upvote

points

by madduci10 hours ago |
comments
upvoteby monax10 hours ago|
next
[-]
It's just a silly experiment; the real endgame is to make a bootloader that is customisable using HTML/CSS/JS
reply
upvoteby magicalhippo10 hours ago|
parent|
[-]
Since PDFs can contain JS, presumably that should be the preferred way of modifying your boot loader.
reply
upvoteby monax10 hours ago|
parent|
[-]
Yeah that's the natural next step, I'll work on that next
reply
upvoteby ThrowawayTestr9 hours ago|
prev|
[-]
Why not?
reply
upvoteby madduci9 hours ago|
parent|
[-]
Because this can end very badly. It is a new surface to attack
reply
upvoteby M95D9 hours ago|
parent|
next
[-]
Exactly! It's actually great! More ways to jailbreak stuff.
reply
upvoteby eqvinox9 hours ago|
parent|
prev|
next
[-]
Why is it a new surface? Either you can run UEFI code, or you can't. Attacking the JS interpreter itself is unrealistic IMHO, it's the poorly written JavaScript running on top of this that might open new surfaces of attack. But other UEFI code is mostly written in C or C++, so let's call that a wash?
reply
upvoteby yjftsjthsd-h9 hours ago|
parent|
prev|
[-]
Maybe? What's your threat model?
reply