YoVDO

Bypassing Hardware-Based Trusted Boot Through x86 Downgrade

Offered By: Hack In The Box Security Conference via YouTube

Tags

Hack In The Box Security Conference Courses Hardware Security Courses Side Channel Attacks Courses Firmware Security Courses

Course Description

Overview

Explore the intricacies of bypassing hardware-based trusted boot through x86 downgrade in this 33-minute conference talk from the Hack In The Box Security Conference. Delve into the vulnerability discovered in the Intel CPU microcode loader, which allows for downgrading CPU microcode and potentially removing security fixes for vulnerabilities like Spectre var2. Examine the implications of loading older versions of Intel Authenticated Code Modules (ACMs) and their impact on Intel security technologies such as Boot Guard, BIOS Guard, TXT, and SGX. Learn how exploiting patched vulnerabilities in ACMs can lead to bypassing trusted/measured boot on Intel TXT & BIOS Guard protected platforms. Gain insights into firmware security, undocumented technologies, and architectural flaws as the speaker demonstrates the practical application of this attack vector on a real-world system.

Syllabus

Intro
Inside Intel CPU
Firmware Interface Table (FIT)
Microcode Update binary main header
Microcode Update binary extended header
Microcode Update binary data
Known facts about Microcode
Authenticated Code Modules (ACMS)
Useful links to start digging
Updating Microcode in UEFI BIOS
Microcode Update loading process
Platform Init
Microcode Downgrade
Side channel attacks
Debug capabilities
Downgrading ACMs. Intel BIOS Guard
Downgrading ACMs. Intel TXT
#Report and Reaction
#Mitigations


Taught by

Hack In The Box Security Conference

Related Courses

Physical and Advanced Side-Channel Attacks
Graz University of Technology via edX
Side-Channel Security: Developing a Side-Channel Mindset
Graz University of Technology via edX
Introduction to Software Side Channels and Mitigations
Graz University of Technology via edX
Cryptography and Information Theory
University of Colorado System via Coursera
Hardware Security
University of Maryland, College Park via Coursera