Intel x86-64 Firmware Attack & Defense
Abstract
PC Unified Extensible Firmware Interface (UEFI) Basic Input Output System (BIOS) firmware is usually “out of sight, out of mind”. But this just means it’s a place where sophisticated attackers can live unseen and unfettered. This class shares information about PC firmware security that was hard-won over years of focused research into firmware vulnerabilities.
We will cover why the BIOS is critical to the security of the platform. This course will also show you what capabilities and opportunities are provided to an attacker when BIOSes are not properly secured. We will also provide you tools for performing vulnerability analysis on firmware, as well as firmware forensics. This class will take people with existing reverse engineering skills and teach them to analyze UEFI firmware. This can be used either for vulnerability hunting, or to analyze suspected implants found in a BIOS, without having to rely on anyone else.
- Learning Objectives
- CPU Feature Identification instruction
- CPU Feature Identification instruction
- Understand the original 16-bit “Real Mode” which the x86 CPU reset vector executes in.
- Understand 16-bit segmentation & assembly.
- Understand the evolution of Intel chipsets, and how to find the manual which corresponds to any given hardware.
- Understand how firmware uses IO to configure Intel and 3rd party hardware at boot time.
- Understand how firmware interacts with PCIe devices at boot time, both within the CPU/chipset, and 3rd party peripherals.
- Understand the core purposes of PCIe Option ROMs, but also how they can be used by attackers.
- Being capable of manually reading/writing the firmware-storage SPI flash through the register interface.
- Understand the protection mechanisms for the SPI flash and how they can be bypassed.
- Understand the protection mechanisms for System Management Mode how they can be bypassed.
- Understand how Chipsec can be used to assess the security posture of a firmware for both attack and defense.
- Understand how the ACPI S3 “sleep” power state can be used to attack systems.
- Being comfortable with Reading The Fun Manual(!) to go seek out the most accurate details of how things work.
Full class outline
- Introduction
- Attacker motivations & capabilities
- Reset Vector
- The “Real Mode” execution environment
- Reading reset vector assembly and the transitions to “Protected Mode”
- Chipsets
- The evolution of the platform architecture
- Finding the correct manual for the hardware you bring to class, to find the correct offsets to memory mapped IO registers for the rest of the class
- Input/Output
- Memory Mapped IO (MMIO) as used by firmware
- Port IO (PIO) as used by firmware
- Hardware-defined vs. reconfigurable memory spaces
- PCIe
- Evolution, topology, and usage by firmware
- Configuration address space MMIO vs. PIO accesses
- Base address registers & extended configuration address space
- “Option ROMs” and how they’ve been repeatedly used for attacks
- Serial Peripheral Interface (SPI) Flash
- Introduction & supported SPI operation modes on x86
- MMIO register-based SPI flash programming interface
- SPI flash layout & the Intel flash descriptor
- SPI protection threat tree, moves and counter-moves
- - Protected Range Registers (PRRs) and bypasses like failure to FLOCKDN + sleep attacks
- - SMM-based BIOS Lockdown and bypasses like SMI Suppression + sleep attacks
- System Management Mode (SMM)
- Introduction & System Management Interrupts (SMIs)
- System Management RAM (SMRAM) & the protection thereof
- SMM threat tree, moves and counter-moves
- - Caching Attacks
- - Remapping Attacks
- - SMM Call-Out Vulnerabilities
- - SMM Confused Deputy Attacks
- - SMM TOCTOU Attacks
- Power-transition attacks
- x86 ACPI S3 low-power sleep effects on SPI & SMM protection
- Attacks exploiting S3 sleep states
- Conclusion
Xeno Kovah
Dark Mentor Level X
Hacking firmware like it’s no big deal.