SENTER Sandman: Using Intel TXT to Attack BIOSes presented at DeepSec 2014

by Xeno Kovah,

Summary : At CanSecWest 2014 we presented the first prototype of Copernicus 2, a trustworthy BIOS capture system. It was undertaken specifically to combat our “Smite’em the Stealthy” PoC which can forge the BIOS collection results from all other systems (including our own Copernicus 1, the open source Flashrom, Intel Chipsec, etc). Copernicus 2 makes use of the open source Flicker project from Jon McCune of CMU which utilizes Intel Trusted Execution Technology in order to build a trustworthy environment from which to run our BIOS measurement code. We specifically chose TXT because it has the ability to disable System Management Interrupts (SMIs) effectively putting the SMM MitM, Smite’em, to sleep.
But if you’ve been following our work (specifically “Defeating Signed BIOS Enforcement” and “Setup for Failure: Defeating UEFI SecureBoot”) you will have seen that we have two other attacks where we leverage the ability to suppress SMIs to break into some BIOSes. Thus the Sandman cometh! We will explain how we could implement the PoC “Sandman” attack using the same infrastructure as Copernicus 2. We will also explain the caveats to both the secure function of Copernicus 2 and the ability of Sandman to attack a system. We will also cover how Copernicus 1 and 2 can check for the problems with BIOSes that make SMI-suppression attacks feasible, how to tell if you’re vulnerable, and what you may be able to do about it.