Sekkite wrote:I'm one of those paranoid types that wants to make sure that if I wipe my computer, it's guaranteed to be clean of malware. I realize it's unlikely to ever come across a virus that persists in the BIOS, but I want to be absolutely certain that my computer cannot try to flash the BIOS from within the operating system.
So, how do I go about checking if my BIOS is write protected and if it isn't and there isn't a simple option in the BIOS to fix this, do I have any recourse to enable write protection?
You can't write to your BIOS. Most, if not all of the memory in the BIOS is memory mapped and reserved. The only way to write to the BIOS chip is to flash the code to the BIOS chip in your computer, which is a quasi-difficult thing to do in-and-of-itself, i.e. fairly easy to do with pre-existing programs, extremely complicated to write a custom program to do it. It's also extremely easy to fuck up and brick your computer. Beyond THAT, there'd be no real point in changing the BIOS, even for malicious intent. All the BIOS does is provide certain interrupts and set some settings, then jumps to the bootloader code. Boot-kits (rootkits that run when the computer starts up) don't interfere with the BIOS. What they usually do is rewrite the bootloader to load their malicious code first
and then load the normal bootloader. In certain cases this allows the malicious code to bypass the kernel and execute ring 0 code while the OS is running (which is something you really
don't want to happen).
As far as preventing this goes, the best and only method is to not allow physical access to the computer. Because you can't rewrite the bootloader while you're in an OS, they'd need to manually shut-down your computer, then boot it back up and install their code. So honestly, as long as you don't leave your computer unattended with random people, you needn't worry.