SYSTEM FIRMWARE ATTACK AND DEFENSE FOR THE ENTERPRISE

3-6 August 2019, Excalibur, Las Vegas

Oleksandr Bazhaniuk & Jesse Michael

Abstract

A variety of attacks targeting firmware have been discussed publicly, drawing attention to the pre-boot and firmware components of the platform such as BIOS and SMM, OS loaders, as well as Intel ME/AMT, BMC and peripheral devices firmware. This training will detail and organize objectives, attack vectors, vulnerabilities and exploits against various types of firmware such as legacy BIOS, SMI handlers, UEFI based firmware, Intel ME/AMT and BMC firmware, mitigations as well as tools and methods available to analyze security of such firmware components. It will also detail protections available in hardware and firmware such as Secure Boot, Hardware Root of Trust implemented by modern systems against bootkits and implants.

The training comprises of two parts:

  • Present a structured approach to firmware security analysis and mitigations through lecture and hands-on exercises to test firmware of different components for vulnerabilities. After the training, students will have a basic understanding of platform hardware components, firmware of these components, attacks against it, and available mitigations. Students can apply this knowledge to identify firmware vulnerabilities and perform forensic analysis.
  • Apply concepts to an enterprise environment. Using an understanding of security issues, students explore potential risks to operational environments including both supply chain and remote malware attacks. Students will perform assessments and basic forensic analysis of potential firmware attacks.

Goals

  • Learn about system firmware using Unified Extensible Firmware Interface (UEFI) and Basic Input/Output System (BIOS)
  • Understand attacks against system firmware and corresponding mitigations.
  • Perform basic forensics on system firmware.

Audience

This training is designed for IT security professionals, or anyone with strong security background, who are interested in understanding and assessing security of system firmware.

Pre-requisites

Understanding of x86 platform hardware and firmware fundamentals is welcome, but not required. A moderate understanding of the Linux command line environment is expected.

Equipment and Tools used during training

Software​ (provided during class):

  • Ubuntu Linux* (bootable USB)
  • UEFI Shell and related applications (bootable USB)
  • CHIPSEC (firmware security framework)
  • UEFI Development Tools (Intel® UEFI Development Kit Debugger Tool, UEFI Driver Wizard)
  • Miscellaneous Open Source Tools for UEFI (UEFITool, uefi_firmware_parser, RWEverything)

Hardware (to be brought by students)

  • PC laptop with UEFI-based firmware
  • UEFI-enabled operating system (ex: Microsoft Windows 10, macOS)
  • The system should support booting and running software from the provided USB thumb drives

Agenda

Day 1:

  • Introduction to Firmware Security NEW
    • High-level view of platform components
    • Overview of existing firmware and pre-boot attacks
    • Tour of platform firmware
    • Overview of management components and firmware
    • Overview of peripheral firmware
  • System hardware and firmware fundamentals
    • PC platform architecture fundamentals
    • PCI/PCIe, SPI, LPC, SMBus fundamentals
    • Platform Boot Sequence
    • Legacy BIOS and Option ROMs
    • UEFI firmware fundamentals
    • BIOS settings/configuration (CMOS memory, UEFI variables, UEFI PCD)
    • System Management Mode firmware (SMI handlers)
    • Client vs Server architecture differences NEW
    • Intel ME/AMT NEW
    • BMC architecture NEW
  • Introduction to Bootkits (boot malware)
    • Legacy System Boot and Master Boot Record (MBR)
    • Legacy Bootkits
    • UEFI Boot, GUID Partition Table (GPT) and EFI System Partition (ESP)
    • UEFI Bootkits
    • UEFI Secure Boot
    • Exercise (Legacy Bootkits)​ Extract and parse MBR
    • Exercise (UEFI and UEFI Bootkits).​ Access EFI System Partition from Linux, UEFI shell and Windows; find OS boot loaders, find and parse GPT
    • Exercise (Secure Boot).​ Generate keys and install Secure Boot configuration (PK/KEK/db), sign OS EFI boot loaders and enable Secure Boot on MinnowBoard MAX. Replace OS boot loader with unsigned and signed UEFI shells with Secure Boot enabled
    • Trusted (Measured) Boot with Trusted Platform Module NEW
    • Hardware Secure Boot

Day 2:

