Rafal Wojtczuk and Joanna Rutkowska - Black Hat

01.07.2015 Views
Intel Who should write an STM? OEMs/BIOS vendors! Hmm… Isn’t Intel a BIOS vendor itself? Invisible Things Lab The dialogs between ITL and Intel presented here have been modified for brevity and for better dramatic effect.

Intel Why should we trust BIOS vendors to write bug-free STMs, if we don’t trust they will write bug-free SMMs? SMM must be “tuned” to each new motherboard. STM could be written in a generic way — no need to change STM after it gets mature. Fair point. Invisible Things Lab The dialogs between ITL and Intel presented here have been modified for brevity and for better dramatic effect.

Page 1: Attacking Intel ® Trusted Executio

Page 4 and 5: Intel ® Trusted Execution Technolo

Page 6 and 7: TPM 1.2 Passive I/O device (master-

Page 8 and 9: PCR “extend” operation PCRN+1 =

Page 10 and 11: TPM seal/unseal example # echo 'Sec

Page 12 and 13: Both seal/unseal and quote operatio

Page 14 and 15: BIOS ROM BIOS FLASH BOOT LOADER OS

Page 16 and 17: Example #1: Disk Encryption Disk en

Page 18 and 19: So, a malware can sniff it…

Page 20 and 21: Example #2: User’s Picture Test :

Page 22 and 23: Problems with SRTM

Page 24 and 25: Dynamic Root of Trust Measurement (

Page 26 and 27: A VMM we want to load (Currently un

Page 28 and 29: TXT bottom line TXT late launch can

Page 30 and 31: GRUB (1 st stage) GRUB (2 nd stage)

Page 32: First we start “trusted” Xen (b

Page 36 and 37: Thanks to tboot only when the trust

Page 38: Tboot Demo #1: sealing to a trusted

Page 42 and 43: SENTER is not obligatory!!! TXT and

Page 44 and 45: Why would a user or an attacker be

Page 46 and 47: AMD Presidio AMD’s technology sim

Page 48 and 49: SRTM/DRTM (launch-time protection)

Page 50 and 51: TXT: exciting new technology with g

Page 52 and 53: Q: What is more privileged than a k

Page 54 and 55: Introducing “Ring -2” SMM can a

Page 56 and 57: SMM vs. TXT?

Page 58 and 59: Q: Does TXT measure currently used

Page 60 and 61: Q:So, how does the SENTER deal with

Page 62 and 63: TXT attack sketch (using tboot+Xen

Page 64 and 65: Address of the shellcode (in the gu

Page 67: The final outcome...

Page 70 and 71: Stay tuned! SMM exploiting to be pr

Page 73 and 74: More on the Implementation Bugs

Page 75 and 76: SMM research quick history

Page 77 and 78: No SMM bugs known... ...cannot read

Page 79: De-soldering?

Page 84 and 85: De-soldered SPI-flash chip

Page 86 and 87: The BIOS image on the SPI-flash is

Page 88 and 89: Remember our Q35 bug from Vegas? (W

Page 90 and 91: Now, applying this to SMM...

Page 95 and 96: We see we can access SMM memory usi

Page 97 and 98: So, what now?

Page 99 and 100: December 2008: Intel We think TXT i

Page 101 and 102: Intel confirmed the problems in the

Page 103 and 104: Intel believes the issues might aff

Page 105 and 106: CERT has assigned the following tra

Page 107 and 108: Stay tuned! (and don’t trust your

Page 109 and 110: Intel Solution to the TXT attack is

Page 111: Potential issues with STM STM seems

Page 115 and 116: Intel offered us a chance to read t

Page 117 and 118: There are some other issues with ST

Page 119 and 120: Still, allowing TXT to work without

Page 121 and 122: Intel TXT is a new exciting technol

intel

senter

bios

tboot

disk

hypervisor

currently

hash

kernel

resets

rafal

wojtczuk

rutkowska

digitalpiglet.org

Rafal Wojtczuk and Joanna Rutkowska - Black Hat

Rafal Wojtczuk and Joanna Rutkowska - Black Hat ... View more Rafal Wojtczuk and Joanna Rutkowska - Black Hat

Delete template?

Save as template ?

Rafal Wojtczuk and Joanna Rutkowska - Black Hat Rafal Wojtczuk and Joanna Rutkowska - Black Hat