STM added to Tianocore

December 16, 2016 ~ hucktech ~ Leave a comment

Intel has submitted a patch to Tianocore to add STM support!

[edk2] [patch 0/4] Add STM (Smi Tranfer Monitor) support

This patch series is used to add STM support to UefiCpuPkg. More details about STM are described in:
http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf
https://firmware.intel.com/sites/default/files/STM_User_Guide-001.pdf
https://firmware.intel.com/sites/default/files/A_Tour_Beyond_BIOS_Launching_STM_to_Monitor_SMM_in_EFI_Developer_Kit_II.pdf

28 files changed, 6036 insertions(+), 65 deletions(-)

More info:
https://lists.01.org/mailman/listinfo/edk2-devel
https://firmwaresecurity.com/tag/stm/

Intel releases STM

April 1, 2016 ~ hucktech ~ Leave a comment

Vincent has a new blog post about Intel STM being released to the public!

STM updates https://t.co/ffkuCId0vW via @sharethis

— vincent zimmer (@vincentzimmer) March 31, 2016

https://firmware.intel.com/blog/stm-updates#sthash.Kxwn6DN4.uxfs&st_refDomain=t.co&st_refQuery=/ffkuCId0vW

https://firmwaresecurity.com/tag/stm/

Intel SMI Transfer Monitor (STM) for SMM

August 20, 2015 ~ hucktech ~ Leave a comment

Recently, Intel announced STM, a way to help secure SMM.
https://firmwaresecurity.com/2015/08/18/intel-announces-stm-at-idf/

So far, it appears the some of the expert firmware security researchers do not dissapprove of STM, though they wanted it earlier:

2009: we present "Intel TXT bypass w/ malicious SMM", Intel responds: "STM" is the solution,
2015: the STM spec actually is published 🙂

— Joanna Rutkowska (@rootkovska) August 19, 2015

. @coreykal So… that means we can actually expect widespread STM impls around 2018! And a BH talk about attacking these around 2019 😉

— Joanna Rutkowska (@rootkovska) August 19, 2015

If you want hypervisors to not be inherently pwnable by SMM, you need STM! Ask your Doctor/BIOS maker if STM is right for you 😉

— Xeno Kovah (@XenoKovah) August 18, 2015

6 years after ITL first mentioned it, the doc for the tech necessary to make Intel TXT secure is finally public! 😀 https://t.co/P0n3vAwjq5

— Xeno Kovah (@XenoKovah) August 18, 2015

Intel announces STM at IDF

August 18, 2015August 18, 2015 ~ hucktech ~ Leave a comment

Intel just announced STM at IDF, read Vincent’s blog for more details:

Announced today at #IDF15 – SMI Transfer Monitor (STM) for auditing SMM to prevent UEFI security attacks. http://t.co/wBXxXTtnfw

— Brian Richardson (@Intel_Brian) August 18, 2015

http://vzimmer.blogspot.com/2015/08/smi-transfer-monitor-stm-unleashed.html

https://firmware.intel.com/content/smi-transfer-monitor-stm

https://firmware.intel.com/sites/default/files/STM_Release_1.0.zip

Click to access A_Tour_Beyond_BIOS_Launching_STM_to_Monitor_SMM_in_EFI_Developer_Kit_II.pdf

Click to access STM_User_Guide-001.pdf