Evil Maid Just Got Angrier - Why Full-Disk Encryption ... - CanSecWest

More documents

Recommendations

Info

Typical Chain of Measurements ⊗ Initial startup FW at CPU reset vector PCR[0 ] ← CRTM, UEFI Firmware, PEI/DXE [BIOS] ↖ UEFI Boot and Runtime Services, Embedded EFI OROMs ↖ SMI Handlers, Static ACPI Tables PCR[1 ] ← SMBIOS, ACPI Tables, Platform Configuration Data PCR[2 ] ← EFI Drivers from Expansion Cards [Option ROMs] PCR[3 ] ← [Option ROM Data and Configuration] PCR[4 ] ← UEFI OS Loader, UEFI Applications [MBR] PCR[5 ] ← EFI Variables, GUID Partition Table [MBR Partition Table] PCR[6 ] ← State Transitions and Wake Events PCR[7 ] ← UEFI Secure Boot keys (PK/KEK) and variables (dbx..) PCR[8 ] ← TPM Aware OS specific hashes [NTFS Boot Sector]
Typical Chain of Measurements ⊗ Initial startup FW at CPU reset vector PCR[0 ] ← CRTM, UEFI Firmware, PEI/DXE [BIOS] ↖ UEFI Boot and Runtime Services, Embedded EFI OROMs ↖ SMI Handlers, Static ACPI Tables PCR[1 ] ← SMBIOS, ACPI Tables, Platform Configuration Data PCR[2 ] ← EFI Drivers from Expansion Cards [Option ROMs] PCR[3 ] ← [Option ROM Data and Configuration] PCR[4 ] ← UEFI OS Loader, UEFI Applications [MBR] PCR[5 ] ← EFI Variables, GUID Partition Table [MBR Partition Table] PCR[6 ] ← State Transitions and Wake Events PCR[7 ] ← UEFI Secure Boot keys (PK/KEK) and variables (dbx..) PCR[8 ] ← TPM Aware OS specific hashes [NTFS Boot Sector] PCR[9 ] ← TPM Aware OS specific hashes [NTFS Boot Block]
Page 1: Evil Maid Just Got Angrier Why Full
Page 4 and 5: Outline 1 UEFI BIOS 2 Measured/Trus
Page 12 and 13: Legacy BIOS CPU Reset vector in ROM
Page 14 and 15: Legacy BIOS CPU Reset vector in ROM
Page 16 and 17: Security of Legacy BIOS Huh?
Page 18 and 19: Unified Extensible Firmware Interfa
Page 20 and 21: So is UEFI BIOS secure? UEFI specif
Page 24 and 25: Windows BitLocker http://technet.mi
Page 26 and 27: Typical Chain of Measurements
Page 28 and 29: Typical Chain of Measurements ⊗ I
Page 44 and 45: The Problem Startup UEFI BIOS firmw
Page 46 and 47: The Solution is Simple Just let Bit
Page 54 and 55: SPI Flash / BIOS Protections 1 Writ
Page 56 and 57: SPI Protected Range Registers http:
Page 60 and 61: Hey! We’ve Succeeded!
Page 62 and 63: NIST BIOS Protection Guidelines Rec
Page 64 and 65: UEFI Updates Aren’t Exactly Signe
Page 69 and 70: Angry Evil Maid Attack Outline Agai
Page 71 and 72: The Original Boot Block
Page 73 and 74: Writing Payload to Early BIOS in SP
Page 75 and 76: But That P67 Board Is Just Too Old
Page 77 and 78: ASUS P8Z77-V PRO Yes! UEFI BIOS upd
Page 79 and 80: Demo The problem applies to any Ful
Page 81 and 82: What About Secure Boot? UEFI 2.3.1
Page 85 and 86: BIOS Rootkits BIOS Rootkit [5,6,7,1
Page 87 and 88: Anything We Can Do? If you care abo
Page 89 and 90:
Further Reading 1 Evil Maid goes af
show all

Evil Maid Just Got Angrier - Why Full-Disk Encryption ... - CanSecWest

Create successful ePaper yourself

Delete template?

Save as template?