YoVDO

Breaking Through Another Side - Bypassing Firmware Security Boundaries from Embedded Controller

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Reverse Engineering Courses Hardware Security Courses Firmware Development Courses Firmware Security Courses

Course Description

Overview

Explore reverse engineering techniques for Embedded Controllers (EC) in recent Lenovo Thinkpad laptops in this Black Hat conference talk. Delve into attacks from EC trusted boundaries on main platform firmware (BIOS) and learn how to bypass Intel BIOS Guard technology in Lenovo's specific implementation. Understand hardware security boundaries, EC firmware update processes, and the impact of EC update authentication bypass. Examine Lenovo Thinkpad EC update headers, signature checks, and disclosure timelines. Gain insights into Intel BIOS Guard, including its structure, hardware support, and execution flow. Analyze BIOS Guard Directory, Platform Data Table, and Update Package components. Compare signed and unsigned operations with BIOS Guard scripts to enhance your knowledge of firmware security vulnerabilities and mitigation strategies.

Syllabus

Intro
Hardware Security Boundaries
Methodology
EC firmware update process
Impact of EC update auth bypass
Lenovo Thinkpad EC update header
Lenovo Thinkpad EC update process
Boot Guard saves the day?
Lenovo Thinkpad EC signature check
Lenovo disclosure timeline
EC take-aways
Intel BIOS Guard in a nutshell
What is Intel BIOS Guard?
Lenovo Thinkpad PFAT update process
BIOS Guard hardware support
BIOS Guard ACM execution flow
BIOS Guard Directory
BIOS Guard Platform Data Table
BIOS Guard Update Package
Signed vs unsigned operations with BIOS Guard script


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube
Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube
AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube
Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube
Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube