At Recon 2015 this talk happened:
Attacking and Defending BIOS in 2015
In this presentation we will demonstrate multiple types of recently discovered BIOS vulnerabilities. We will detail how hardware configuration is restored upon resume from sleep and how BIOS can be attacked when waking up from sleep using “S3 resume boot script” vulnerabilities. Similarly, we will discuss the impact of insufficient protection of persistent configuration data in non-volatile storage and more. We’ll also describe how to extract contents of SMRAM using above vulnerabilities and advanced methods such as Graphics aperture DMA to further perform analysis of the SMM code that would otherwise be protected. Additionally, we will detail “SMI input pointer” and other new types of vulnerabilities specific to SMI handlers. Finally, we will describe how each class of issues is mitigated as a whole and introduce new modules to CHIPSEC framework to test systems for these types of issues.
Speakers: Yuriy Bulygin, Mikhail Gorobets, Andrew Furtak, Oleksandr Bazhaniuk, Alexander Matrosov, Mickey Shkatov
Check out this Twitter post for an URL to the newly-available presentation: