Breaking Through Another Side - Bypassing Firmware Security Boundaries from Embedded Controller
Offered By: Black Hat via YouTube
Course Description
Overview
Explore reverse engineering techniques for Embedded Controllers (EC) in recent Lenovo Thinkpad laptops in this Black Hat conference talk. Delve into attacks from EC trusted boundaries on main platform firmware (BIOS) and learn how to bypass Intel BIOS Guard technology in Lenovo's specific implementation. Understand hardware security boundaries, EC firmware update processes, and the impact of EC update authentication bypass. Examine Lenovo Thinkpad EC update headers, signature checks, and disclosure timelines. Gain insights into Intel BIOS Guard, including its structure, hardware support, and execution flow. Analyze BIOS Guard Directory, Platform Data Table, and Update Package components. Compare signed and unsigned operations with BIOS Guard scripts to enhance your knowledge of firmware security vulnerabilities and mitigation strategies.
Syllabus
Intro
Hardware Security Boundaries
Methodology
EC firmware update process
Impact of EC update auth bypass
Lenovo Thinkpad EC update header
Lenovo Thinkpad EC update process
Boot Guard saves the day?
Lenovo Thinkpad EC signature check
Lenovo disclosure timeline
EC take-aways
Intel BIOS Guard in a nutshell
What is Intel BIOS Guard?
Lenovo Thinkpad PFAT update process
BIOS Guard hardware support
BIOS Guard ACM execution flow
BIOS Guard Directory
BIOS Guard Platform Data Table
BIOS Guard Update Package
Signed vs unsigned operations with BIOS Guard script
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube