Evil Maid Just Got Angrier - Why Full-Disk Encryption ... - CanSecWest

More documents

Recommendations

Info

Angry <strong>Evil</strong> <strong>Maid</strong> Booting From Multiple OS Drives? 1 System has multiple encrypted OS bootable drives (including bootable USB thumb drives) 2 OS is loaded while other OS drives are encrypted 3 Malware compromised loaded OS exploits weak BIOS protections and modifies UEFI BIOS 4 When OS is booted from another encrypted drive, compromised UEFI BIOS submits expected ’good’ measurements to the TPM 5 TPM unseals OS drive encryption key as measurements are correct 6 OS boots on top of compromised firmwware logging PIN
The Original Boot Block
Page 1:
Evil Maid Just Got Angrier Why Full
Page 4 and 5:
Outline 1 UEFI BIOS 2 Measured/Trus
Page 6 and 7:
Page 8 and 9:
Page 10 and 11:
Page 12 and 13:
Legacy BIOS CPU Reset vector in ROM
Page 14 and 15:
Legacy BIOS CPU Reset vector in ROM
Page 16 and 17:
Security of Legacy BIOS Huh?
Page 18 and 19:
Unified Extensible Firmware Interfa
Page 20 and 21: So is UEFI BIOS secure? UEFI specif
Page 22 and 23: Outline 1 UEFI BIOS 2 Measured/Trus
Page 24 and 25: Windows BitLocker http://technet.mi
Page 26 and 27: Typical Chain of Measurements
Page 28 and 29: Typical Chain of Measurements ⊗ I
Page 44 and 45: The Problem Startup UEFI BIOS firmw
Page 46 and 47: The Solution is Simple Just let Bit
Page 54 and 55: SPI Flash / BIOS Protections 1 Writ
Page 56 and 57: SPI Protected Range Registers http:
Page 60 and 61: Hey! We’ve Succeeded!
Page 62 and 63: NIST BIOS Protection Guidelines Rec
Page 64 and 65: UEFI Updates Aren’t Exactly Signe
Page 69: Angry Evil Maid Attack Outline Agai
Page 73 and 74: Writing Payload to Early BIOS in SP
Page 75 and 76: But That P67 Board Is Just Too Old
Page 77 and 78: ASUS P8Z77-V PRO Yes! UEFI BIOS upd
Page 79 and 80: Demo The problem applies to any Ful
Page 81 and 82: What About Secure Boot? UEFI 2.3.1
Page 85 and 86: BIOS Rootkits BIOS Rootkit [5,6,7,1
Page 87 and 88: Anything We Can Do? If you care abo
Page 89 and 90: Further Reading 1 Evil Maid goes af
show all

Evil Maid Just Got Angrier - Why Full-Disk Encryption ... - CanSecWest

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?