ANALYZING PC FIRMWARE AND DETECTING BIOS/SMM ATTACKERS

John Butterworth, LegbaCore, LLC | Oct 14-15

Overview

This course is designed for those who are interested in being able to detect BIOS attackers and want to learn about the BIOS' role in configuring platform security. Because BIOS is such a large subject, this course extrapolates and explains specifically those aspects of BIOS that relate to platform security. However, this course will also explain the core concepts required to understand the security aspects of the presented material as well as de-abstract the subject as a whole.

We will cover the various system components that the BIOS is responsible for configuring and the security they can provide. This course will also show you what capabilities and opportunities are provided to an attacker when they are not properly configured. This course will also provide you tools which you can use to measure many of these configurations and, most importantly, show you how to understand and interpret the results.

This course covers both legacy BIOS and the new UEFI, but will show you how much of the security configurations are agnostic with respect to the BIOS manufacturer and whether the BIOS is legacy or UEFI. UEFI-specific differences will be discussed on the second day.

You will also learn how to apply your existing reverse engineering skills to the analysis of UEFI firmware when changes to it have been detected.
Day 1:

• Introduction to BIOS concepts
  
• Chipset architecture
  
• Input/Output (including PCI) and how the BIOS uses it to configure the system
  
• PCI Option ROMs
  
• BIOS' interaction with the TPM and the Measured Boot process
  
• BIOS' lockdown of the serial flash where the BIOS itself resides
  

• System Management Mode (SMM)
  
• CPU caching
  
• Introduction to UEFI BIOS
  
• The UEFI phases and security parameters specific to UEFI
  
• Reverse engineering UEFI modules
  
• Useful tools and methods for analyzing potentially malicious UEFI drivers
  

• Understand the BIOS/UEFI boot environments and how they interact with the platform architecture
  
• How the BIOS/UEFI should configure the system to maximize platform security
  
• How System Management Mode (SMM) is instantiated and must be protected
  
• How SMM may be used to provide added layers of platform security
  
• How CPU caching can actually undermine SMM security
  
• How the BIOS flash chip should be locked down
  
• How the BIOS interacts with the Trusted Platform Module (TPM) and the measured boot process
  
• Understand what capabilities are provided to an attacker when the above components are not configured properly
  
• Learn how to Reverse Engineer UEFI modules when it has been detected in the firmware that "something has changed"
  
• Understand the similarities and differences between the UEFI and legacy BIOS
  
• To teach you to fish so you can take your newly-acquired knowledge to further security research in this area
  

Who Should Take this Course

People who want to detect BIOS/SMM attackers

• People who want to understand exactly how attackers can infect BIOS
• People who want to be able to understand the methodology for finding out whether their BIOS firmware is secure
• People who want to learn more about low-level system security
• Security researchers who want to explore PC firmware

Student Requirements

Must have x86 assembly and architecture knowledge equal to or greater than what is provided here:

• http://opensecuritytraining.info/IntroX86.html
• http://opensecuritytraining.info/IntermediateX86.html

Being familiar with IDA Pro is also helpful. A refresher is here:

• http://opensecuritytraining.info/IntroductionToReverseEngineering.html

What Students Should Bring

Students should bring their own laptops so they can perform experiments on it in parallel to e.g. inspect their BIOS and determine if it is vulnerable.

Trainers

John Butterworth specializes in low-level system security. He is applying his electrical engineering background and firmware engineering background to investigate UEFI/BIOS security. Over the past year, his "BIOS Chronomancy" work was presented in a number of venues including NoSuchCon, Black Hat, EkoParty, Breakpoint, Hack.lu, ToorCon, SecTor, and others. This work analyzed a Dell laptop implementation of the Trusted Computing Group's "Static-Core Root of Trust for Measurement" (S-CRTM) and showed how it had weaknesses that made it untrustworthy. It also showed how even if a full measurement was performed it could still not be trusted, because a "tick" malware could still attach itself to the BIOS and forge measurements. Or, a "flea" could infect the BIOS and hop between BIOS revisions to persist. But this work also proposed a solution by doing a better measurement of the BIOS using TPM-timing-based attestation. John also wrote the initial version of Copernicus, a tool for checking the security of your BIOS on Windows.