[defcon russia #29] Александр Ермолов - safeguarding rootkits: intel boot guard....
TRANSCRIPT
2
4
5
Skylake
DMI 3.0
PCI-E 3.0
SATA3
PCI-E + SMLink
USB 3.0
TPM 1.2\TPM 2.0
NIC PHY
HDD
DisplayCPU
PCH
DRAM
DDR4
Flash memory
SPI
ACPI EC
eSPIUSB
LPC
6
Flash Descriptors
GbE
ME
ACPI EC
BIOS
7
Skylake
8
9
10
IntelCPU
Intel chipset
NIC PHY
DRAM
SPI flash memory
NIC MAC
ME
NIC MAC
ME UMAME FWMEI (HECI)
BIOS
IMC
DMI
DDR
PCI-E
SPI
11
12
13
14
15
16
17
18
SPI flash memory
RESETIntel CPU
boot ROMIBB BIOS OS
Intel BG startup
ACM
A RESET-vector
HDD
19
20
21
SVN
OEM Root public key
hash
Signature
SVN
IBBM public key
hash
Signature
KEYM IBBMChipset fuses
(FPFs)
hashIBB
SPI flash
BIOS
If the OEM Root private key is compromised, there is no way to replace/revoke it (as long as it s hash is in permanent storage)
The unique IBBM public key can be used for different product lines
So in case of one IBBM private key is compromised, it affects only one product line until this key is replaced
22
23
24
25
26
27
28
29
30
31
32
33
34
35
SVN
OEM Root public key
hash
Signature
SVN
IBBM public key
hash
Signature
KEYM IBBM
36
37
SVN
IBBM public key
hash
Signature
IBBM
IBB
SPI flash
BIOS
38
39
40
41
42
43
44
45
46
47
FIT
SPI flash
Intel CPU
Intel CPU boot ROM
RESET
Intel BIOS ACMIntel BG
startup ACM
FPFs
Intel ME
KEYM
IBBM
BIOS
IBB
0xFFFFFFC0
IBB
48
49
Flash Descriptors
GbE
IFWI = TXE + BIOS
50
51
52
53
55
56
57
58
59
60
61
62
63
64
65
66