The power consumption of PCs, laptops, and servers is important because it is related to cost and battery running time. The PC, laptop, and server environments that support advanced configuration and power interface (ACPI) provide six sleeping states (S0-S5) for reducing power consumption according to the operating status. In the sleeping state, CPU, device, and RAM are shut down as the steps of sleeping states increase.
When the system shuts down the components, the system can dramatically reduce power consumption. However, there is a disadvantage that the system should reinitialize the components. Initializations of the components take time to wake up and cause temporary shutdowns of security devices. UEFI firmware uses S3 bootscript to reduce time consumption and reactivates the security devices as soon as possible. Unfortunately, these increase the attack surface.
In this talk, we present how we neutralize the Intel TXT (Trusted eXecution Environment) using S3 sleeping state. Intel TXT is the hardware-based mechanisms that support dynamic root of trust measurement (DRTM) and validate platform trustworthiness during boot and launch. Intel TXT works with Trusted Platform Module (TPM) and extends the hashes of software to platform configuration registers (PCRs). The DRTM PCR values of the TPM are set first by the Intel TXT, and it is difficult to reset them to specific values. To show that Intel TXT can be neutralized, we targeted tBoot, a reference implementation of Intel TXT technology. The tBoot is an open source project and protects the VMM (Virtual Machine Monitor) and OS. We found some flaws of tBoot and confirmed that we could neutralize Intel TXT by resetting the PCRs to specific values using tBoot flaws and S3 sleep. These attacks have never been published before and we will share our research results.