Summary of Attacks Against BIOS and Secure Boot

Presented at DEF CON 22 (2014), Aug. 9, 2014, noon (60 minutes).

A variety of attacks targeting platform firmware have been discussed publicly, drawing attention to the pre-boot and firmware components of the platform such as secure boot, OS loaders, and SMM. Windows 8 Secure Boot provides an important protection against bootkits by enforcing a signature check on each boot component. This talk will detail and organize some of the attacks and how they work. We will demonstrate a full software bypass of secure boot. In addition, we will describe underlying vulnerabilities and how to assess systems for these issues using chipsec (https://github.com/chipsec/chipsec), an open source framework for platform security assessment. We will cover BIOS write protection, forensics on platform firmware, attacks against SMM, attacks against secure boot, and various other issues. After watching, you should understand how these attacks work, how they are mitigated, and how to test a system for the vulnerability.


Presenters:

  • Yuriy Bulygin - Chief Threat Architect, Intel Security
    Yuriy Bulygin is a Chief Threat Architect. Over the past 8 years he has enjoyed analyzing the security of everything from OS to CPU microcode and hardware. He is now leading a security threat research team, advancing research in security threats to modern PC, mobile, and embedded platforms and protections. Twitter: @c7zero
  • Oleksandr Bazhaniuk - Security Researcher, Intel Security
    Oleksandr Bazhaniuk is a security researcher and reverse engineer with background in automation of binary vulnerability analysis. He is also a co-founder of DCUA, the first DEF CON group in Ukraine. Twitter: @ABazhaniuk
  • Andrew Furtak - Security Researcher, Intel Security
    Andrew Furtak is a security researcher focusing on security analysis of firmware and hardware of modern computing platforms and a security software engineer in the past. Andrew holds a MS in Applied Mathematics and Physics from the Moscow Institute of Physics and Technology.
  • John Loucaides - Security Researcher, Intel Security
    John Loucaides is a security researcher who is currently focusing on responding to platform security issues. He has performed security analysis for a wide variety of targets from embedded systems to enterprise networks, developing repeatable methods for improving assurance.

Links:

Similar Presentations: