Defeating Signed BIOS Enforcement presented at ekoparty 2013

by Corey Kallenberg,

Summary : The integrity of the BIOS is paramount to the security of the platform. Research such as "BIOS Chronomancy" shows that an attacker who exists in the BIOS can evade detection by the Trusted Platform Module and even survive BIOS reflashing attempts. Furthermore, Invisible Things Labs showed in "Attacking Intel Trusted Execution Technology" that a System Management Mode (SMM) present malware can interfere with TXT execution. As it is the BIOS that initially configures SMM, it follows that BIOS control implies SMM control. However, as we will see, SMM control *can* also imply BIOS control. The central role of the BIOS in the platform's security, as well as the need to patch the BIOS with legitimate vendor updates poses an interesting problem. The most common solution that vendors adopt to solve this problem is to utilize Intel architecture flash-chip protection mechanisms to provide a BIOS update routine that verifies the signature on an incoming update before writing the update to the BIOS. In this secure BIOS update scheme, there are two primary attack surfaces that can be targetted in an attempt to break the signed BIOS requirement: the Intel architecture protection mechanisms, and the vendor's implementation of the signature enforcement and update routine. This presentation demonstrates two attacks; one against each of these targets. Both of these attacks allow an attacker to arbitrarily reflash the BIOS on a number of systems despite the presence of signed BIOS enforcement.