Summary of Attacks Against BIOS and Secure Boot

Presented at DEF CON 22 (2014), Aug. 9, 2014, noon (60 minutes)

A variety of attacks targeting platform firmware have been discussed publicly, drawing attention to the pre-boot and firmware components of the platform such as secure boot, OS loaders, and SMM. Windows 8 Secure Boot provides an important protection against bootkits by enforcing a signature check on each boot component. This talk will detail and organize some of the attacks and how they work. We will demonstrate a full software bypass of secure boot. In addition, we will describe underlying vulnerabilities and how to assess systems for these issues using chipsec (https://github.com/chipsec/chipsec), an open source framework for platform security assessment. We will cover BIOS write protection, forensics on platform firmware, attacks against SMM, attacks against secure boot, and various other issues. After watching, you should understand how these attacks work, how they are mitigated, and how to test a system for the vulnerability.

Presenters:

• John Loucaides - Security Researcher, Intel Security
  John Loucaides is a security researcher who is currently focusing on responding to platform security issues. He has performed security analysis for a wide variety of targets from embedded systems to enterprise networks, developing repeatable methods for improving assurance.
• Andrew Furtak - Security Researcher, Intel Security
  Andrew Furtak is a security researcher focusing on security analysis of firmware and hardware of modern computing platforms and a security software engineer in the past. Andrew holds a MS in Applied Mathematics and Physics from the Moscow Institute of Physics and Technology.
• Oleksandr Bazhaniuk - Security Researcher, Intel Security
  Oleksandr Bazhaniuk is a security researcher and reverse engineer with background in automation of binary vulnerability analysis. He is also a co-founder of DCUA, the first DEF CON group in Ukraine. Twitter: @ABazhaniuk
• Yuriy Bulygin - Chief Threat Architect, Intel Security
  Yuriy Bulygin is a Chief Threat Architect. Over the past 8 years he has enjoyed analyzing the security of everything from OS to CPU microcode and hardware. He is now leading a security threat research team, advancing research in security threats to modern PC, mobile, and embedded platforms and protections. Twitter: @c7zero

Links:

• https://defcon.org/html/defcon-22/dc-22-speakers.html#Bulygin
• https://infocon.org/cons/DEF CON/DEF CON 22/DEF CON 22 slides/DEF CON 22 - Hacking Conference Presentation Yuriy Bulygin & Oleksandr Bazhaniuk & Andrew Furtak & John Loucaides - Summary of Attacks Against BIOS and Secure Boot - Slides.mp4
• https://infocon.org/cons/DEF CON/DEF CON 22/DEF CON 22 slides/DEF CON 22 - Hacking Conference Presentation Yuriy Bulygin & Oleksandr Bazhaniuk & Andrew Furtak & John Loucaides - Summary of Attacks Against BIOS and Secure Boot - Video.mp4
• https://infocon.org/cons/DEF CON/DEF CON 22/DEF CON 22 slides/DEF CON 22 - Hacking Conference Presentation Yuriy Bulygin & Oleksandr Bazhaniuk & Andrew Furtak & John Loucaides - Summary of Attacks Against BIOS and Secure Boot - Slides.srt (subtitles)
• https://www.youtube.com/watch?v=QDSlWa9xQuA

Similar Presentations:

• DEF CON 30 (2022) / One Bootloader to Load Them All
• ToorCon San Diego 15 (2013) / A Tale of One Software Bypass of Windows 8 Secure Boot
• Black Hat USA 2013 / A Tale of One Software Bypass of Windows 8 Secure Boot