ANALYSIS OF THE ATTACK SURFACE OF WINDOWS 10 VIRTUALIZATION-BASED SECURITY
us-16-Wojtczuk-Analysis-Of-The-Attack-Surface-Of-Windows-10-Virtualization-Based-Security us-16-Wojtczuk-Analysis-Of-The-Attack-Surface-Of-Windows-10-Virtualization-Based-Security
Root partition privileges • Access to almost all physical memory range –Without pages allocated for Hyper-V and VTL1 –Including • chipset and PCIe MMIO • ACPI NVS –LAPIC and VTd bars not accessible
Root partition privileges • I/O ports: all available except: • 32, 33 (PCH interrupt controller), 160, 161 (same) • 0x64, lpc microcontroller (A20 gate) • 0xcf8, 0xcfc-0xcff – PCI config space • 0x1804. It is PMBASE+4 == PM1_CNT, it holds the SLP_EN bit, that triggers S3 sleep; see below
- Page 1 and 2: Rafal Wojtczuk rafal@bromium.com AN
- Page 3 and 4: aScopeupa • Most of this research
- Page 5 and 6: aCredential Guard architectureupa P
- Page 7 and 8: aCG scenario 1upa • Admins just e
- Page 9 and 10: aNtlmIumProtectCredentialupa • In
- Page 11 and 12: aScenario 1 propertiesupa • After
- Page 13 and 14: aCG scenario 2upa • Credential Gu
- Page 15 and 16: aScenario 2 properties • No more
- Page 17 and 18: VBS-enforced code integrity • Win
- Page 19 and 20: Mixing signed & unsigned code • C
- Page 21 and 22: Kernel HVCI and kernel exploits •
- Page 23 and 24: Kernel HVCI bypass, MS16-066
- Page 25 and 26: [Un]usual threat model • Usual mo
- Page 27: Root partition privileges • Acces
- Page 31 and 32: Problem 1 - unfiltered MMCFG • MM
- Page 33 and 34: Problem 2 - chipset registers • S
- Page 35 and 36: S4 sleep • S4 is even more fragil
- Page 37 and 38: SMM • SMM is highly-privileged mo
- Page 39 and 40: SMM • It is well-known that SMM v
- Page 41 and 42: SMM abuse example
- Page 43 and 44: Summary • Despite its limited sco
- Page 45 and 46: Extra slides: Non-VBS-specific •
- Page 47: Other funny chipset capabilities
Root partition privileges<br />
• I/O ports: all available except:<br />
• 32, 33 (PCH interrupt controller), 160, 161 (same)<br />
• 0x64, lpc microcontroller (A20 gate)<br />
• 0xcf8, 0xcfc-0xcff – PCI config space<br />
• 0x1804. It is PMBASE+4 == PM1_CNT, it holds the<br />
SLP_EN bit, that triggers S3 sleep; see below
Change language