Rafal Wojtczuk and Joanna Rutkowska - Black Hat

More documents

Recommendations

Info

TXT attack sketch (using tboot+Xen as example) GRUB (1 st stage) GRUB (2 nd stage) Attacker patches the bootloader (e.g. GRUB). The patched code injects a shellcode to SMM Evil shellcode will infect the Xen hypervisor later... tboot.gz xen.gz SMRAM After xen.gz gets sucesfully loaded, the evil code from SMRAM can easily infect it... Disk Notes: Diagram is not in scale! SENTER also resets <strong>and</strong> extends PCR17 with hash of SINIT/BIOSACM/(STM)/ LCP
Let’s have a look at the actual SMM shellcode
Page 1:
Attacking Intel ® Trusted Executio
Page 4 and 5:
Intel ® Trusted Execution Technolo
Page 6 and 7:
TPM 1.2 Passive I/O device (master-
Page 8 and 9:
PCR “extend” operation PCRN+1 =
Page 10 and 11:
TPM seal/unseal example # echo 'Sec
Page 12 and 13: Both seal/unseal and quote operatio
Page 14 and 15: BIOS ROM BIOS FLASH BOOT LOADER OS
Page 16 and 17: Example #1: Disk Encryption Disk en
Page 18 and 19: So, a malware can sniff it…
Page 20 and 21: Example #2: User’s Picture Test :
Page 22 and 23: Problems with SRTM
Page 24 and 25: Dynamic Root of Trust Measurement (
Page 26 and 27: A VMM we want to load (Currently un
Page 28 and 29: TXT bottom line TXT late launch can
Page 30 and 31: GRUB (1 st stage) GRUB (2 nd stage)
Page 32: First we start “trusted” Xen (b
Page 36 and 37: Thanks to tboot only when the trust
Page 38: Tboot Demo #1: sealing to a trusted
Page 42 and 43: SENTER is not obligatory!!! TXT and
Page 44 and 45: Why would a user or an attacker be
Page 46 and 47: AMD Presidio AMD’s technology sim
Page 48 and 49: SRTM/DRTM (launch-time protection)
Page 50 and 51: TXT: exciting new technology with g
Page 52 and 53: Q: What is more privileged than a k
Page 54 and 55: Introducing “Ring -2” SMM can a
Page 56 and 57: SMM vs. TXT?
Page 58 and 59: Q: Does TXT measure currently used
Page 60 and 61: Q:So, how does the SENTER deal with
Page 64 and 65: Address of the shellcode (in the gu
Page 67: The final outcome...
Page 70 and 71: Stay tuned! SMM exploiting to be pr
Page 73 and 74: More on the Implementation Bugs
Page 75 and 76: SMM research quick history
Page 77 and 78: No SMM bugs known... ...cannot read
Page 79: De-soldering?
Page 84 and 85: De-soldered SPI-flash chip
Page 86 and 87: The BIOS image on the SPI-flash is
Page 88 and 89: Remember our Q35 bug from Vegas? (W
Page 90 and 91: Now, applying this to SMM...
Page 95 and 96: We see we can access SMM memory usi
Page 97 and 98: So, what now?
Page 99 and 100: December 2008: Intel We think TXT i
Page 101 and 102: Intel confirmed the problems in the
Page 103 and 104: Intel believes the issues might aff
Page 105 and 106: CERT has assigned the following tra
Page 107 and 108: Stay tuned! (and don’t trust your
Page 109 and 110: Intel Solution to the TXT attack is
Page 111 and 112: Potential issues with STM STM seems
Page 113 and 114:
Intel Why should we trust BIOS vend
Page 115 and 116:
Intel offered us a chance to read t
Page 117 and 118:
There are some other issues with ST
Page 119 and 120:
Still, allowing TXT to work without
Page 121 and 122:
Intel TXT is a new exciting technol
show all

Rafal Wojtczuk and Joanna Rutkowska - Black Hat

Create successful ePaper yourself

Delete template?

Save as template?