As a side note, and I’ll create a separate thread: say my host is comprised by super sophisticated malware, aside from a reformat what other sanitisation practices can I do? Can I ever trust the hardware again? I don’t think we’re at a point where a firmware compromised graphics card can’t reinfect the processor?
I never heard of malware soldering hardware implants onto the device ^^
For firmware you need to dump it and then compare afterwards.
>I don’t think we’re at a point where a firmware compromised graphics card can’t reinfect the processor?
Nation state based firmware attacks exists since at least a decade. Some professional hacking teams are also already making use of those. You can find POCs, publications, talks, blogposts for probably everything which has flashable firmware. These attacks are very real.
Only reasons you don't find that stuff in the wild is
because no one is looking for it, your average antivirus won't detect it and it's used mostly for targeted attacks where you need advanced persistence/stealth and early compromise of the OS.
Firmware security is a mess. USB, HDD, GPU in particular. Even for all the UEFI verified/secure/whatever boot where at least some more mitigations are in place, holes get found once in a while. Just a while ago had an attacker pwn through a standard qemu/kvm setup trying to flash the BIOS. Wasn't that successful with flashing though ... because muh mitigations.
You either need to check or keep the firmware read only.
