Rafal Wojtczuk and Joanna Rutkowska - Black Hat
Rafal Wojtczuk and Joanna Rutkowska - Black Hat Rafal Wojtczuk and Joanna Rutkowska - Black Hat
01.07.2015
Views
Q:So, how does the SENTER deal with a malicious SMM? A:Well… it currently does not!
Oh...
- Page 10 and 11: TPM seal/unseal example # echo 'Sec
- Page 12 and 13: Both seal/unseal and quote operatio
- Page 14 and 15: BIOS ROM BIOS FLASH BOOT LOADER OS
- Page 16 and 17: Example #1: Disk Encryption Disk en
- Page 18 and 19: So, a malware can sniff it…
- Page 20 and 21: Example #2: User’s Picture Test :
- Page 22 and 23: Problems with SRTM
- Page 24 and 25: Dynamic Root of Trust Measurement (
- Page 26 and 27: A VMM we want to load (Currently un
- Page 28 and 29: TXT bottom line TXT late launch can
- Page 30 and 31: GRUB (1 st stage) GRUB (2 nd stage)
- Page 32: First we start “trusted” Xen (b
- Page 36 and 37: Thanks to tboot only when the trust
- Page 38: Tboot Demo #1: sealing to a trusted
- Page 42 and 43: SENTER is not obligatory!!! TXT and
- Page 44 and 45: Why would a user or an attacker be
- Page 46 and 47: AMD Presidio AMD’s technology sim
- Page 48 and 49: SRTM/DRTM (launch-time protection)
- Page 50 and 51: TXT: exciting new technology with g
- Page 52 and 53: Q: What is more privileged than a k
- Page 54 and 55: Introducing “Ring -2” SMM can a
- Page 56 and 57: SMM vs. TXT?
- Page 58 and 59: Q: Does TXT measure currently used
- Page 62 and 63: TXT attack sketch (using tboot+Xen
- Page 64 and 65: Address of the shellcode (in the gu
- Page 67: The final outcome...
- Page 70 and 71: Stay tuned! SMM exploiting to be pr
- Page 73 and 74: More on the Implementation Bugs
- Page 75 and 76: SMM research quick history
- Page 77 and 78: No SMM bugs known... ...cannot read
- Page 79: De-soldering?
- Page 84 and 85: De-soldered SPI-flash chip
- Page 86 and 87: The BIOS image on the SPI-flash is
- Page 88 and 89: Remember our Q35 bug from Vegas? (W
- Page 90 and 91: Now, applying this to SMM...
- Page 95 and 96: We see we can access SMM memory usi
- Page 97 and 98: So, what now?
- Page 99 and 100: December 2008: Intel We think TXT i
- Page 101 and 102: Intel confirmed the problems in the
- Page 103 and 104: Intel believes the issues might aff
- Page 105 and 106: CERT has assigned the following tra
- Page 107 and 108: Stay tuned! (and don’t trust your
- Page 109 and 110: Intel Solution to the TXT attack is
Oh...