OffensiveCon: Attacking Hardware Root of Trust from UEFI Firmware

Many hardware vendors armoring modern Secure Boot by moving Root of Trust to the hardware. It is definitely the right direction to create more difficulties for the attacker. But usually, between hardware and firmware exist many layers of code. Also, hardware vendors always fighting for boot performance which creates interesting security issues in actual implementations. In this presentation, I’ll explain new security issues to bypass specific implementation of Intel Boot Guard technology in one of the most common enterprise vendors. The actual vulnerability allows the attacker to bypass Intel Boot Guard security checks from OS without physical access to the hardware. Also, I’ll cover topics including Embedded Controller (EC) with focus on UEFI Firmware cooperation and Authenticated Code Module (ACM) runtime environment. It is brand new research not based on my previous Boot Guard discoveries.

https://www.offensivecon.org/speakers/2019/alex-matrosov.html

One thought on “OffensiveCon: Attacking Hardware Root of Trust from UEFI Firmware

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s