Betrayal of Reputation: Trusting the Untrustable Hardware and Software with Reputation presented at AppSecIndonesia2020 2020

by Seunghun Han,

Summary : Reputation is based on trust, and people normally believe the products produced by global companies because of their reputation. Their products are built with some kinds of hardware and software made by them or confirmed by them. The companies have spent their efforts creating and managing high-quality products for profit and reputation. So, trust that is based on reputation works properly. Despite their efforts, the complexity of hardware and software has been increasing. Thus, it is hard to check the correctness and completeness of specifications and implementations related to their productsIn this talk, I introduce the case that hardware and software, especially BIOS/UEFI firmware, Intel Trusted Execution Technology (TXT), and Trusted Platform Module (TPM), betrays your trust. Reputable companies defined and implemented specifications, and the TPM with UEFI/BIOS firmware and Intel TXT has been widely used for the root of trust.I found three vulnerabilities, CVE-2017-16837, CVE-2018-6622, and CVE-2020- 0526, related to the sleep process. Unlike previous researches, the vulnerabilities can subvert the TPM without physical access. To mitigate the vulnerabilities, I also introduce countermeasures and a tool, Napper, to check the vulnerabilities. The sleep process is a vital part of the vulnerabilities, so Napper makes your system take a nap and check them.