Rafal Wojtczuk and Joanna Rutkowska - Black Hat
Rafal Wojtczuk and Joanna Rutkowska - Black Hat Rafal Wojtczuk and Joanna Rutkowska - Black Hat
Intel Who should write an STM? OEMs/BIOS vendors! Hmm… Isn’t Intel a BIOS vendor itself? Invisible Things Lab The dialogs between ITL and Intel presented here have been modified for brevity and for better dramatic effect.
Intel Why should we trust BIOS vendors to write bug-free STMs, if we don’t trust they will write bug-free SMMs? SMM must be “tuned” to each new motherboard. STM could be written in a generic way — no need to change STM after it gets mature. Fair point. Invisible Things Lab The dialogs between ITL and Intel presented here have been modified for brevity and for better dramatic effect.
- Page 62 and 63: TXT attack sketch (using tboot+Xen
- Page 64 and 65: Address of the shellcode (in the gu
- Page 67: The final outcome...
- Page 70 and 71: Stay tuned! SMM exploiting to be pr
- Page 73 and 74: More on the Implementation Bugs
- Page 75 and 76: SMM research quick history
- Page 77 and 78: No SMM bugs known... ...cannot read
- Page 79: De-soldering?
- Page 84 and 85: De-soldered SPI-flash chip
- Page 86 and 87: The BIOS image on the SPI-flash is
- Page 88 and 89: Remember our Q35 bug from Vegas? (W
- Page 90 and 91: Now, applying this to SMM...
- Page 95 and 96: We see we can access SMM memory usi
- Page 97 and 98: So, what now?
- Page 99 and 100: December 2008: Intel We think TXT i
- Page 101 and 102: Intel confirmed the problems in the
- Page 103 and 104: Intel believes the issues might aff
- Page 105 and 106: CERT has assigned the following tra
- Page 107 and 108: Stay tuned! (and don’t trust your
- Page 109 and 110: Intel Solution to the TXT attack is
- Page 111: Potential issues with STM STM seems
- Page 115 and 116: Intel offered us a chance to read t
- Page 117 and 118: There are some other issues with ST
- Page 119 and 120: Still, allowing TXT to work without
- Page 121 and 122: Intel TXT is a new exciting technol
Intel<br />
Who should write an STM?<br />
OEMs/BIOS vendors!<br />
Hmm… Isn’t Intel a BIOS vendor itself?<br />
Invisible Things Lab<br />
The dialogs between ITL <strong>and</strong> Intel presented here have been modified for brevity <strong>and</strong> for better dramatic effect.