Uncategorized

Alex blogs and updates UEFITool!

Double entry for Alex: he’s got a new blog post on Intel Boot Guard, plus he’s updated UEFITool!

“[…]Today I released a new build of UEFITool with visual validation of Intel Boot Guard coverage. The code pushed to the github repository. A standalone binary of UEFITool can be downloaded here.[…]”

https://github.com/LongSoft/UEFITool

View story at Medium.com

 

Standard
Uncategorized

Embedi: Bypassing Intel Boot Guard

In recent years, there is an increasing attention to the UEFI BIOS security. As a result, there are more advanced technologies created to protect UEFI BIOS from illegal modifications. One of such technologies is Intel Boot Guard (BG) – a hardware-assisted BIOS integrity verification mechanism available since Haswell microarchitecture (2013). So-called «UEFI rootkits killer» this technology is designed to create a trusted boot chain (where a current boot component cryptographically measures/verifies the integrity of the next one) with Root-of-Trust locked into hardware.[…]

https://embedi.com/blog/bypassing-intel-boot-guard

Standard
Uncategorized

Dell PowerEdge 14G firmware updates

Dell/EMC has a new Tech Note, written by Wei Liu and Seamus Jones, summarizing some of the new firmware security features available in their new server:

Cyber-Resiliency Starts at the Chipset and BIOS

2-page Tech Note covering new BIOS features introduced with PowerEdge 14G servers, offering unique resiliency to malicious intent or user error. The two features highlighted, BIOS Recovery and integration of Intel Boot Guard, respectively, are further demonstration of PowerEdge engineering commitment to ensuring the security and stability of enterprise infrastructures.

http://en.community.dell.com/techcenter/extras/m/white_papers/20444061

 

Standard
Uncategorized

Alexander Ermolov on Intel BootGuard

Intel Boot Guard research
17.11.2016 – ZeroNights 2016 – original talk – Intel BootGuard final.pdf
10.03.2017 – Defcon Russia #29 – updated talk – Intel BG part2.pdf

https://github.com/flothrone/bootguard

Standard
Uncategorized

coreboot adds Intel BootGuard support to Intel ME Tool

“util/intelmetool: Add bootguard information dump support:
With this implementation it’s possible to detect the state of bootguard in intel based systems.
Currently it’s WIP and in a testphase. Handle it with care!”

 

https://review.coreboot.org/#/c/16328/

https://coreboot.org/

Standard