All Your Boot Are Belong To Us

Similar documents
A Tale of One Software Bypass of Windows 8 Secure Boot. Yuriy Bulygin Andrew Furtak Oleksandr Bazhaniuk

BIOS and Secure Boot Attacks Uncovered

Hi and welcome to the Microsoft Virtual Academy and

Attacking Hypervisors via Firmware and Hardware

UEFI on Dell BizClient Platforms

Trustworthy Computing

UEFI Firmware Security Best Practices

Attacking Hypervisors via Firmware and Hardware

UEFI Driver Development Guide for All Hardware Device Classes

Fastboot Techniques for x86 Architectures. Marcus Bortel Field Application Engineer QNX Software Systems

UEFI Implications for Windows Server

A Tour Beyond BIOS Supporting an SMM Resource Monitor using the EFI Developer Kit II

UEFI SECURE BOOT IN MODERN COMPUTER SECURITY SOLUTIONS

Introducing Ring -3 Rootkits

OVERVIEW Playbacks: Shortcuts: Memories: Data Entry Wheels: Touchpad: Master and Blackout:

MBR and EFI Disk Partition Systems

Race to bare metal: UEFI and hypervisors

The PC Boot Process - Windows XP.

Creating a More Secure Device with Windows Embedded Compact 7. Douglas Boling Boling Consulting Inc.

GPT hard Disk Drives. For HP Desktops. Abstract. Why GPT? April Table of Contents:

Mount & Boot Center. Contents

Making UEFI Secure Boot Work With Open Platforms

BIOS Update Release Notes

Session ID: Session Classification:

Intel Tunnel Mountain Software Development Platform Overview, IHV Tools Update

installing UEFi-based Microsoft Windows Vista SP1 (x64) on HP EliteBook and Compaq Notebook PCs

DELL. Unified Server Configurator Security Overview. A Dell Technical White Paper. By Raja Tamilarasan, Wayne Liles, Marshal Savage and Weijia Zhang

Hardware Enabled Zero Day Protection

HP BUSINESS NOTEBOOK PC F10 SETUP OVERVIEW

INLICHTINGEN DIENSTEN INLICHTINGEN DIENSTEN

BOOTKITS: PAST, PRESENT & FUTURE Eugene Rodionov ESET, Canada Alexander Matrosov Intel, USA David Harley ESET North America, UK

ThinLinX TLXOS NUC / Compute Stick / RePC Installation Guide Creating the Installer (Step 1)

HP EliteBook and ProBook Notebook PCs - Upgrading from Windows 7 to Windows 8

Guide to SATA Hard Disks Installation and RAID Configuration

UEFI PXE Boot Performance Analysis

Computer Setup User Guide

Dell Client BIOS: Signed Firmware Update

BIOS Update Release Notes

Monthly Specification Update

Dual-boot Windows 10 alongside Windows 8

CCNA 2 Chapter 5. Managing Cisco IOS Software

Windows 8/8.1 BIOS Setting VIG440J (PMPFS440)


Navigating Endpoint Encryption Technologies

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

Paragon Recovery Media Builder

BIOS Update SOP. Updating BIOS under Windows Mode for Intel Series (PXX/ZXX/X79)... 2

VMWare Workstation 11 Installation MICROSOFT WINDOWS SERVER 2008 R2 STANDARD ENTERPRISE ED.

Microsoft Windows Server 2008* (x86 & x64) Dual SCM (ALUA) Installation BKM. Intel Order Number: E

Installing Microsoft Windows on HP Compaq and EliteBook Notebook PCs

BIOS Update Release Notes

HP Compaq dc7800p Business PC with Intel vpro Processor Technology and Virtual Appliances

Paragon Recovery Media Builder

Marvell SATA3 RAID Installation Guide

Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot

Embedded Trusted Computing on ARM-based systems

BIOS Update Release Notes

AN10860_1. Contact information. NXP Semiconductors. LPC313x NAND flash data and bad block management

HP Compaq notebook common image white paper

Design and development of an automated regression test suite for UEFI

Using GIGABYTE Notebook for the First Time

Hardware Backdooring is practical. Jonathan Brossard (Toucan System) Florentin Demetrescu (Cassidian)

Chapter 5: Fundamental Operating Systems

Configuring HP Elite, EliteBook, and Z220 systems for Intel Smart Response Technology

Windows 8 UEFI BIOS Update (Step-by-Step Guide)

Understanding the Boot Process and Command Line Chapter #3

Best Practices for Deploying, Replicating, and Managing Real-Time and FPGA Applications. ni.com

Patterns for Secure Boot and Secure Storage in Computer Systems

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

Ocster Backup - Rescue System

Melde- und Analysestelle Informationssicherung MELANI Torpig/Mebroot Reverse Code Engineering (RCE)

Computer Setup (F10) Utility Guide Evo Desktop Family Evo Workstation Family

McAfee Deep Safe. Security beyond the OS. Kai-Ping Seidenschnur Senior Security Engineer. October 16, 2012

AMD SP5100 Dot Hill SATA RAID Users Manual V100

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013

Technology in Action. Alan Evans Kendall Martin Mary Anne Poatsy. Eleventh Edition. Copyright 2015 Pearson Education, Inc.

