Uncategorized

more on Intel-SA-00068 (Intel ME) vuln

Intel has updated their advisory again, many more OEMs on the list now:

https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

Intel ME has impacted Intel WPA2:

https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00101&languageid=en-fr

Microsoft provides info, but the researchers argue with their conclusions:

https://blogs.technet.microsoft.com/surface/2017/12/11/intel-management-engine-vulnerability-and-surface-devices/

 

Standard
Uncategorized

Brian: Using CHIPSEC Whitelists to Improve Firmware Security

[Strange, I was doing the previous blog post on Brian, and during that time, he did a new blog post…]

Brian Richardson of Intel has a new blog post on using CHIPSEC whitelist command to help with UEFI security:

Using Whitelists to Improve Firmware Security

Firmware has become more popular in the world of computer security research. Attacks operating at the firmware level can be difficult to discover, and have the potential to persist even in bare-metal recovery scenarios. This type of hack has been well documented by investigations of the HackingTeam and Vault7 exploits. Fortunately, there are methods for detecting and defending against such attacks. Firmware-based attacks typically attempt to add or modify system firmware modules stored in NVRAM. Tools provided by the open source CHIPSEC project can be used to generate and verify hashes of these modules, so users can detect unauthorized changes.[…]

https://software.intel.com/en-us/blogs/2017/12/05/using-whitelists-to-improve-firmware-security
https://github.com/chipsec/chipsec

CHIPSEC in Ubuntu Linux

Standard
Uncategorized

more on Intel-SA-00068 (Intel ME)

Intel has updated the advisory documents. There are more OEMs in the list:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

Acer
ASUS
Compulab
Dell Client
Dell Server
Fujitsu
Getac
GIGABYTE
HP Inc.
HPE Servers
Intel: NUC, Compute Stick, Compute Card
Lenovo
MSI
Oracle
Panasonic
Quanta/QCT
Supermicro
Toshiba
Vaio

Standard
Uncategorized

AMI on Intel’s BIOS end-of-life announcement

 

https://ami.com/en/tech-blog/intel-says-bye-to-bios-by-2020/

http://www.uefi.org/sites/default/files/resources/Brian_Richardson_Intel_Final.pdf

 

The UEFI Forum likes to frame UEFI -vs- BIOS, and has a 3-5 Class heirarchy of those systems, including having to deal with UEFI systems that also provide BIOS via Compatibility Support Module (CSM), referring to BIOS as Legacy Mode. If you look at BIOS outside of the framing of the UEFI Forum, it is usually based security, and UEFI has some security where BIOS has none. But there’s another ‘class’: non-UEFI coreboot, optionally secured with Verified Boot, with a BIOS payload. UEFI Forum doesn’t include this in their Class heirarchy… AFAICT, the mainstream IBVs have given up on BIOS and migrated to UEFI. The only places where BIOS will probably remain are in Purism boxes, where they will use TPM+Heads to secure BIOS, or on Chrome boxes, where they will use coreboot Verified Boot to secure BIOS, or in SeaBIOS-based VMs. When Intel stops offering Intel’s implementation of BIOS, maybe this means that the remaining BIOS users will switch to the open source SeaBIOS project, which is great news. Getting rid of the complex class of dual UEFI/BIOS systems will be a joy. 🙂

Standard
Uncategorized

Intel seeks senior security researcher

[Hmm, I don’t understand Intel org chart, but I’ve never heard of the Advanced Security Research Team, sounds like it is under Security Center of Excellence, which is under Platform Engineering Group (PEG)? Not to be confused with Intel Advanced Threat Research, which went off with the MkAfee split.]

“The Platform Engineering Group (PEG) is responsible for the design, development, and production of system-on-a-chip (SoC) products that go into Intel’s next generation client and mobile platforms. […] Intel Security Center of Excellence’s […] we would like you to join us as a proud member of Intel’s Advanced Security Research Team. Through your deep vulnerability analysis and mitigation development expertise, you will influence the security of a variety of Hardware, Firmware, Software & Systems spanning a range of products including Devices, Cloud, Auto, IOT, AI, VR, Drones, and Networks. Responsibilities include the following: Own emerging threat analysis, gain insights & know-how of evolving attack techniques, predict and extrapolate attack trends ahead of its occurrence, develop robust counter measures and mitigation.[…]

* 5+ years of experience in the field of system security research and excel in exploring software and hardware techniques as a method of attack against targets within the computing systems.
* Experience with spanning security expertise over HW, SW and Firmware domains.
* Knowledge of computer architecture CPU, SoC, chipsets, BIOS, Firmware, Drivers, and others
[…]

* Strong network in security community CISSP and/or other security certifications

http://jobs.intel.com/ShowJob/Id/1426937/Sr.%20Security%20Researcher

Standard
Uncategorized

Monotonic Counter in Intel SGX and ME

Some notes on the Monotonic Counter in Intel SGX and ME
Posted on November 10, 2017 by daveti

SGX sealing is vulnerable to rollback attacks as the enclave is not able to tell if the sealed data is the latest or a old copy. To mitigate this attack, monotonic counter (MC) has been introduced in Intel SGX SDK 1.8. This post looks into some implementation details inside Intel SGX SDK.[…]

Some notes on the Monotonic Counter in Intel SGX and ME

Standard