YoVDO

Intel Management Engine Deep Dive

Offered By: media.ccc.de via YouTube

Tags

Conference Talks Courses Reverse Engineering Courses System Security Courses Firmware Development Courses

Course Description

Overview

Dive deep into the Intel Management Engine (ME) in this comprehensive conference talk from the 36th Chaos Communication Congress. Explore the reverse engineering process of a system on a chip, the development of an emulator, and the knowledge required to create a replacement for one of the most controversial binary blobs in modern PCs. Gain insights into the ME's role as the root of trust for various platform security features, its impact on firmware signing, and its background management capabilities. Learn about custom tools for manipulating firmware images, emulating ME firmware modules, and replicating unpublished exploits. Discover methods for analyzing ME version 11.x, found in 6th and 7th generation chipsets, and understand its hardware components, firmware partitions, code verification chain, and communication protocols. Delve into topics such as memory management, hardware access, cryptographic accelerators, and the host boot process. Examine the potential for developing an open-source replacement firmware for the Management Engine and explore future goals in this field.

Syllabus

Intro
Outline
About the ME
About ME
Working with ME firmware images
Understanding the ME: Firmware Partitions
Understanding the ME: Code partitions
Understanding the ME: Metadata
Code verification chain
ME shared libraries
Analysing a simple module
Data sections
Example driver main() function
Trace output: SVEN
ME driver overview device files
Accessing hardware
Message Passing: Basics
Memory Grants: Indirect Grants
DMA Locks
Understanding the address space
The bus driver: busdrv
The table in human readable form
Processor
Custom host bridge: Minute IA System Agent
Hardware Cryptographic Accelerator IP blocks (partial)
Crypto: DMA Engines
Host-Embedded Controller Interface (HECI)
Primary Address Translation Table
Root spaces
Sideband Fabric
Developing an exploit for CVE-2017-5705,6,7
meloader: WINE for the ME
meloader as a debugger
Getting JTAG access
ME Boot Process
Host Boot Process: Boot Guard
The Power Management Controller
Host Initialization: ME tasks
Getting to the minimal viable implementation
Boot Guard Configuration
Future goals
Acknowledgements


Taught by

media.ccc.de

Related Courses

Breaking the Teeth of Bluetooth Padlocks
YouTube Closing Keynote Lectures or Life Experiences Awareness Training that Works
YouTube Do You Want Educated Users Because This is How You Get Educated Users
YouTube Don't Blame That Checklist for Your Crappy Security Program
YouTube Managing Your MSSP
YouTube