Intel Rapid Start Technology (FFS) Guide

MF Digital 5000 USB SD Platform Series Operating Manual

ATTO ExpressSAS Troubleshooting Guide for Windows

Cautions When Using BitLocker Drive Encryption on PRIMERGY

Rcore Embedded Software Platform

Windows Phone 8 Security deep dive

Betting BIOS Bugs Won t Bite Y er Butt? Xeno Kovah Corey Kallenberg

Using a Patched Vulnerability to Bypass Windows 8 x64 Driver Signature Enforcement. MJ0011 th_decoder@126.com

PCI-SIG ENGINEERING CHANGE NOTICE

Read Me UNISTREAM AUTOMATION IDE

Using GIGABYTE Notebook for the First Time

User Guide Win7Zilla

Windows 8: Redmond s Safest Operating System Ever?

EUCIP - IT Administrator. Module 2 Operating Systems. Version 2.0

Strategies for Firmware Support of Self-Encrypting Drives

Date: March Reference No. RTS-CB 018

Using the TPM to Solve Today s Most Urgent Cybersecurity Problems

In-System Programmer USER MANUAL RN-ISP-UM RN-WIFLYCR-UM

End User Devices Security Guidance: Apple OS X 10.10

Transcription:

All Your Boot Are Belong To Us CanSecWest 2014 Intel Security Yuriy Bulygin, Andrew Furtak, Oleksandr Bazhaniuk, John Loucaides

UEFI Secure Boot

UEFI Secure Boot UEFI has largely replaced conventional BIOS for PC platform firmware on new systems. UEFI 2.3.1 specified a new security feature Secure Boot intended to protect UEFI based systems from bootkits which were affecting systems with legacy BIOS/OS boot. When enabled, Secure Boot validates the integrity of the operating system boot loader before transferring control to it.

Signed BIOS Update UEFI OROM UEFI OROM UEFI App UEFI App DXE Driver DXE Driver UEFI Boot Loader bootx64.efi bootmgfw.efi UEFI Secure Boot UEFI DXE Core / Dispatcher System Firmware (SEC/PEI) Hardware I/O Memory Network Graphics

Signed BIOS Update OS Driver OS Driver OS Kernel (+ ELAM on Windows) UEFI OS Loaders (e.g. winload.efi, winresume.efi) OS Secure Boot UEFI OROM UEFI OROM UEFI App UEFI App DXE Driver DXE Driver UEFI Boot Loader bootx64.efi bootmgfw.efi UEFI Secure Boot UEFI DXE Core / Dispatcher System Firmware (SEC/PEI) Hardware I/O Memory Network Graphics

UEFI Secure Boot in Action

MITRE First Issue

MITRE s research fit nicely with research and guidance we were already coordinating. All of this guidance has been shared previously with BIOS vendors and platform manufacturers. This guidance resulted from analysis of the BIOS implementations on specific systems. We did not perform analysis on all systems.

Unprotected Secure Boot Enable/Disable Control a.k.a. Quest For Disabling Secure Boot

Recommendations Protect Secure Boot Enable/Disable Control Don t store it in places writeable by malware (like RUNTIME_ACCESS UEFI Variables) Use SecureBootEnable UEFI Variable defined in edk2 Require user physical presence to change CHIPSEC test for this chipsec_main.py m tools.secureboot.te

Turn On/Off Secure Boot in BIOS Setup

Secure Boot Enable/Disable Control SecureBootEnable UEFI Variable When turning ON/OFF Secure Boot, it should change Hmm.. but there is no SecureBootEnable variable Where does the BIOS store Secure Boot Enable flag? Should be NV somewhere in SPI Flash.. Just dump SPI flash with Secure Boot ON and OFF chipsec_util.py spi dump spi.bin Then compare two SPI flash images? Good luck with that ;)

Secure Boot Enable/Disable in Setup Found! It really is in BIOS Setup in Setup UEFI Variable Secure Boot On Secure Boot Off chipsec_util.py uefi nvram chipsec_util.py decode

