Uncategorized

Intel updates PCIe security spec

Re: https://firmwaresecurity.com/2018/03/17/intel-publishes-pcie-device-security-enhancements-spec/

The PHY Interface for the PCI Express* (PIPE) Architecture Revision 5.1 is an updated version of the PIPE spec that supports PCI Express, SATA, USB, DisplayPort, and Converged I/O architectures.

The review draft PCI Express* Device Security Enhancements Specification Revision 0.7 defines PCIe* Device Firmware Measurement and PCIe* Device Authentication that enable a Host to query and verify the identity and capability of a PCIe* Device, to improve system security.

https://www.intel.com/content/www/us/en/io/pci-express/pci-express-architecture-devnet-resources.html

 

Standard
Uncategorized

Practical DMA attack on Windows 10

Practical DMA attack on Windows 10
Written by Jean-Christophe Delaunay · 2018-05-30 · in Pentest

Among the various security assessments performed by Synacktiv, some involve attacking the security hardening of a laptop or workstation master image that will be massively deployed in an infrastructure. The purpose of this kind of security assessment is to give the client an overview of its level of maturity regarding security concerns and provide him with some recommendations in order to increase his level of security. This post describes how Synacktiv defeated a workstation security measures by using a hardware approach.[…]

https://www.synacktiv.com/posts/pentest/practical-dma-attack-on-windows-10.html

Example photo of Evil Maid attacker in their lab: 🙂

auditor

 

Standard
Uncategorized

PCILeech 3.3 released

https://github.com/ufrisk/pcileech

https://github.com/ufrisk/pcileech/commit/c812206597c25a4c29a27189deb814af8464ba73

Standard
Uncategorized

Intel publishes PCIe Device Security Enhancements spec

PCIe Device Security Enhancements Specification

PCI Express (PCIe) Devices may be composed of hardware (immutable) and firmware (immutable and mutable) components. Presently, Vendor ID/Device ID/Revision ID registers convey the hardware identify of a PCIe* Device and there is no defined mechanism to convey the firmware identity of a PCIe Device. In addition to the Device identity, PCIe specification defines various types of capability structures to convey PCIe Device features capabilities. Both the Device Identity and capability can be spoofed and used maliciously by an advanced adversary. This specification introduces the notion of PCIe* Device Firmware Measurement, a method of exposing the identity of Device firmware. The Device Firmware Measurement mechanism used in isolation, however, is subject to supply chain attacks such as counterfeiting and can also be spoofed by an advanced adversary. Additionally this specification introduces the notion of PCIe Device Authentication, which uses public key cryptography to defend against such attacks and to provide higher assurance about the hardware and firmware identities and capabilities. PCIe Device Authentication adapts the USB Authentication mechanism to PCIe—the new elements are the specific PCIe register interface and the associated mechanisms, plus some details that are necessarily specific to PCIe. PCIe Device Authentication result can be used in various scenarios such as: 1) a data center administrator can ensure all PCIe Devices are running appropriate firmware versions 2) system software can ensure a trusted Device is plugged in before enabling the PCIe Address Translation Services (ATS) for the Device. PCIe Device Authentication provides platforms with a way to make trust decisions about specific Devices. This in turn provides value to Device vendors because the Authentication feature is itself a valuable Device feature, and supports the detection of counterfeit and potentially malicious Devices. This specification details the requirements, interface and protocol for PCIe Device Firmware Measurement and PCIe Device Authentication. It also provides general guidelines for implementing these technologies in practice.

https://www.intel.com/content/www/us/en/io/pci-express/pcie-device-security-enhancements-spec.html

 

Standard
Uncategorized

PCILeech3 and Memory Process File System released!

Targets 64-bit Intel systems running Windows.

http://blog.frizk.net/2018/03/memory-process-file-system.html

https://github.com/ufrisk/pcileech

Standard