A Dark Side of UEFI: Cross-Silicon Exploitation

Explore a comprehensive analysis of UEFI vulnerabilities and cross-silicon exploitation techniques in this OffensiveCon23 conference talk. Delve into the Arm perspective on UEFI, examining file systems, BIOS regions, platform configurations, and boot order processes. Investigate UART redirection, hypervisor environments, and automation techniques. Learn about memory leak vulnerabilities, stackable overflows, and UEFI depth protection. Discover the intricacies of Project UEFI Rust and its implications for security. Gain insights into TrustZone weaknesses and SM ROM dump techniques. Presented by Alex Matrosov and Alex Ermolov, this talk offers a deep dive into the dark side of UEFI and its potential for cross-silicon exploitation.

Introduction
Arm perspective on UEFI
Microsoft Windows Development Kit 2023
File Systems
BIOS Region
Platform Configuration
UART Redirection
Boot Order
Hypervisor
Environment variables
Environment Arm
Automation
Vulnerabilities
Research Approach
Memory Leak Vulnerability
Proof of Concept
Demo
Stackable Overflows
Second Stack Overflow
Third Stack Overflow Explanation
UEFI Depth Protection
Candor
Building the Rope
Project UEFI Rust
Demonstration
Triggerable
TrustZone
The Trust Zone
Executive Weaknesses
SM ROM Dump
Alex Ermolov