  • Hands-on learning of platform hardware and firmware
    • Access to platform hardware and firmware configuration
    • Automated hardware and firmware testing with CHIPSEC framework
    • Developing modules and fuzzers in CHIPSEC to test system firmware and hardware
    • Software and hardware extraction of system firmware and other contents of in SPI flash memory
    • Exercise (Manual Checking of SPI Protections).​ Manually read security related BIOS/SPI configuration registers using tools such as setpci on Linux and RWEverything on Windows
    • Exercise (Manual Access to HW Configuration).​ Manual access HW resources using CHIPSEC (memory, IO, PCIe CFG, MMIO, MSR, CPUID, SMBus, SPI, CMOS, SPD, UEFI, ACPI, IOMMU, etc.) and Linux/Windows/UEFI shell utilities
  • Common attack vectors against system firmware
    • Attacking UEFI Secure Boot
    • Attacking BIOS Protection in SPI Flash Memory
    • Attacking BIOS Update
    • Attacking System Management Mode Memory (SMRAM) Protection
    • Attacking Platform Hardware Configuration
    • Attacking System Management Interrupt (SMI) Handlers
    • Attacking Firmware Configuration (UEFI Variables, Pcd)
    • Attacking Firmware S3 Resume
    • Remote attacks against UEFI firmware NEW
    • Unsigned firmware updates NEW
    • Intel ME/AMT vulnerabilities NEW
    • BMC vulnerabilities NEW
    • Peripheral devices firmware vulnerabilities NEW
    • Speculative execution vulnerabilities (Spectre, Meltdown, and others) NEW
    • Exercise (Bypassing UEFI Secure Boot).​ Test Secure Boot PE/TE vulnerability with CHIPSEC tools.uefi.te tool on MinnowBoard Max with vulnerable firmware image (or observe it on Windows 8 on NUC). Study existing module (common.secureboot.variables)
    • Exercise (BIOS/SPI Flash Protections).​ Develop CHIPSEC module which tests BIOS and SPI protections based on the module developed in exercise 4.2. Study existing CHIPSEC modules common.bios_wp, common.spi_lock, common.spi_desc, common.bios_smi, common.bios_ts
    • Exercise (Testing Security of SMI Handlers).​ Develop a tool testing for SMI pointer vulnerabilities based on the simple fuzzer developed during earlier exercise. Find synthetic SMI pointer vulnerability in the BIOS on Minnow Board. Study existing tools.smm.smm_ptr module
    • Exercise (Attacking SMI Handlers).​ Develop a PoC exploit for synthetic SMI pointer vulnerability dumping all SMRAM
    • Exercise (Security of UEFI Variables).​ Develop a PoC on MinnowBoard bypassing BIOS write protection using "Setup" UEFI variable. Study existing module (common.uefi.vars_uefispec)
    • Exercise (Security of Firmware S3 Resume).​ Study S3 boot script using CHIPSEC. Develop a module modifying S3 boot script

Day 3:

  • Hands-on learning of EFI environment
    • Building EDK2 and working in UEFI environment
    • Building UEFI applications
    • Basics of UEFI shell
    • BIOS and EFI debugging tools
    • UART debug
    • Exercise (UEFI Shell).​ Boot to full UEFI shell (USB DUET or embedded UEFI shell on MinnowBoard Max); test built-in shell commands (mode, memmap, dmem, mm, pci, drivers, dmpstore, setvar, dh, openinfo, dblk, eficompress/efidecompress, smbiosview, loadpcirom, edit/hexedit, etc.); build test UEFI application and test it in UEFI shell. Run CHIPSEC from UEFI shell
    • Exercise (Building EDK2 and flashing SPI image).​ Build open source EDK2 BIOS image for MinnowBoard and flash it onto SPI using CHIPSEC (or flashrom on Linux). Read and modify firmware image on SPI flash memory devices using hardware programmers (DediProg and Bus Pirate) and software tools (CHIPSEC and flashrom)
    • Exercise (EFI Debug).​ Flash special pre-build BIOS image with EFI debug turned on and observe debugging output. Understand debug over UART hardware interface
    • Exercise (Building UEFI Application).​ Build simple UEFI shell application

Day 4:

  • Mitigations
    • UEFI security mechanisms
      • Signed UEFI "capsule" update
      • Protecting UEFI variables
      • Variable Lock protocol (Read-Only variables)
      • Protecting S3 boot script (EDK2 LockBox)
    • Hardware based firmware protections
      • SMM cache attack mitigation
      • SMM code access check
      • CPU based Secure Boot (Intel Boot Guard)
      • CPU based firmware update (Intel BIOS Guard)
    • Measured (Trusted) Boot with Trusted Platform Module (TPM)
  • Supply Chain Attacks and Firmware Forensics
    • Extracting contents of SPI Flash memory
    • Parsing SPI flash images
    • Extracting and analyzing system firmware file system
    • Extracting and analyzing persistent configuration
    • Analyzing suspect BIOS images
    • Extracting and analyzing BMC firmware NEW
    • Explore HW Debug Capabilities NEW
    • Extracting and analyzing peripheral devices firmware NEW
    • Exercise (Online Forensics).​ Extract SPI image using CHIPSEC. Extract runtime UEFI variables using CHIPSEC on Linux and boot-services variables using dmpstore/setvar on UEFI shell. Extract UEFI system tables from memory using CHIPSEC
    • Exercise (Offline BIOS/SPI Image Forensics).​ Extract SPI image and parse it using CHIPSEC. Study parsed SPI ranges, UEFI executables, NVRAM variables. Discover supply chain attack.
  • Extra Material
    • Security of the firmware and virtualization