Hi,
I’m not hacker. Please don’t worry. But there is one thing which worries me since some time. Currently updating BIOS under Windows is more and more popular. Is that in any way guaranteed that when doing BIOS update I will not update any modified BIOS version by hacker with some malicious software?
As far as I understand, when I download exe file from producer website it’s rather safer. Firstly because connection to web sites of many producers is encrypted, secondly because exe file has digital signature I could check in BIOS.
But when doing the flashing itself. Is there any additional check done by “old” BIOS before flashing that “new” BIOS is correct? Does “old” BIOS check any checksum (to avoid ex. transmission errors), any digital certificate who prepared the “new” BIOS, any additional check if BIOS fits the given laptop or motherboard model?
I can theoretically imagine any virus which will use flashing mechanism to upload its own code as part of BIOS? Is that possible?
Is there any difference in answer for UEFI BIOSes and old type BIOSes?
Btw, do you know any motherboards (or laptops) which allows to block flashing function in BIOS? I mean after turning it on, any flashing is not possible? I know some laptops having function for uploading BIOS file as part of BIOS (ex. some Asus or MSI BIOSes), however AFAIK in these models it’s still possible to upload BIOS file under Windows.
I would be grateful for answering or pointing me to some additional Web links. I tried to find sth but it’s really challenging.
Thanks a lot for help. 