Submission + - How Does One Verify Hard Drive Firmware? 1
An anonymous reader writes: In light of recent revelations from Kaspersky Labs about the Equation Group and persistent hard drive malware, I was curious about how easy it might be to verify my own system's drives to see if they were infected. I have no real reason to think they would be, but I was dismayed by the total lack of tools to independently verify such a thing. For instance, Seagate's firmware download pages provide files with no external hash, something Linux distributions do for all of their packages. Neither do they seem to provide a utility to read off the current firmware from a drive and verify its integrity.
Are there any utilities to do such a thing? Why don't these companies provide such a thing to users? Has anyone compiled and posted a public list of known-good firmware hashes for the major hard drive vendors and models? This seems to be a critical hole in PC security.
I did contact Seagate support asking for hashes of their latest firmware; I got a response stating that '...If you download the firmware directly from our website there is no risk on the file be tampered with." [their phrasing, not mine]. Methinks somebody hasn't been keeping up with world events lately.
Are there any utilities to do such a thing? Why don't these companies provide such a thing to users? Has anyone compiled and posted a public list of known-good firmware hashes for the major hard drive vendors and models? This seems to be a critical hole in PC security.
I did contact Seagate support asking for hashes of their latest firmware; I got a response stating that '...If you download the firmware directly from our website there is no risk on the file be tampered with." [their phrasing, not mine]. Methinks somebody hasn't been keeping up with world events lately.