Exploring Your System Deeper [with CHIPSEC] is Not Naughty
csw2017_ExploringYourSystemDeeper_updated
csw2017_ExploringYourSystemDeeper_updated
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Example: Attacking hyperv<strong>is</strong>ors via SMM pointers…<br />
Via ACPI table<br />
“UEFI” ACPI<br />
Phys Memory<br />
EDKII<br />
Comm Buffer<br />
SMI<br />
SMI Handlers in<br />
SMRAM<br />
Directly in reg<strong>is</strong>ters<br />
RAX (code)<br />
OS Memory<br />
EDKI<br />
RBX (pointer)<br />
Fake SMM comm buffer<br />
VMM protected page<br />
Even though SMI handler check pointers for overlap <strong>with</strong> SMRAM, exploit can trick it to write to VMM<br />
protected page (Attacking Hyperv<strong>is</strong>ors via Firmware and Hardware)