WINDOWS 10 VIRTUALIZATION-BASED SECURITY
us-16-Wojtczuk-Analysis-Of-The-Attack-Surface-Of-Windows-10-Virtualization-Based-Security-wp
us-16-Wojtczuk-Analysis-Of-The-Attack-Surface-Of-Windows-10-Virtualization-Based-Security-wp
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
On the test system, there were other, smaller RWX regions as well, scattered around physical<br />
address 0xa00000.<br />
Bioiso, vtpm trustlets<br />
In post-1511 Windows <strong>10</strong> builds there is another trustlet, BioIso. We did not investigate its<br />
properties. Similarly, we did not research vtpm trustlet functionality.<br />
VTL1 security<br />
The code running in VTL1 is privileged, and its compromise could be fatal to security functions<br />
implemented in VTL1. The attack surface consists of:<br />
1) Services exposed by VTL1<br />
a) rpc services implemented in LsaIso. That also means the whole rpc demarshalling code.<br />
All that runs in VTL1 usermode.<br />
b) 48 services implemented in securekernel!IumInvokeSecureService (called by nt!<br />
HvlpEnterIumSecureMode), so, in VTL1 kernelmode.<br />
2) VTL1 extensively calls into VTL0 (the root partition) to use some services. VTL1 must be<br />
careful to sanitize all responses received from VTL0.<br />
This topic has been well discussed [bsi], and Microsoft apparently has devoted a lot of effort to audit<br />
all the interactions. Still, there is potential for vulnerabilities there.<br />
Hypervisor security<br />
The whole concept of VBS hinges on the ability to run code in VTL1 partition securely, even if the root<br />
partition is compromised. This protection is implemented by the hypervisor; if the latter can be<br />
compromised, all security guarantees are gone.