BIOS Chronomancy: Fixing the Core Root of Trust for Measurement

John Butterworth, Corey Kallenberg, Xeno Kovah, Amy Herzog
July, 2013
Cite Slides (PDF) Whitepaper (PDF) Copernicus Binary Executable (ZIP) Conference Presentation Video

Abstract

(The first appearance at NoSuchCon in May 2013 did not include a discussion of VU#912156, but subsequent talks did.) Discussed how the S-CRTM is supposed to provide trustworthy reporting to detect the presence of BIOS level attackers. First showed a way that an attacker could exploit their way into a BIOS, even if all security mechanisms were properly configured (VU#912156). Then showed “The Tick”, which is BIOS-resident malware that subverts the S-CRTM by lying to the TPM to replay or recalculate a clean measurement. Then showed “The Flea”, which was BIOS malware that could survive attempts to remove it through a reflash, by infecting the new BIOS as it is about to be written. To defense against such attacks, and build a stronger S-CRTM, we used our existing work on Timing-Based Attestation to create “BIOS Chronomancy”. This defensive technique allows for the customization of the BIOS to provide timing side-channel tamper-evidence to allow for the detection of BIOS malware. Also released “Copernicus”, a free Windows tool for inspecting the BIOS vulnerability/integrity state. This talk was effectively 3 talks crammed into one, so that we could guarantee we would get into BlackHat. ;)

Type
Conference paper
Publication
In NoSuchCon 2013, BlackHat USA 2013, EkoParty 2013, Breakpoint/Ruxcon 2013, Sec-T 2013, SecTor 2013, Hack.lu 2013, ACM CCS 2013
firmware security BIOS security BIOS attack TPM measured-boot attack memory integrity verification remote attestation timing-based attestation
Xeno Kovah
Xeno Kovah
Dark Mentor Level X

Hacking firmware like it’s no big deal.