My primary goal is to close firmware backoors. First, I want to know if my plan might work or not, and if it is a good idea, how to implement it:
I erased preinstalled Windows and installed Linux with no proprietary firmwares, except the CPU microcode and encrypted with LUKS before usage. I see no HPA with normal tools:
- I see 117GB from 128, with disk usage analyzer, disk utility shows 120 as ext, + 8GB swap +8 cryptswap. I assume if the last 2 are the same/embedded, everything seems to be correct, no HPA.
- However I know, SSD needs complete rewriting, to erase the data. I did not use any specific tool yet.
- II guess a rootkit like this could still access "nonexistent" HPA. I want to be sure, if there is HPA, and if yes, remove and erase it securely, than protect it, because Computrace installs itself back after SSD formatting.
Cmputrace
- It resides in the BIOS, and installs itself into a Host Protected Area. It was never activated, but there is no possibility to permanently disable it. It updates automatically from BIOS, so I guess, than it might implement a newer, shiftier version.
- I assume Computrace only capable of installing itself to Windows encrypted or Linux unencrypted SSDs. If the BIOS code does not speak (certain) Linux or cannot circumvent encryption, it can not run, I can protect my SSD from it.
- I already did Wireshark packet captures under browsing and at idle time, I did not recognize the suspicious hosts described by Kaspersky, but it might hide itself.
If there is HPA, or Linux does not secure erase: DBAN does not tuch HPA, ATA secure erase is not reliable. There is Secure Delete for Linux. Other options for Linux?
Optionally I could flash a custom BIOS, but I do not know about any trustable open source clean BIOS mod.
Please try to be compact, thanks for the answers.
