bi bios s an and d se secu cure e bo boot t attacks acks
play

BI BIOS S an and d Se Secu cure e Bo Boot t Attacks acks - PowerPoint PPT Presentation

Feb 01, 2024 •260 likes •1.27k views

BI BIOS S an and d Se Secu cure e Bo Boot t Attacks acks Unc ncover ered ed Advanced Threat Research, Intel Security John Loucaides (presenting) In n The he Be Begi ginnin nning Was as The he Leg egacy acy BI BIOS.. S..

  1. BI BIOS S an and d Se Secu cure e Bo Boot t Attacks acks Unc ncover ered ed Advanced Threat Research, Intel Security John Loucaides (presenting)

  2. In n The he Be Begi ginnin nning Was as The he Leg egacy acy BI BIOS.. S..

  4. Leg egacy acy BI BIOS 1. CPU Reset vector in BIOS ’ROM’ (Boot Block)  2. Basic CPU, chipset initialization  3. Initialize Cache-as-RAM, load and run from cache  4. Initialize DIMMs, create address map..  5. Enumerate PCIe devices..  6. Execute Option ROMs on expansion cards  7. Load and execute MBR  8. 2nd Stage Boot Loader  OS Loader  OS kernel Also Technical Note: UEFI BIOS vs. Legacy BIOS, Advantech

  5. The hen n Wor orld ld Mo Moved ed to o UEFI. EFI..

  6. UEFI FI Bo Boot From Secure Boot, Network Boot, Verified Boot, oh my and almost every publication on UEFI

  7. UEFI FI [C [Complian mpliant] t] Fi Firmwar mware CPU Reset SEC S-CRTM; Init caches/MTRRs; Cache-as-RAM (NEM); Recovery; TPM Init Pre-EFI S-CRTM: Measure DXE/BDS Early CPU/PCH Init Init (PEI) Memory (DIMMs, DRAM) Init, SMM Init Driver Continue initialization of platform & devices Exec Env Enum FV, dispatch drivers (network, I/O, service..) Produce Boot and Runtime Services (DXE) Boot Dev Boot Manager (Select Boot Device) ACPI, UEFI SystemTable, SMBIOS table EFI Shell/Apps; OS Boot Loader(s) Select (BDS) Runtime / OS ExitBootServices. Minimal UEFI services (Variable)

  8. Si Signed gned BI BIOS OS Upd pdate e & O & OS S Se Secu cure e Bo Boot OS Driver OS Driver Windows 8 Signed BIOS OS Kernel / Early Launch Anti-Malware (ELAM) Secure Update Boot UEFI OS Loaders (winload.efi, winresume.efi) UEFI UEFI DXE UEFI UEFI OROM App Driver Boot Loader Secure Bootx64.efi UEFI UEFI DXE Boot Bootmgfw.efi OROM App Driver UEFI DXE Core / Dispatcher System Firmware (SEC/PEI) Hardware I/O Memory Network Graphics

  9. Attacks acks Aga gains nst t Pla latf tform orm Fi Firmwar mware... e...

  10. BIOS BI OS Attac ack k Su Surface: face: SP SPI Fla I Flash h Pr Protection ection SPI Flash Protection BIOS … Update System BIOS Settings SMRAM FW/BIOS (NVRAM, Protection Variables) Hardware Secure Boot Config. SMI Handlers

  11. SP SPI I Fl Flas ash h Wr Writ ite e Pr Protection ection SPI Flash (BIOS) Write Protection is Still a Problem • Often still not properly enabled on many systems • SMM based write protection of entire BIOS region is often not used: BIOS_CONTROL[SMM_BWP] • If SPI Protected Ranges (mode agnostic) are used (defined by PR0- PR4 in SPI MMIO), they often don’t cover entire BIOS & NVRAM • Some platforms use SPI device specific write protection but only for boot block/startup code or SPI Flash descriptor region • Persistent BIOS Infection (used coreboot’s flashrom on legacy BIOS) • Evil Maid Just Got Angrier: Why FDE with TPM is Not Secure on Many Systems • BIOS Chronomancy: Fixing the Static Root of Trust for Measurement • A Tale Of One Software Bypass Of Windows 8 Secure Boot • Mitigatio tion: n: BIOS_CONTROL[SMM_BWP] = 1 and SPI PRx • chipsec_main --module common.bios_wp • Or Copernicus from MITRE

  12. Ch Chec ecking king Ma Manu nually.. ally.. Windows: RWEverything  Linux: setpci -s 00:1F.0 DC.B

  13. Better er Way y to Che heck ck If If Your r BIO IOS S Is Is Wr Write-Protect ected ed # chipsec_main.py --module common.bios_wp [*] running module: chipsec.modules.common.bios_wp [x][ ======================================================================= [x][ Module: BIOS Region Write Protection [x][ ======================================================================= [*] BIOS Control = 0x02 [05] SMM_BWP = 0 (SMM BIOS Write Protection) [04] TSS = 0 (Top Swap Status) [01] BLE = 1 (BIOS Lock Enable) [00] BIOSWE = 0 (BIOS Write Enable) [!] Enhanced SMM BIOS region write protection has not been enabled (SMM_BWP is not used) [*] BIOS Region: Base = 0x00500000, Limit = 0x007FFFFF SPI Protected Ranges ------------------------------------------------------------ PRx (offset) | Value | Base | Limit | WP? | RP? ------------------------------------------------------------ PR0 (74) | 87FF0780 | 00780000 | 007FF000 | 1 | 0 PR1 (78) | 00000000 | 00000000 | 00000000 | 0 | 0 PR2 (7C) | 00000000 | 00000000 | 00000000 | 0 | 0 PR3 (80) | 00000000 | 00000000 | 00000000 | 0 | 0 PR4 (84) | 00000000 | 00000000 | 00000000 | 0 | 0 [!] SPI protected ranges write-protect parts of BIOS region (other parts of BIOS can be modified) [!] BIOS should enable all available SMM based write protection mechanisms or configure SPI protected ranges to protect the entire BIOS region [-] FAILED: BIOS is NOT protected completely

  14. SP SPI I Fl Flas ash h & B & BIO IOS S Is Is No Not Wr Writ ite e Pr Protect ected ed

  15. From Analytics, and Scalability, and UEFI Exploitation by Teddy Reed Patch attempts to enable BIOS write protection (sets BIOS_CONTROL[BLE]). Picked up by Subzero

  16. SP SPI I Fl Flas ash h Wr Writ ite e Pr Protection ection SMI Suppression Attack Variants • Some systems write-protect BIOS by disabling BIOS Write-Enable (BIOSWE) and setting BIOS Lock Enable (BLE) but don’t use SMM based write-protection BIOS_CONTROL[SMM_BWP] • SMI event is generated when Update SW writes BIOSWE=1 • Possible attack against this configuration is to block SMI events • E.g. disable all chipset sources of SMI: clear SMI_EN[GBL_SMI_EN] if BIOS didn’t lock SMI config: Setup for Failure: Defeating SecureBoot • Another er varian iant is to disable specific TCO SMI source used for BIOSWE/BLE (clear SMI_EN[TCO_EN] if BIOS didn’t lock TCO config.) • Mi Mitigation: tion: BIOS_CONTROL[SMM_BWP] = 1 and lock SMI config • chipsec_main --module common.bios_smi

  17. Are e All ll Req equi uired ed SM SMIs Is Ena nabl bled ed an and L d Lock cked ed? [*] running module: chipsec.modules.common.bios_smi [x][ ======================================================================= [x][ Module: SMI Events Configuration [x][ ======================================================================= [-] SMM BIOS region write protection has not been enabled (SMM_BWP is not used) [*] PMBASE (ACPI I/O Base) = 0x0400 [*] SMI_EN (SMI Control and Enable) register [I/O port 0x430] = 0x00002033 [13] TCO_EN (TCO Enable) = 1 [00] GBL_SMI_EN (Global SMI Enable) = 1 [+] All required SMI events are enabled [*] TCOBASE (TCO I/O Base) = 0x0460 [*] TCO1_CNT (TCO1 Control) register [I/O port 0x468] = 0x1800 [12] TCO_LOCK = 1 [+] TCO SMI configuration is locked [*] GEN_PMCON_1 (General PM Config 1) register [BDF 0:31:0 + 0xA0] = 0x0A14 [04] SMI_LOCK = 1 [+] SMI events global configuration is locked [+] PASSED: All required SMI sources seem to be enabled and locked!

  18. SP SPI I Fl Flas ash h Wr Writ ite e Pr Protection ection Locking SPI Flash Configuration • Some BIOS rely on SPI Protected Range (PR0-PR4 registers in SPI MMIO) to provide write protection of regions of SPI Flash • SPI Flash Controller configuration including PRx has to be locked down by BIOS via Flash Lockdown • If BIOS doesn’t lock SPI Controller configuration (by setting FLOCKDN bit in HSFSTS SPI MMIO register), malware can disable SPI protected ranges re-enabling write access to SPI Flash • chipsec_main --module common.spi_lock

  19. Is Is SP SPI I Fl Flas ash h Configur figuration tion Lock cked ed? [+] imported chipsec.modules.common.spi_lock [x][ ======================================================================= [x][ Module: SPI Flash Controller Configuration Lock [x][ ======================================================================= [*] HSFSTS register = 0x0004E008 FLOCKDN = 1 [+] PASSED: SPI Flash Controller configuration is locked

  20. BIOS BI OS Attac ack k Su Surface: face: BI BIOS S Upd pdate SPI Flash Protection BIOS … Update System BIOS Settings SMRAM FW/BIOS (NVRAM, Protection Variables) Hardware Secure Boot Config. SMI Handlers

  21. Leg egacy acy BI BIOS S Upd pdate e an and Sec d Secur ure e Bo Boot Signed BIOS Updates • Mebromi malware includes BIOS infector & MBR bootkit components • Patches BIOS ROM binary injecting malicious ISA Option ROM with legitimate BIOS image mod utility • Triggers SW SMI 0x29/0x2F to erase SPI flash then write patched BIOS binary No Signature Checks of OS boot loaders (MBR) • No concept of Secure or Verified Boot • Wonder why TDL4 and likes flourished?

  22. UEFI FI BI BIOS OS Upd pdate e Pr Prob oblems lems Parsing of Unsigned BMP Image in UEFI FW Update Binary • Unsigned sections within BIOS update (e.g. boot splash logo BMP image) • BIOS displayed the logo before SPI Flash write- protection was enabled • EDK ConvertBmpToGopBlt() integer overflow followed by memory corruption during DXE while parsing BMP image • Copy loop overwrote #PF handler and triggered #PF • Attacking Intel BIOS

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SE SECU CURE BO BOOT F FOR F FPGAS HE HEADS HA HARDWARE E AND EM EMBED EDDED ED DESIG

SE SECU CURE BO BOOT F FOR F FPGAS HE HEADS HA HARDWARE E AND EM EMBED EDDED ED DESIG

SE SECU CURE BO BOOT F FOR F FPGAS HE HEADS HA HARDWARE E AND EM EMBED EDDED ED DESIG IGN AND SECURIT ITY LAB Lab Director Fareena Saqib, Assistant Professor Email: fsaqib@uncc.edu Office: EPIC 2164 Phone: 704-687-8098 Wh Why

556 views • 20 slides
BIOS and Secure Boot Attacks Uncovered Ruxcon 2014 Advanced Threat Research, Intel Security John

BIOS and Secure Boot Attacks Uncovered Ruxcon 2014 Advanced Threat Research, Intel Security John

BIOS and Secure Boot Attacks Uncovered Ruxcon 2014 Advanced Threat Research, Intel Security John Loucaides (presenting) In n The he Be Begi ginnin nning Was as The he Leg egacy acy BI BIOS.. S.. Leg egacy acy BI BIOS 1. CPU

1.36k views • 101 slides
CO CO 447 SECU CURE DE DESIGN PRINCI CIPLES JAVA SECU CURITY ROP AND D ADVANCE CED D EX

CO CO 447 SECU CURE DE DESIGN PRINCI CIPLES JAVA SECU CURITY ROP AND D ADVANCE CED D EX

CO CO 447 SECU CURE DE DESIGN PRINCI CIPLES JAVA SECU CURITY ROP AND D ADVANCE CED D EX EXPL PLOITS Dr. Ben Livshits Pa Password reuse 2 https://www.enzoic.com/8-stats-on-password-reuse/ Con Continued 3 So Some Su Survey

733 views • 48 slides
CO CO 447 | LEC3 SECU CURE DE DESIGN PRINCI CIPLES JAVA SECU CURITY ROP AND D ADVANCE CED

CO CO 447 | LEC3 SECU CURE DE DESIGN PRINCI CIPLES JAVA SECU CURITY ROP AND D ADVANCE CED

CO CO 447 | LEC3 SECU CURE DE DESIGN PRINCI CIPLES JAVA SECU CURITY ROP AND D ADVANCE CED D EX EXPL PLOITS Dr. Ben Livshits Java and Native Interactions 2 Possible to compile bytecode class file to native code class

1.22k views • 86 slides
CO CO 447 CO COURSE INTRODUCTION SE SECU CURIT RITY P PROP OPER ERTIE IES SE SECU

CO CO 447 CO COURSE INTRODUCTION SE SECU CURIT RITY P PROP OPER ERTIE IES SE SECU

CO CO 447 CO COURSE INTRODUCTION SE SECU CURIT RITY P PROP OPER ERTIE IES SE SECU CURE D RE DESIG SIGN Dr. Ben Livshits Hi High-Le Level el Course e Lo Logistics cs 2 https://co447.doc.ic.ac.uk/ Cou Course Log ogistics

984 views • 25 slides
AN ANDR DROID OID S SECU CURE RE C COM OMMUNICATION UNICATION SYSTE TEM M U USING

AN ANDR DROID OID S SECU CURE RE C COM OMMUNICATION UNICATION SYSTE TEM M U USING

AN ANDR DROID OID S SECU CURE RE C COM OMMUNICATION UNICATION SYSTE TEM M U USING NG S STE TEGAN ANOGRAPH OGRAPHY Kleona Binjaku Elinda Kajo Mee DAAD Workshop "Cooperation at Academic Informatics Education across

972 views • 23 slides
HOWTO: Boot an OS By Camille Lecuyer LSE Week - July 17 2013 2 PRESENTATION EPITA 2014 -

HOWTO: Boot an OS By Camille Lecuyer LSE Week - July 17 2013 2 PRESENTATION EPITA 2014 -

1 HOWTO: Boot an OS By Camille Lecuyer LSE Week - July 17 2013 2 PRESENTATION EPITA 2014 - GISTRE Not LSE team 3 SUMMARY BIOS UEFI Boot a Linux kernel Boot a Multiboot compliant kernel 4 BIOS 5 OVERVIEW Basic

788 views • 48 slides
Mak aking th the P Physical cal W World D Digital tal & & S Secu cure Q1 2020

Mak aking th the P Physical cal W World D Digital tal & & S Secu cure Q1 2020

NA NASDAQ: Q: INVE Mak aking th the P Physical cal W World D Digital tal & & S Secu cure Q1 2020 Earnings Presentation May 7, 2020 Saf afe Har Harbor Note Regarding Forward-Looking Information This presentation contains