Demo

PE/TE Header Confusion a.k.a. PETE

Recommendations Don t skip checks on EFI executables with TE header Don t skip Secure Boot checks on EFI executables with TE Header Beware of customizations to open source DxeImageVerificationLib

Recap on Image Verification Handler SecureBoot EFI variable doesn t exist or equals to SECURE_BOOT_MODE_DISABLE? EFI_SUCCESS File is not valid PE/COFF image? EFI_ACCESS_DENIED SecureBootEnable NV EFI variable doesn t exist or equals to SECURE_BOOT_DISABLE? EFI_SUCCESS SetupMode NV EFI variable doesn t exist or equals to SETUP_MODE? EFI_SUCCESS

EFI Executables Any EFI executables other then PE/COFF? YES! EFI Byte Code (EBC), Terse Executable (TE) But EBC image is a 32 bits PE/COFF image wrapping byte code. No luck Terse Executable format: In an effort to reduce image size, a new executable image header (TE) was created that includes only those fields from the PE/COFF headers required for execution under the PI Architecture. Since this header contains the information required for execution of the image, it can replace the PE/COFF headers from the original image. http://wiki.phoenix.com/wiki/index.php/terse_executable_format

TE is not PE/COFF TE differs from PE/COFF only with header:

PE/TE Header Handling by the BIOS Decoded UEFI BIOS image from SPI Flash

PE/TE Header Handling by the BIOS CORE_DXE.efi:

PE/TE Header Confusion ExecuteSecurityHandler calls GetFileBuffer to read an executable file. GetFileBuffer reads the file and checks it to have a valid PE header. It returns EFI_LOAD_ERROR if executable is not PE/COFF. ExecuteSecurityHandler returns EFI_SUCCESS (0) in case GetFileBuffer returns an error Signature Checks are Skipped!

PE/TE Header Confusion BIOS allows running TE images without signature check Malicious PE/COFF EFI executable (bootkit.efi) Convert executable to TE format by replacing PE/COFF header with TE header Replace OS boot loaders with resulting TE EFI executable Signature check is skipped for TE EFI executable Executable will load and patch original OS boot loader

Demo

Abusing Compatibility Support Module (CSM) a.k.a. Legacy Strikes Back

Recommendations CSM ^ Secure Boot Force CSM to Disabled if Secure Boot is Enabled But don t do that only in Setup HII Implement iscsmenabled() function always returning FALSE when Secure Boot is enabled Don t Fall Back to Legacy Boot Don t fall back to legacy boot through MBR if Secure Boot verification of UEFI executable fails

CSM vs. Secure Boot CSM Module Allows Legacy On UEFI Based Firmware Allows Legacy OS Boot Through [Unsigned] MBR Allows Loading Legacy [Unsigned] Option ROMs Once CSM is ON, UEFI firmware dispatches legacy OROMs then boots MBR CSM Cannot Be Turned On When Secure Boot is Enabled CSM can be turned On/Off in BIOS Setup Options But cannot select CSM Enabled when Secure Boot is On

Clearing of Secure Boot Keys & Restoring Defaults a.k.a. No keys, no problem

Recommendations Protect Controls Clearing/Restoring Secure Boot Keys Don t store them in places writeable by malware (like RUNTIME_ACCESS UEFI Variables) Require physically present user to clear Secure Boot keys or restore default values Protect Default Values of Secure Boot Keys (PK, KEK..) Store default values in protected areas (e.g. embedded into Firmware Volumes)

Clearing Platform Key from Software Clear Secure Boot keys takes effect after reboot Switch that triggers clearing of Secure Boot keys is in UEFI Variable (happens to be in Setup variable) But recall our earlier presentation! PK is cleared Secure Boot is Disabled

Install Default Keys From Where? Default Secure Boot keys can be restored [When there s no PK] Switch that triggers restore of Secure Boot keys to their default values is in UEFI Variable (happens to be in Setup ) Nah.. Default keys are protected. They are in FV But we just added 9 signatures to the DBX blacklist ;(

Waiting for Physical Presence a.k.a. Beep Beep Beep Boot

Recommendations Physical Presence is Important Protection Make sure there s a platform specific mechanism to assert physically present user (for example, a button on a device) Require physical presence to modify certain Secure Boot configuration (On/Off switch, Custom Mode..)

Honest mistake, but entertaining The system protects Secure Boot configuration from unauthorized modification Stores and verifies CRC of Secure Boot settings Upon CRC mismatch, beeps 3 times, waits timeout (a few seconds) then Keeps booting with modified Secure Boot settings

Summary Secure Boot is a complex protection relying on correct implementation and configuration of multiple components. Both efforts enhance the transparency of firmware security research and result in security assessment tools. We continue to actively research and coordinate issues with platform manufacturers and BIOS vendors.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information