Analyzing UEFI BIOSes from Attacker & Defender Viewpoints

Explore the intricacies of UEFI BIOS analysis from both offensive and defensive perspectives in this comprehensive Black Hat conference talk. Delve into the challenges of detecting malicious changes in BIOS and the limitations of current comparison methods. Gain insights into essential topics such as port IO, memory-mapped IO, PCI, SMM, and UEFI, crucial for effective modern BIOS analysis. Examine how UEFI's transparency impacts both attackers and defenders in firmware analysis. Learn about UEFI boot phases, firmware storage, security responsibilities, and key management. Discover the potential for firmware-level malware and the importance of developing expertise in this often overlooked area of cybersecurity.

Introduction 2
BIOS is dead, long live UEFI!
About UEFI
UEFI Differences: Boot Phases
Legacy BIOS Firmware Storage
Firmware Files
Yay Standardization!
Security (SEC) Phase
SEC Responsibilities 1 of 2
Quick ACPI Note: Sleep Modes
SEC Responsibilities 2 of 2
SEC Hand-off to PEI Entry Point
Components of PEI
UEFI Non-Volatile Variables
EFI Variable Attributes Combinations
Authenticate how Keys and Key Stores
UEFI Variables (Keys and Key Stores) 2
Boot Device Selection (BDS)
Transient System Load (TSL)