BIOS Security

Presented at Black Hat USA 2013, July 31, 2013, 2:15 p.m. (60 minutes).

In 2011 the National Institute of Standard and Technology (NIST) released a draft of special publication 800-155. This document provides a more detailed description than the Trusted Platform Module (TPM) PC client specification for content that should be measured in the BIOS to provide an adequate Static Root of Trust for Measurement (SRTM). To justify the importance of 800-155, in this talk we look at the implementation of the SRTM from a vendor's pre-800-155 laptop. We discuss how the BIOS and thus SRTM can be manipulated either due to a configuration that does not enable signed BIOS updates, or via an exploit we discovered that allows for BIOS reflash even in the presence of a signed update requirement.

We also show how a 51 byte patch to the SRTM can cause it to provide a forged measurement to the TPM indicating that the BIOS is pristine. If a TPM Quote is used to query the boot state of the system, this TPM-signed falsification will then serve as the root of misplaced trust. We also show how reflashing the BIOS may not necessarily remove this trust-subverting malware. To fix the un-trustworthy SRTM we apply an academic technique whereby the BIOS software indicates its integrity through a timing side-channel.


Presenters:

  • John Butterworth - The MITRE Corporation
    John Butterworth is a security researcher at The MITRE Corporation who specializes in low level system security. He is applying his electrical engineering background and firmware engineering background to investigate UEFI/BIOS security.
  • Corey Kallenberg - The MITRE Corporation
    Corey Kallenberg is a MITRE researcher who specializes in low level system security. He is currently using his background in operating system development, firmware security and trusted computing to investigate BIOS/UEFI security issues.
  • Xeno Kovah - The MITRE Corporation
    Xeno is a Lead InfoSec Engineer at The MITRE Corporation, a non-profit company that runs 6 federally funded research and development centers (FFRDCs) as well as manages CVE. He is the team lead for the BIOS Analysis for Detection of Advanced System Subversion project. On the predecessor project, Checkmate, he investigated kernel/userspace memory integrity verification & timing-based attestation. Both projects have a special emphasis on how to make it so that the measurement agent can't just be made to lie by an attacker.

Links:

Similar Presentations: