Setup For Failure: Defeating Secure Boot

Corey Kallenberg, Sam Cornwell, Xeno Kovah, John Butterworth
April, 2014
Cite Slides (Merged with Intel, PDF) Slides (Unmerged with Intel, PDF) Whitepaper (PDF) Conference Presentation Video

Abstract

Disclosure of a vulnerability (VU#758382) with the “Setup” UEFI non-volatile variable on some systems. Manipulation of this variable can lead to bypassing secure boot, or even bricking the system. Versions after CanSecWest also included discussion of the “Charizard” vulnerability (VU#291102 - not yet public). This is a way to suppress SMIs to subvert a BIOS protection mechanism, and therefore subvert secure boot. Co-authored (CanSecWest only) with: Bulygin, Furtak, Bazhaniuk & Loucaides, Intel Security

Type
Conference paper
Publication
In CanSecWest 2014, SyScan 2014, Hack in the Box AMS 2014, and Hack in Paris 2014
firmware security BIOS security BIOS attack secure boot attack
Xeno Kovah
Xeno Kovah
Dark Mentor Level X

Hacking firmware like it’s no big deal.