Rafal Wojtczuk and Joanna Rutkowska - Black Hat
Rafal Wojtczuk and Joanna Rutkowska - Black Hat Rafal Wojtczuk and Joanna Rutkowska - Black Hat
01.07.2015
Views
The final outcome...
- Page 16 and 17: Example #1: Disk Encryption Disk en
- Page 18 and 19: So, a malware can sniff it…
- Page 20 and 21: Example #2: User’s Picture Test :
- Page 22 and 23: Problems with SRTM
- Page 24 and 25: Dynamic Root of Trust Measurement (
- Page 26 and 27: A VMM we want to load (Currently un
- Page 28 and 29: TXT bottom line TXT late launch can
- Page 30 and 31: GRUB (1 st stage) GRUB (2 nd stage)
- Page 32: First we start “trusted” Xen (b
- Page 36 and 37: Thanks to tboot only when the trust
- Page 38: Tboot Demo #1: sealing to a trusted
- Page 42 and 43: SENTER is not obligatory!!! TXT and
- Page 44 and 45: Why would a user or an attacker be
- Page 46 and 47: AMD Presidio AMD’s technology sim
- Page 48 and 49: SRTM/DRTM (launch-time protection)
- Page 50 and 51: TXT: exciting new technology with g
- Page 52 and 53: Q: What is more privileged than a k
- Page 54 and 55: Introducing “Ring -2” SMM can a
- Page 56 and 57: SMM vs. TXT?
- Page 58 and 59: Q: Does TXT measure currently used
- Page 60 and 61: Q:So, how does the SENTER deal with
- Page 62 and 63: TXT attack sketch (using tboot+Xen
- Page 64 and 65: Address of the shellcode (in the gu
- Page 69 and 70: Wait! But how to infect the SMM han
- Page 71: Let’s take a look at the live dem
- Page 74 and 75: So how we can get into SMM memory (
- Page 76 and 77: 2006: Loic Duflot (not an attack ag
- Page 78 and 79: So, how did we get around this vici
- Page 83 and 84: Meet Atmel 26DF321 SPI-flash
- Page 85 and 86: Looks promising, but...
- Page 87 and 88: So, we used a different approach…
- Page 89 and 90: Memory Remapping on Q35 chipset TOU
- Page 91: #define TSEG_BASE 0x7e500000 u64 ta
- Page 96 and 97: Intel patched the bug in August 200
- Page 98 and 99: VU#127284
- Page 100 and 101: We have provided Intel with the det
- Page 102 and 103: We suspect it might affect all rece
- Page 104 and 105: Intel contacted CERT CC informing t
- Page 106 and 107: We plan to discuss the details of t
- Page 108 and 109: More on the TXT Design Problem
- Page 110 and 111: SMM Transfer Monitor (STM) Communic
- Page 112 and 113: Intel Who should write an STM? OEMs
- Page 114 and 115: Intel told us they do have STM spec
The final outcome...