UEFI Firmware Securing SMM

Similar documents
UEFI Firmware Security Best Practices

Attacking Hypervisors via Firmware and Hardware

A Tour Beyond BIOS Supporting an SMM Resource Monitor using the EFI Developer Kit II

Attacking Hypervisors via Firmware and Hardware

The UEFI Security Response Team (USRT)

Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot

Intel Tunnel Mountain Software Development Platform Overview, IHV Tools Update

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

x64 Servers: Do you want 64 or 32 bit apps with that server?

UEFI Implications for Windows Server

Strategies for Firmware Support of Self-Encrypting Drives

Trustworthy Computing

A White Paper By: Dr. Gaurav Banga SVP, Engineering & CTO, Phoenix Technologies. Bridging BIOS to UEFI

BitLocker Network Unlock & BitLocker support for Encrypted Drives

UEFI on Dell BizClient Platforms

Secure Network Communications FIPS Non Proprietary Security Policy

FRONT FLYLEAF PAGE. This page has been intentionally left blank

Code Injection From the Hypervisor: Removing the need for in-guest agents. Matt Conover & Tzi-cker Chiueh Core Research Group, Symantec Research Labs

Race to bare metal: UEFI and hypervisors

The Microsoft Windows Hypervisor High Level Architecture

MCA Enhancements in Future Intel Xeon Processors June 2013

Firmware security features in HP Compaq business notebooks

PC Boot Considerations for Devices >8GB

Virtualization System Security

Application Compatibility Best Practices for Remote Desktop Services

UEFI Spec Version 2.4 Facilitates Secure Update

Windows Operating Systems. Basic Security

I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation. Mathias Payer, ETH Zurich

UNCLASSIFIED Version 1.0 May 2012

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Dualog Connection Suite Hardware and Software Requirements

Eugene Tsyrklevich. Ozone HIPS: Unbreakable Windows

Attacking Intel Trusted Execution Technology

The Leader in Cloud Security SECURITY ADVISORY

DELL. Unified Server Configurator Security Overview. A Dell Technical White Paper. By Raja Tamilarasan, Wayne Liles, Marshal Savage and Weijia Zhang

Imation LOCK User Manual

MBR and EFI Disk Partition Systems

UEFI PXE Boot Performance Analysis

COS 318: Operating Systems

Guardian: Hypervisor as Security Foothold for Personal Computers

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Using a Patched Vulnerability to Bypass Windows 8 x64 Driver Signature Enforcement. MJ0011 th_decoder@126.com

Custom Penetration Testing

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

Customer Responsibilities

Samsung Magician v.4.5 Introduction and Installation Guide

Absolute Backdoor Revisited. Vitaliy Kamlyuk, Kaspersky Lab Sergey Belov, Kaspersky Lab Anibal Sacco, Cubica Labs

Windows 7. Qing Liu Michael Stevens

PPC s SMART Practice Aids Prepare for Installing database upgrade to SQL Express 2008 R2

UNIT 4 Software Development Flow

OSes. Arvind Seshadri Mark Luk Ning Qu Adrian Perrig SOSP2007. CyLab of CMU. SecVisor: A Tiny Hypervisor to Provide

Fastboot Techniques for x86 Architectures. Marcus Bortel Field Application Engineer QNX Software Systems

Frontiers in Cyber Security: Beyond the OS

Windows Phone 8 Security Overview

A+ Practical Applications Solution Key

Installing Hortonworks Sandbox on Hyper-V

EMC NetWorker Module for Microsoft for Windows Bare Metal Recovery Solution

UEFI Driver Development Guide for All Hardware Device Classes

installing UEFi-based Microsoft Windows Vista SP1 (x64) on HP EliteBook and Compaq Notebook PCs

Intel s SL Enhanced Intel486(TM) Microprocessor Family

A Hypervisor IPS based on Hardware assisted Virtualization Technology

Bypassing Memory Protections: The Future of Exploitation

Intel Rapid Start Technology User Guide for UEFI Mode

Bypassing Self- Encrypting Drives (SED) in Enterprise Environments. Daniel Boteanu Kevvie Fowler November 12 th, 2015

Comprehensive Security for Internet-of-Things Devices With ARM TrustZone

SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes!

Parallels Desktop 4 for Windows and Linux Read Me

UEFI Development in HP

LinuxCon Europe UEFI Mini-Summit 7 October 2015

Windows Remote Access

Next Generation ProSystem fx Suite. Planning and Implementation Overview

Impact+OCR 1.1 Readme

GPT hard Disk Drives. For HP Desktops. Abstract. Why GPT? April Table of Contents:

Threat Modelling for Web Application Deployment. Ivan Ristic (Thinking Stone)

Sandy. The Malicious Exploit Analysis. Static Analysis and Dynamic exploit analysis. Garage4Hackers

Full and Para Virtualization

Performance tuning Xen

Marvell SATA3 RAID Installation Guide

Lecture Overview. INF3510 Information Security Spring Lecture 4 Computer Security. Meaningless transport defences when endpoints are insecure

Optimizing Windows Security Features to Block Malware and Hack Tools on USB Storage Devices

Supply Chain (In-) Security

Install this update to increase the performance of web sites that use Ajax. After you install this item, you may have to restart your computer.

Advanced IBM AIX Heap Exploitation. Tim Shelton V.P. Research & Development HAWK Network Defense, Inc. tshelton@hawkdefense.com

Upgrade to Microsoft Windows Server 2012 R2 on Dell PowerEdge Servers Abstract

Topaz Installation Sheet

Monthly Specification Update

Virtualization for Cloud Computing

Virtualization Technology

System Requirements for Microsoft Dynamics GP 2015

Phoenix SecureCore TM Setup Utility

Windows XP Professional x64 Edition for HP Workstations - FAQ

Security Technology for Smartphones

Application Intrusion Detection

Windows 7 XP Mode for HP Business PCs

SAFECode Security Development Lifecycle (SDL)

Transcription:

presented by UEFI Firmware Securing SMM UEFI Spring Plugfest May 18-22, 2015 Presented by Dick Wilkins, Ph.D. Principal Technology Liaison Updated 2011-06-01 UEFI Plugfest May 2015 www.uefi.org 1

Agenda Introduction SMM Attack Vectors Mitigation Strategies NX Protection in SMM Closing Remarks UEFI Plugfest May 2015 www.uefi.org 2

SMM is Under Attack UEFI Plugfest May 2015 www.uefi.org 3

Introduction Why are we talking about this? We believe these vulnerabilities are widespread Some implementers may not be aware of their vulnerabilities We want to share our best practices in an effort to raise the level of security across the industry UEFI Plugfest May 2015 www.uefi.org 4

SMM Attack Vectors UEFI Plugfest May 2015 www.uefi.org 5

SMM Attack Vectors Corruption of SMRAM Contents Pass in a buffer ptr just below SMRAM and request a write into the buffer Pass in a buffer ptr and buffer size, then quickly increase the size to extend into SMRAM. If BIOS reads size twice, you might win the race Modify a ptr located outside of SMRAM that is used in an SMI handler to perform data writes SMRAM ptr ptr UEFI Plugfest May 2015 www.uefi.org 6

SMM Attack Vectors Disclosure of SMRAM Contents Set a data ptr just below SMRAM with a large size, then trick SMI handlers into copying SMRAM contents into unprotected memory SMRAM SMRAM contents UEFI Plugfest May 2015 www.uefi.org 7

SMM Attack Vectors Arbitrary code execution in SMM Modify a function ptr stored outside of SMRAM and used in SMI handlers to point to arbitrary code Utilize an interface that remains available after it is no longer needed SMRAM UEFI Plugfest May 2015 www.uefi.org 8

