Baring the system: New vulnerabilities in SMM of Coreboot and UEFI based systems

Presented at REcon Brussels 2017, Jan. 29, 2017, 3 p.m. (60 minutes)

Previously, we discovered a number of vulnerabilities in UEFI basedfirmware including software vulnerabilities in SMI handlers that couldlead to SMM code execution, attacks on hypervisors like Xen, Hyper-V andbypassing modern security protections in Windows 10 such as VirtualSecure Mode with Credential and Device Guard. These issues led tochanges in the way OS communicates with SMM on UEFI based systems andnew Windows SMM Security Mitigations ACPI Table (WSMT).This research describes an entirely new class of vulnerabilitiesaffecting SMI handlers on systems with Coreboot and UEFI based firmware.These issues are caused by incorrect trust assumptions between thefirmware and underlying hardware which makes them applicable to any typeof system firmware. We will describe impact and various mitigationtechniques. We will also release a module for open source CHIPSECframework to automatically detect this type of issues on a running system.



Similar Presentations: