securing secure boot on xen
play

Securing Secure Boot on Xen Ross Lagerwall Software Engineer, - PowerPoint PPT Presentation

Sep 27, 2023 •147 likes •303 views

Securing Secure Boot on Xen Ross Lagerwall Software Engineer, Citrix Systems 1 / 15 Presentation licensed CC-By-SA-4.0 Why Secure Boot? How can we prevent running malware at boot? With Secure Boot! What if the machine is a VM in

  1. Securing Secure Boot on Xen Ross Lagerwall Software Engineer, Citrix Systems 1 / 15 Presentation licensed CC-By-SA-4.0

  2. Why Secure Boot? ● How can we prevent running malware at boot? ● With Secure Boot! ● What if the machine is a VM in the cloud? ● Xen doesn‘t support Secure Boot yet – let΄s see how it can be done. 2

  3. Background ● UEFI is a replacement for the BIOS ● It defines how operating systems interact with firmware including how the OS is started ● Secure Boot is part of the UEFI specification from 2.3.1 Errata C ● Using Secure Boot on Xen requires booting the guest as a UEFI guest Operating system ● Support for this exists using OVMF Extensible Firmware Interface Firmware 3 Images: Tiancocore (https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Logo/Logo.bmp) Hardware UEFI (https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface)

  4. Background ● Starting an OS under UEFI works differently compared with BIOS ● The firmware knows how to load a specified file on a FAT-formatted filesystem – could be a bootloader or an OS kernel. ● With Secure Boot, there is an extra step: Before executing the file its signature is verified 4

  5. Background ● How is it verified? ● Hardware has NVRAM which stores UEFI variables and these include certificates databases (called PK, KEK, db) ● The kernel to be booted needs to be signed by one of the trusted certificates ● If malware patches or replaces the kernel the firmware will refuse to start it because it fails the signature check 5

  6. Background ● How are the certificate databases populated? ● Prepopulated at the factory ● They are UEFI authenticated variables which require updates to be signed by the certificates already stored there ● Alternatively a platform-specific reset method can be used to clear the databases 6

  7. Implementation on real hardware ● The code which implements SetVariable() (i.e. variable services) needs to be protected from malware otherwise Secure Boot is compromised ● But malware could be running at the highest privilege level! ● An extra level of privilege is needed ● System Management Mode! ● Put the code in SMRAM so that it cannot be accessed outside of SMM ● Configure the NVRAM so that it can only be written from SMM ● Setting variables requires trapping into SMM 7

  8. Implementation on KVM ● KVM virtualizes what real hardware does ● QEMU emulates a block of flash memory for the NVRAM ● KVM emulates SMM for guests ● Reuses existing code for the security-critical parts of variables services See Securing secure boot with System Management Mode, Paolo 8 Bonzini, KVM Forum 2015 for more details.

  9. Implementation on Xen ● There are numerous vulnerabilities and attacks against SMM ● Xen has no support for emulating SMM ● Using emulated flash limits flexibility of variable storage ● How can we do better? 9

  10. Implementation on Xen ● With virtualization, there are already two distinct privilege levels (guest and hypervisor) so SMM is not needed ● Run a daemon that implements variable services outside of the guest execution context ● Add a new module to OVMF that implements variables services by proxying to the daemon running outside the guest 10

  11. Implementation on Xen ● The guest has no direct access to the code that executes the variables services ● Nor does it have direct access to the variable storage ● Variable storage is abstracted so that different backends can be used: Berkeley DB, SQLite, MySQL, XAPI database, flat files, etc. 11

  12. Implementation on Xen Hypervisor (dom0) Guest (n) Memory OVMF map varstored (n) OS XenVariable module XAPI DB return return handler_set_variable() store ioport write(port, pagenr) SetVariable() SetVariable() dispatch 12

  13. Implementation on Xen ● varstored: A daemon that implements all the required variable services using the XAPI database for storage ● XenVariable: An OVMF module that proxies variable service calls to varstored ● It works with Xen to securely implement Secure Boot and boots Linux and Windows guests ● Could be used with KVM without much difficulty ● It is not a platform specific implementation unlike the other approaches 13

  14. Demo ● Video at https://rossl.org/fosdem2019.mkv 14

  15. When can I use it? ● Not yet publicly available – will be released shortly and announced on the Xen mailing list 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Securing secure boot with System Management Mode Paolo Bonzini Red Hat, Inc. KVM Forum 2015

Securing secure boot with System Management Mode Paolo Bonzini Red Hat, Inc. KVM Forum 2015

Securing secure boot with System Management Mode Paolo Bonzini Red Hat, Inc. KVM Forum 2015 Outline UEFI overview Secure boot and SMM Chipset support: QEMU Hypervisor support: KVM Paolo Bonzini KVM Forum 2015 What is UEFI?

591 views • 29 slides
Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure

Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure

Top 10 Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure Boot Theory Internal boot ROM 1 st stage boot loader N th stage Verify signature Optional decrypt boot loader OS / Application 2

517 views • 25 slides
Extending the Secure Boot Certificate and Signature Chain of Trust to the OS Fionnuala Gunter,

Extending the Secure Boot Certificate and Signature Chain of Trust to the OS Fionnuala Gunter,

Extending the Secure Boot Certificate and Signature Chain of Trust to the OS Fionnuala Gunter, fin.gunter@hypori.com Mimi Zohar, zohar@linux.vnet.ibm.com Secure Boot Chains of Trust Secure Boot places the root of PK trust in hardware

847 views • 16 slides
HOST Secure Boot I ECE 525 Secure Boot Introduction Embedded system security can be partitioned

HOST Secure Boot I ECE 525 Secure Boot Introduction Embedded system security can be partitioned

HOST Secure Boot I ECE 525 Secure Boot Introduction Embedded system security can be partitioned into two categories: Security issues associated with the design Security issues associated with the system and application data once the

1.13k views • 25 slides
Secure and flexible boot with U-Boot bootloader Marek Va sut < marex@denx.de > October

Secure and flexible boot with U-Boot bootloader Marek Va sut < marex@denx.de > October

Secure and flexible boot with U-Boot bootloader Marek Va sut < marex@denx.de > October 15, 2014 Marek Va sut < marex@denx.de > Secure and flexible boot with U-Boot bootloader Marek Vasut Software engineer at DENX S.E. since

382 views • 35 slides
Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL

Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL

Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL TIEMPO S.A.S. December 3, 2019 1 Outline Connected Objects Securing IoT with a hardware Secure Element Introduction Securing Treats

537 views • 10 slides
Setup For Failure: Defea0ng UEFI Secure Boot Corey

Setup For Failure: Defea0ng UEFI Secure Boot Corey

Setup For Failure: Defea0ng UEFI Secure Boot Corey Kallenberg @coreykal Sam Cornwell @ssc0rnwell Xeno Kovah @xenokovah John BuGerworth

1.22k views • 84 slides
SECURING SECURE SHELL INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT AGAINST INSIDER THREATS

SECURING SECURE SHELL INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT AGAINST INSIDER THREATS

SECURING SECURE SHELL INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT AGAINST INSIDER THREATS Applying Due Care Via Common Sense Approach April 2017 100% 46% Ponemon 2014 SSH Security Vulnerability of 2000 Global do not Organizations Report

307 views • 29 slides
Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure Routing? Current routing protocols assume trusted environment! Even misconfigurations severely disrupt Internet routing Secure routing

245 views • 22 slides
Defeating Secure Boot with EMFI Ang Cui, PhD & Rick Housley {a|r}@redballoonsecurity.com

Defeating Secure Boot with EMFI Ang Cui, PhD & Rick Housley {a|r}@redballoonsecurity.com

Defeating Secure Boot with EMFI Ang Cui, PhD & Rick Housley {a|r}@redballoonsecurity.com PROJECT 1. Open-source project to democratize EMFI research 2. 2 years of work so far PROJECT Disclaimer: BadFET-style EMFI research is

1.55k views • 126 slides
RE-FRAME LET'S MAKE A CLOCK (WOW!) TO UNDERSTAND RE-FRAME, YOU MUST BE ABLE TO LIVE WITHOUT IT.

RE-FRAME LET'S MAKE A CLOCK (WOW!) TO UNDERSTAND RE-FRAME, YOU MUST BE ABLE TO LIVE WITHOUT IT.

RE-FRAME LET'S MAKE A CLOCK (WOW!) TO UNDERSTAND RE-FRAME, YOU MUST BE ABLE TO LIVE WITHOUT IT. BOOT https://github.com/boot-clj/boot BOOT TEMPLATES boot -d seancorfield/boot-new new -t tenzing -n <name> [+a <option>]* $ cd

566 views • 22 slides
Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K.

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K.

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K. MASMOUDI, K. MASMOUDI, H. AFIFI H. AFIFI Boston, 08/2004 6 th PCRD Integrated Project Goal : provide secure communication

450 views • 22 slides
Securing Energy Efficiency to Secure the Energy Union www.jrc.ec.europa.eu Yamina Saheb Heinz

Securing Energy Efficiency to Secure the Energy Union www.jrc.ec.europa.eu Yamina Saheb Heinz

Securing Energy Efficiency to Secure the Energy Union www.jrc.ec.europa.eu Yamina Saheb Heinz Ossenbrink Serving society Stimulating innovation Supporting legislation Does energy efficiency reduce the size of the energy trilemma? Energy

369 views • 20 slides
Securing RFID with Ultra-wideband Modulation Pengyuan Yu, Patrick Schaumont and Dong Ha

Securing RFID with Ultra-wideband Modulation Pengyuan Yu, Patrick Schaumont and Dong Ha

Securing RFID with Ultra-wideband Modulation Pengyuan Yu, Patrick Schaumont and Dong Ha Presented By: Eric Simpson Summary Traditional Secure Communications Securing the physical layer with UWB TH-PPM RFID digital baseband

386 views • 19 slides
LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Can We Have it Both Ways? Safe Secure Privacy-friendly

892 views • 62 slides
Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the

Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the

Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the outside To protect Linux VMs from outside attacks (from processes running on the host). Injecting code into the boot chain. Stealing data from

559 views • 18 slides
COMP 633 - Parallel Computing Lecture 7 September 3, 2020 SMM (2) OpenMP Programming Model

COMP 633 - Parallel Computing Lecture 7 September 3, 2020 SMM (2) OpenMP Programming Model

COMP 633 - Parallel Computing Lecture 7 September 3, 2020 SMM (2) OpenMP Programming Model Reading for next time OpenMP tutorial: look through secns 3-5 plus secn 6 up to exercise 1 COMP 633 - Prins Shared Memory Multiprocessing

428 views • 27 slides
Motivation f g h P STE ckt A C (theorem proving) OKAY? SMC ckt (G(r F a)) Use

Motivation f g h P STE ckt A C (theorem proving) OKAY? SMC ckt (G(r F a)) Use

A Stream-based Framework for Reasoning with STE and other LTL Verification Formalisms John OLeary Tom Melham Dept of Computing Science Strategic CAD Labs Intel Corporation University of Glasgow Glasgow, Scotland, G12 8QQ 5200 NE Elam

276 views • 13 slides
Variable Binding, Symmetric Monoidal Pardon Closed Theories, and Bigraphs Motivation Signatures

Variable Binding, Symmetric Monoidal Pardon Closed Theories, and Bigraphs Motivation Signatures

Variable Binding, Symmetric Monoidal Closed Theories, and Bigraphs Garner, Hirschowitz, Variable Binding, Symmetric Monoidal Pardon Closed Theories, and Bigraphs Motivation Signatures and free smc categories Application to Richard Garner

473 views • 35 slides
tt+X hadroproduction at NLO+SMC Zoltn Trcsnyi University of Debrecen and Institute

tt+X hadroproduction at NLO+SMC Zoltn Trcsnyi University of Debrecen and Institute

tt+X hadroproduction at NLO+SMC Zoltn Trcsnyi University of Debrecen and Institute of Nuclear Research in collaboration with A. Kardos, M.V. Garzelli and HELAC group based on arXiv:1101.2672, 1108.0387 and unpublished Thursday,

955 views • 60 slides
A differential approach to computing zeta functions over finite fields Kiran S. Kedlaya

A differential approach to computing zeta functions over finite fields Kiran S. Kedlaya

A differential approach to computing zeta functions over finite fields Kiran S. Kedlaya Department of Mathematics, Massachusetts Institute of Technology AMS-SMM Joint Meeting Zacatecas, May 25, 2007 Kiran S. Kedlaya (MIT, Dept. of Mathematics)

775 views • 49 slides
Small-Scale Shared Address Space Multiprocessor (MIMD) Processors are connected via a dynamic

Small-Scale Shared Address Space Multiprocessor (MIMD) Processors are connected via a dynamic

Small-Scale Shared Address Space Multiprocessor (MIMD) Processors are connected via a dynamic network/bus to a shared memory Communication and coordination through shared variables in the memory Lecture 3: The user (the

358 views • 9 slides
Introduction & Overview Lecture 01, 2018-03-19 Christian Schulte cschulte@kth.se Software

Introduction & Overview Lecture 01, 2018-03-19 Christian Schulte cschulte@kth.se Software

ID2204: Constraint Programming Introduction & Overview Lecture 01, 2018-03-19 Christian Schulte cschulte@kth.se Software and Computer Systems School of Electrical Engineering and Computer Science KTH Royal Institute of Technology Sweden

565 views • 39 slides
Operationalizing Social Media - How SAP Replicated its Successful Social Media Processes Across

Operationalizing Social Media - How SAP Replicated its Successful Social Media Processes Across

Operationalizing Social Media - How SAP Replicated its Successful Social Media Processes Across the Globe Todd Wilms Sr. Director, Social Media Audience Marketing, SAP What are the most frustrating challenges to social media marketing

141 views • 12 slides

More recommend