Demystifying Intel Security Technologies in Firmware

Explore Intel's firmware security technologies in this 53-minute conference talk presented by Christian Walter from 9elements and Philipp Deppenwiese from immune GmbH. Gain insights into the Intel Converged Security system, which utilizes public key hashes and e-fuses for signature protection and verification. Understand the role of the Intel Management Engine in platform security and its data partition containing crucial configuration information. Delve into Intel Boot Guard and Trusted Execution Technology, examining their functions in creating a secure runtime environment. Learn about key components such as the Firmware Security Header and Initial Boot Block. Conclude with a demonstration of the Converged Security Suite, providing a practical understanding of these complex security measures.

Demystify Intel Security Technologies in the Firmware
Demystify Intel Security Technologies in Firmware
Intro to Intel Converged Security
Contains public key hashes for multiple security technologies - Signature protected and verified through Intel ME e-fuses - Binary data format
Highly involved in the platform Security technologies - Contains data partition with platform configuration - E-fuses contain Key Manifest public key hash
Intel Boot Guard and Trusted Execution Technology
Trusted Execution Environment - Runtime measurements
Important parts playing a role - Intel Management Engine - Firmware Security Header (BPM) - Initial Boot Block (BB)
Converged Security Suite
CSS Demonstration