750 views • 16 slides
Tw Two-round Secu cure MPC from Mi Mini nimal Assum umptions ns Sanjam Garg Akshayaram

Tw Two-round Secu cure MPC from Mi Mini nimal Assum umptions ns Sanjam Garg Akshayaram

Tw Two-round Secu cure MPC from Mi Mini nimal Assum umptions ns Sanjam Garg Akshayaram Srinivasan University of California, Berkeley Eurocrypt 2018 Secure Two-Party Computation [Yao 86] Securely compute ( " , #

286 views • 24 slides
Evil Maid Just Got Angrier Why Full-Disk Encryption With TPM is Insecure on Many Systems Yuriy

Evil Maid Just Got Angrier Why Full-Disk Encryption With TPM is Insecure on Many Systems Yuriy

Evil Maid Just Got Angrier Why Full-Disk Encryption With TPM is Insecure on Many Systems Yuriy Bulygin (@c7zero) CanSecWest 2013 Outline 1 UEFI BIOS Outline 1 UEFI BIOS 2 Measured/Trusted Boot Outline 1 UEFI BIOS 2 Measured/Trusted Boot 3 The

906 views • 90 slides
Cold Boot Attacks on Ring & Module-LWE Under the NTT Martin R. Albrecht, Amit Deo, Kenneth G.

Cold Boot Attacks on Ring & Module-LWE Under the NTT Martin R. Albrecht, Amit Deo, Kenneth G.

Cold Boot Attacks on Ring & Module-LWE Under the NTT Martin R. Albrecht, Amit Deo, Kenneth G. Paterson Royal Holloway, University of London September 12, 2018 1 / 30 Cold boot attack scenario Originally investigated by [HSHCPCFAF09]

1.16k views • 48 slides
Nandeeshwar.B CDAC Hyderabad 29.04.2020 Why Security ? " The olden phrase is always

Nandeeshwar.B CDAC Hyderabad 29.04.2020 Why Security ? " The olden phrase is always

Nandeeshwar.B CDAC Hyderabad 29.04.2020 Why Security ? " The olden phrase is always golden... Prevention is Better than Cure." Desktop Security BIOS Settings BIOS (Basic Input / Output System) Settings Computers BIOS is

842 views • 68 slides
Verified Boot and Free Software: Reconciling Freedom and Security Paul Kocialkowski

Verified Boot and Free Software: Reconciling Freedom and Security Paul Kocialkowski

Verified Boot and Free Software: Reconciling Freedom and Security Paul Kocialkowski contact@paulk.fr Monday July 4 th 2016 Introducing Verified Boot and Related Issues Introducing Verified Boot and Related Issues Bootup Process BIOS History

947 views • 39 slides
21/02/2012 CSN08101 Digital Forensics Lecture 5A: PC Boot Sequence and Storage Devices Module

21/02/2012 CSN08101 Digital Forensics Lecture 5A: PC Boot Sequence and Storage Devices Module

21/02/2012 CSN08101 Digital Forensics Lecture 5A: PC Boot Sequence and Storage Devices Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Objectives BIOS and boot process Storage devices Partitions Computer Hardware

777 views • 15 slides
A new boot process for Plan 9 Iruat Souza 4th IWP9 October 22, 2009 http://iru.oitobits.net

A new boot process for Plan 9 Iruat Souza 4th IWP9 October 22, 2009 http://iru.oitobits.net

A new boot process for Plan 9 Iruat Souza 4th IWP9 October 22, 2009 http://iru.oitobits.net http://src.oitobits.net/9null What we will see Motivation Plan 9 on PC BIOS and MBR Primary Boot Sector (PBS) 9load(8) Stock

483 views • 20 slides
Booting PROM (BIOS) perform basic self-test (POST) Lecture 13 and access parameters from

