcUWM1wPEQD/ZkGg+e958dn8UFJWzdskDoWe Ey0eXjNvrGizcw/Epe0A+gJVKxnrBlU7ipA++fSg5puZF8gPsVs/WZYvK7etYzLy =SXMV -----END PGP SIGNATURE-----
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (7)
-
Anton Aylward -
Billie Walsh -
Carlos E. R. -
Christopher Myers -
Dsant -
Marcus Meissner -
Yamaban