Someone on Reddit reported that their Pinebook Pro arrived with a strange-looking autorun.inf file in the boot partition, which looked like it came from some kind of virus or other malware: https://old.reddit.com/r/PINE64official/...partition/
This particular malware might be targeted at Windows and (perhaps) not cause any harm on Linux, but if the system at the factory is compromised in this way, it could be running any number of other malicious programs resulting in the installation of literally anything on the devices.
So I have two questions:
1) Could a malicious program persist itself on the Pinebook Pro (or PinePhone) to survive after the OS is installed, for example by flashing malicious firmware or modifying the boot process? Or will it definitely be clean with a fresh OS install?
2) Should users be advised to install their own OS and not trust the pre-installed software, if the factory can't be trusted? This would affect the plan to have the PinePhone come with the user's choice of software pre-installed.
This particular malware might be targeted at Windows and (perhaps) not cause any harm on Linux, but if the system at the factory is compromised in this way, it could be running any number of other malicious programs resulting in the installation of literally anything on the devices.
So I have two questions:
1) Could a malicious program persist itself on the Pinebook Pro (or PinePhone) to survive after the OS is installed, for example by flashing malicious firmware or modifying the boot process? Or will it definitely be clean with a fresh OS install?
2) Should users be advised to install their own OS and not trust the pre-installed software, if the factory can't be trusted? This would affect the plan to have the PinePhone come with the user's choice of software pre-installed.