Booting PROM (BIOS) perform basic self-test (POST) Lecture 13 and access parameters from

Booting PROM (BIOS) perform basic self-test (POST) Lecture 13 and access parameters from nvram OS Loader locate and run kernel on disk Located in the MBR (first sector of boot device) May call secondary loader on some

468 views • 11 slides
Redundant Booting with U-Boot Welcome to the Redundancy Theater Playhouse Thomas Rini 1 2

Redundant Booting with U-Boot Welcome to the Redundancy Theater Playhouse Thomas Rini 1 2

Redundant Booting with U-Boot Welcome to the Redundancy Theater Playhouse Thomas Rini 1 2 Overview Historically how redundancy has been developed and implemented What we have today And have had for a while What we hope to have

428 views • 10 slides
HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) Karim

HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) Karim

HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) Karim Eldefrawy , Norrathep Rattanavipanon, Gene Tsudik HRL Labs UC Irvine UC Irvine (Currently at SRI) July 18, 2017 karim.eldefrawy@sri.com IoT/CPS/ES 2

1.07k views • 41 slides
Linux Boot Camp Jenna MacCarley, Peter Pearson, Shashank Goyal 9/19/2015 Carnegie Mellon

Linux Boot Camp Jenna MacCarley, Peter Pearson, Shashank Goyal 9/19/2015 Carnegie Mellon

Carnegie Mellon Linux Boot Camp Jenna MacCarley, Peter Pearson, Shashank Goyal 9/19/2015 Carnegie Mellon Connecting SSH Windows users: PuTTY (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html) Mac/Linux users: Use ssh

703 views • 27 slides
TrustOTP: Transforming Smartphones into Secure One-Time Password

TrustOTP: Transforming Smartphones into Secure One-Time Password

TrustOTP: Transforming Smartphones into Secure One-Time Password Tokens He Sun, Kun Sun, Yuewu Wang, and Jiwu Jing Presented by Fengwei

474 views • 26 slides
HOST Secure Boot I ECE 525 Secure Boot Introduction Embedded system security can be partitioned

HOST Secure Boot I ECE 525 Secure Boot Introduction Embedded system security can be partitioned

HOST Secure Boot I ECE 525 Secure Boot Introduction Embedded system security can be partitioned into two categories: Security issues associated with the design Security issues associated with the system and application data once the

1.13k views • 25 slides
Class Structure Last time: Fast Learning, Exploration/Exploitation Part 1 This Time: Fast

Class Structure Last time: Fast Learning, Exploration/Exploitation Part 1 This Time: Fast

Lecture 12: Fast Reinforcement Learning Part II 2 Emma Brunskill CS234 Reinforcement Learning. Winter 2018 2 With many slides from or derived from David Silver, Worked Examples New Lecture 12: Fast Reinforcement Learning Part II 3 Emma Brunskill

1.04k views • 70 slides
Section 15 Section 15 ADSP-BF533 Booting a 15-1 1 What is Booting? What is Booting?

Section 15 Section 15 ADSP-BF533 Booting a 15-1 1 What is Booting? What is Booting?

Section 15 Section 15 ADSP-BF533 Booting a 15-1 1 What is Booting? What is Booting? Booting is the process of loading application code, stored in an external memory device, into the various internal and external memories of the

505 views • 23 slides
CSGE602055 Operating Systems CSF2600505 Sistem Operasi Week 09: Storage, Firmware, Bootloader,

CSGE602055 Operating Systems CSF2600505 Sistem Operasi Week 09: Storage, Firmware, Bootloader,

CSGE602055 Operating Systems CSF2600505 Sistem Operasi Week 09: Storage, Firmware, Bootloader, & Systemd Rahmat M. Samik-Ibrahim (ed.) University of Indonesia https://os.vlsm.org/ Always check for the latest revision! REV254 27-Oct-2020

457 views • 30 slides

More recommend