TOCTOU
BootGuard’s Verified Boot mode on modern Intel CPUs is the core root of trust and measurement during the boot process, and preserves the chain of trust by only executing firmware with a valid vendor signature. These protections are supposed to be secure against physical attacks on the SPI flash, although we’ve found multiple errors in handling the firmware volumes as well as a new technique for changing the firmware after the signature check has been done.
In this talk we’ll demonstrate how to build an inexpensive open source tool for investigating these TOCTOU techniques and how to use it to test the security of your own systems.
Peter's writeup goes into detail about the SecCore MTRR issue and how we found it. Slide images, HITB talk overview and video are all available as well.
External Links
- CVE-2019-11098, edk2 commit to fix the TOCTOU (Intel, 2019)
- "Who Watch BIOS Watchers?" (Alex Matrosov, 2017)
- Intel Boot Guard, Coreboot and user freedom (Matthew Garrett, 2015)
- Where do I sign up? (Vincent Zimmer, 2013)
- Developing Best-In-Class Security Principles with Open Source Firmware (Vincent Zimmer, IDF15 slides)
- Protecting bootkits with Bootguard (Alexander Ermolov, Zero Nights 2017)
- Bypassing hardware root of trust (Alex Matrosov, BH2019)
- Bypassing Intel Boot Guard (Embedi, 2017)
- Running unsigned code on the Management Engine (Positive Technologies, BHEU 2017)
- CVE-2018-9062, BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack (Lenovo, 2018)
- CVE-2018-12169, UNAUTHENTICATED FIRMWARE CHAIN-OF-TRUST BYPASS (Intel, 2018)
- UEFITool
- UEFI PI Spec 1.7 section 5.8.2.6 (Intel, 2019)
- Why Open Source Firmware is important for security (Jess Fraz, 2019)