SMM Attack Vectors S3 Boot Script Corruption Modify settings stored outside of SMRAM to disable hardware security features Modify to add dispatch OpCodes that call arbitrary code prior to Flash and SMRAM lock protections SMRAM 110101 BIOS Flash UEFI Plugfest May 2015 www.uefi.org 9

Mitigation Strategies UEFI Plugfest May 2015 www.uefi.org 10

Mitigation Strategies Intel CHIPSEC Tool Verifies SMRRs are configured properly Verifies all lock bits are set (SMM, SPI Flash controller, etc.) Verifies BIOS write protections are set Verifies S3 Boot Script is not in unprotected memory Supports additional silicon-specific tests Extensible through new script files UEFI Plugfest May 2015 www.uefi.org 11

Mitigation Strategies New CHIPSEC SMI handler pointer validation module (smm_ptr.py) Tests SMI handlers for possible pointer validation vulnerabilities Writes a test pattern into a specified buffer Triggers interrupts with the buffer pointer and tests if the contents were modified If modified, the handler should be reviewed to ensure it performs proper range checking on input pointers SMRAM? 5A5A5A5A5A Smm_config.ini UEFI Plugfest May 2015 www.uefi.org 12

Mitigation Strategies Intel Haswell SMM Code Access Check bit Execution of code outside SMRAM while inside SMM causes a Machine Check Exception BUT, this feature is only available on Haswell and newer Intel processors! SMRAM MCE UEFI Plugfest May 2015 www.uefi.org 13

Mitigation Strategies So, what can be done to provide this protection on systems that do not support the SMM Code Access Check hardware feature? Stay tuned UEFI Plugfest May 2015 www.uefi.org 14

Mitigation Strategies Product Development Security Strategy SMM Code Access Check bit can be used to reveal unsecure drivers during development This feature SHOULD be enabled early in the development cycle This feature MUST be enabled on all production-level systems UEFI Plugfest May 2015 www.uefi.org 15

Mitigation Strategies QA Security Strategy CHIPSEC Tool should be used as part of the standard platform validation tests throughout the development life cycle Exercising all typical user scenarios with SMM Code Access Check feature enabled can reveal any misbehaving code that was missed during development UEFI Plugfest May 2015 www.uefi.org 16

Mitigation Strategies So, does this mean we can rely on tools and hardware protections to ensure that SMM is secure? UEFI Plugfest May 2015 www.uefi.org 17

Mitigation Strategies NO! Tools do not typically support all silicon Tools cannot typically test all use cases OEM/ODMs may enable features that were disabled during QA, potentially enabling additional vulnerabilities OEM/ODMs may override core functions and implement proprietary SMI handlers Certain hardware features are only available on certain systems UEFI Plugfest May 2015 www.uefi.org 18

Mitigation Strategies This means we must also review every line of code in every SMI handler?! UEFI Plugfest May 2015 www.uefi.org 19

Mitigation Strategies SMI Handler Code Review Checklist Must validate all external data against buffer overruns and integer overflows Must not expose APIs and features not needed at runtime Must properly handle errors (do not use ASSERTs because these are removed in Release builds) Must never call code outside of SMRAM Must never call code through function pointers stored outside of SMRAM Must not allow external pointers (e.g., BARs) to modify or disclose SMRAM contents For structures that contain variable length or object counts, must verify that external input will not cause fetches that exceed the length of the structure as a starting list UEFI Plugfest May 2015 www.uefi.org 20

Mitigation Strategies Organizing the Code Review Create the list of SMI handlers to review Create a list of common unsecure coding patterns (e.g., gbs, grt, gst usage) When a new pattern is discovered, add it to the list of patterns Use a centralized SMRAM Range Check function to help validate external input Pay special attention to SMI handlers that operate using external input UEFI Plugfest May 2015 www.uefi.org 21

Mitigation Strategies What Phoenix is Doing Performed code reviews of all SMI handlers Reviewed disclosures and guidelines, and verified our implementations Back ported security fixes to previous codebases Working with customers to educate them on important security fixes Using security test tools through development and all platform validation phases Developed an ongoing review process and new security strategies UEFI Plugfest May 2015 www.uefi.org 22

NX Protection in SMM UEFI Plugfest May 2015 www.uefi.org 23

NX Protection in SMM In 2012 Phoenix worked with Microsoft to create and submit a proposal for NX (No-eXecute) protections in UEFI Modern x86 CPUs provide support for NX as a bit that can be set in PAE and IA32E page tables - called XD (execute Disable) in Intel Volume 3 Setting the execute disable bit in a page table entry (PTE) causes the processor to page fault when fetching code from the associated page We experimented and found that these same protections could be used to prevent execution of code outside of SMRAM while in SMM We have offered this as a solution for systems that do not support the SMM Code Access Check hardware feature UEFI Plugfest May 2015 www.uefi.org 24

NX Protection in SMM Changes to Support NX SMI entry code is modified to set the NXE (No execute Enable) bit in IA32_EFER; on X64 targets, this is in addition to setting LME (Long Mode Enable) bit in the same register On X64 targets, paging is already enabled to support LME, and we use existing page tables that are already in SMRAM; no additional work is required to allocate page tables or enable paging On IA32 targets, page tables need to be allocated in SMRAM and code must also be added to select those page tables and enable paging We added a function to read the attributes for current PTEs to the Phoenix page table management library originally developed for NX support We added an SMM driver that uses our page table library to read current attributes and set the XD bit for every page that is outside of SMRAM The map of SMRAM used by the centralized range checking library is used to identify the SMRAM regions UEFI Plugfest May 2015 www.uefi.org 25

NX Protection in SMM How it works On every SMI, the same page tables are selected, paging and NX support is enabled The original state is already saved in SMM save state to be restored on exit The page tables have been configured with the XD bit in every PTE that does not overlap with SMRAM The CPU throws a page fault on any attempt to fetch code that is located in a page outside of SMRAM SMRAM Exception handler XP set Page Fault UEFI Plugfest May 2015 www.uefi.org 26

NX Protection in SMM The results When we enabled NX protections, vulnerable drivers were exposed We hooked the exception handler to quickly identify the unsafe drivers Drivers were fixed and made available to our customers UEFI Plugfest May 2015 www.uefi.org 27

Closing Remarks UEFI Plugfest May 2015 www.uefi.org 28

Closing Remarks Everyone that provides UEFI code for systems that support SMM needs to follow similar steps to validate their implementations Available tools must be run throughout development and during all platform validation phases To ensure the strongest SMM security, all available hardware protections must be enabled in shipping systems All SMI handlers must be analyzed for vulnerabilities using both tools and code review All other protections must be enabled to prevent unauthorized writes to flash and SMM (e.g., signed capsule updates, rollback protection, etc.) UEFI Plugfest May 2015 www.uefi.org 29

Closing Remarks While there are many UEFI BIOS attack vectors, securing SMM must be a high priority SMM code developers should adopt the following best practices Anyone writing SMM code must be thinking how could someone exploit this? All existing SMM code must be reviewed for exploitable vulnerabilities New SMM code must be peer-reviewed for exploitable vulnerabilities SMM code review must be an integral and ongoing part of the development process UEFI Plugfest May 2015 www.uefi.org 30

Additional Reading and References CanSecWest 2015 A new class of vulnerability in SMI Handlers of BIOS/UEFI Firmware Attacks on UEFI Security How many million BIOSes would you like to infect? BlackHat 2014 Extreme Privilege Escalation on Windows 8/UEFI Systems UEFI Plugfest May 2015 www.uefi.org 31

Thanks for attending the UEFI Spring Plugfest 2015 For more information on the Unified EFI Forum and UEFI Specifications, visit http://www.uefi.org presented by UEFI Plugfest May 2015 www.uefi.org 32

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information