firstly, I apologize for the terrible formatting and grammar. I am being forced to post this from my phone at the moment.
The issue:
when Dropping to a shell in clover on my Gigabyte z170mx bios, I am seeing that my motherboard has untrusted credentials. I have been also dealing with a rootkit that stores itself in the gpu's boot rom, and injects itself into motherboards, hard drives, and pretty much everything plugged into the gpu. I am trying ro find a way that this thing hides itself and takes control of my firmware to make system calls to an outside server. So, I purchased a new motherboard of the same kind (detaching the gpu), and after searching through the efi global variables in the clover shell, I could not identify anything that indicated my bios was comprimised or untrusted anymore. I am wondering if what I am seeing in the eufi shell is related to the rootkit dropping infected payloads on me, and if there is any good way to trace it. Furthermore, I am wondering if I should be concerned about the "Do not trust" indicator notated in hex editor in the clover shell. Could someone maybe provide a bit of insight as to what this means exactly? Is this normal?
Please see pics below to understand what I am talking about. Any help, assistance, or direction would be highly appreciated. Any motherboard/uefi shell experts out there?
Other pic is linked due to one photo limit. Z170mx untrusted in clover shell efi variables? Why? - Album on Imgur
The issue:
when Dropping to a shell in clover on my Gigabyte z170mx bios, I am seeing that my motherboard has untrusted credentials. I have been also dealing with a rootkit that stores itself in the gpu's boot rom, and injects itself into motherboards, hard drives, and pretty much everything plugged into the gpu. I am trying ro find a way that this thing hides itself and takes control of my firmware to make system calls to an outside server. So, I purchased a new motherboard of the same kind (detaching the gpu), and after searching through the efi global variables in the clover shell, I could not identify anything that indicated my bios was comprimised or untrusted anymore. I am wondering if what I am seeing in the eufi shell is related to the rootkit dropping infected payloads on me, and if there is any good way to trace it. Furthermore, I am wondering if I should be concerned about the "Do not trust" indicator notated in hex editor in the clover shell. Could someone maybe provide a bit of insight as to what this means exactly? Is this normal?
Please see pics below to understand what I am talking about. Any help, assistance, or direction would be highly appreciated. Any motherboard/uefi shell experts out there?
Other pic is linked due to one photo limit. Z170mx untrusted in clover shell efi variables? Why? - Album on Imgur