TOCTOU Attacks Against Secure Boot and BootGuard

Explore TOCTOU attacks against Secure Boot and BootGuard in this Hack In The Box Security Conference talk. Dive into the vulnerabilities of Intel CPUs' BootGuard Verified Boot mode, the core root of trust during the boot process. Learn about errors in firmware volume handling and a new technique for altering firmware post-signature check. Discover how to construct an affordable open-source tool for investigating these Time-of-Check-Time-of-Use (TOCTOU) techniques and apply it to test your own systems' security. Cover topics including HDMI issues, BootGuard overview, free software community concerns, logic analyzer usage, data logging, improved proof of concept, board management controller implications, supply chain attack risks, Intel's response, firmware patches, and the importance of open-source firmware. Gain insights into the complexities of secure boot processes and the ongoing challenges in maintaining a robust chain of trust in modern computing systems.

Introduction
HDMI Issues
BootGuard
Overview
Free Software Community
What Could Go Wrong
Logic Analyzer
Data Log
SetCore
Summary
Trammell
Improved proof of concept
Trammell setup
Board management controller
Supply chain attack
Intel response
Firmware patches
The Fix
Open Source Firmware
Questions