- Page 1:
Attacking Intel ® Trusted Executio
- Page 4 and 5:
Intel ® Trusted Execution Technolo
- Page 6 and 7:
TPM 1.2 Passive I/O device (master-
- Page 8 and 9:
PCR “extend” operation PCRN+1 =
- Page 10 and 11:
TPM seal/unseal example # echo 'Sec
- Page 12 and 13:
Both seal/unseal and quote operatio
- Page 14 and 15:
BIOS ROM BIOS FLASH BOOT LOADER OS
- Page 16 and 17:
Example #1: Disk Encryption Disk en
- Page 18 and 19:
So, a malware can sniff it…
- Page 20 and 21:
Example #2: User’s Picture Test :
- Page 22 and 23:
Problems with SRTM
- Page 24 and 25:
Dynamic Root of Trust Measurement (
- Page 26 and 27:
A VMM we want to load (Currently un
- Page 28 and 29:
TXT bottom line TXT late launch can
- Page 30 and 31:
GRUB (1 st stage) GRUB (2 nd stage)
- Page 32:
First we start “trusted” Xen (b
- Page 36 and 37:
Thanks to tboot only when the trust
- Page 38:
Tboot Demo #1: sealing to a trusted
- Page 42 and 43:
SENTER is not obligatory!!! TXT and
- Page 44 and 45:
Why would a user or an attacker be
- Page 46 and 47:
AMD Presidio AMD’s technology sim
- Page 48 and 49:
SRTM/DRTM (launch-time protection)
- Page 50 and 51:
TXT: exciting new technology with g
- Page 52 and 53:
Q: What is more privileged than a k
- Page 54 and 55:
Introducing “Ring -2” SMM can a
- Page 56 and 57:
SMM vs. TXT?
- Page 58 and 59:
Q: Does TXT measure currently used
- Page 60 and 61: Q:So, how does the SENTER deal with
- Page 62 and 63: TXT attack sketch (using tboot+Xen
- Page 64 and 65: Address of the shellcode (in the gu
- Page 67: The final outcome...
- Page 70 and 71: Stay tuned! SMM exploiting to be pr
- Page 73 and 74: More on the Implementation Bugs
- Page 75 and 76: SMM research quick history
- Page 77 and 78: No SMM bugs known... ...cannot read
- Page 79: De-soldering?
- Page 84 and 85: De-soldered SPI-flash chip
- Page 86 and 87: The BIOS image on the SPI-flash is
- Page 88 and 89: Remember our Q35 bug from Vegas? (W
- Page 90 and 91: Now, applying this to SMM...
- Page 95 and 96: We see we can access SMM memory usi
- Page 97 and 98: So, what now?
- Page 99 and 100: December 2008: Intel We think TXT i
- Page 101 and 102: Intel confirmed the problems in the
- Page 103 and 104: Intel believes the issues might aff
- Page 105 and 106: CERT has assigned the following tra
- Page 107 and 108: Stay tuned! (and don’t trust your
- Page 109: Intel Solution to the TXT attack is
- Page 113 and 114: Intel Why should we trust BIOS vend
- Page 115 and 116: Intel offered us a chance to read t
- Page 117 and 118: There are some other issues with ST
- Page 119 and 120: Still, allowing TXT to work without
- Page 121 and 122: Intel TXT is a new exciting technol