Yesterday, Intel Advanced Threat Research (ATR) released presentations of two recent talks they’ve given on BIOS/SMM/UEFI security.
1) Attacking and Defending BIOS in 2015
Advanced Threat Research, Intel Security
RECon 2015
In this presentation we will demonstrate multiple types of recently discovered BIOS vulnerabilities. We will detail how hardware configuration is restored upon resume from sleep and how BIOS can be attacked when waking up from sleep using “S3 resume boot script” vulnerabilities. Similarly, we will discuss the impact of insufficient protection of persistent configuration data in non-volatile storage and more. We’ll also describe how to extract contents of SMRAM using above vulnerabilities and advanced methods such as Graphics aperture DMA to further perform analysis of the SMM code that would otherwise be protected. Additionally, we will detail “SMI input pointer” and other new types of vulnerabilities specific to SMI handlers. Finally, we will describe how each class of issues is mitigated as a whole and introduce new modules to CHIPSEC framework to test systems for these types of issues
2) A New Class of Vulnerabilities in SMI Handlers
Advanced Threat Research, Intel Security
CanSecWest 2015
This presentation will discuss security of SMI handler components of system firmware including the nature of a new class of vulnerabilities within the SMI handlers of BIOS/UEFI based firmware on various systems. It will also discuss how systems can be tested for these vulnerabilities and what can be done in firmware implementations to mitigate them. Additionally, the presentation will also discuss how S3 resume affects security of the system and problems with S3 resume boot script in some BIOS implementations recently discovered and presented at 31C3.
More Information:
http://www.intelsecurity.com/advanced-threat-research/index.html
and
http://c7zero.info/home.html#research
Firmware Security 