John Butterworth, BIOS Chronomancy: Using Timing-Based Attestation to Detect Firmware Rootkits

In 2011 the National Institute of Standard and Technology (NIST) released a draft of special publication 800-155. This document provides a more detailed description than the Trusted Platform Module (TPM) PC client specification for content that should be measured in the BIOS to provide an adequate Static Root of Trust for Measurement (SRTM). In this talk we look at the implementation of the SRTM from a Dell Latitude E6400 laptop.I'll discuss a couple ways that an attacker can gain access...

In 2011 the National Institute of Standard and Technology (NIST) released a draft of special publication 800-155. This document provides a more detailed description than the Trusted Platform Module (TPM) PC client specification for content that should be measured in the BIOS to provide an adequate Static Root of Trust for Measurement (SRTM). In this talk we look at the implementation of the SRTM from a Dell Latitude E6400 laptop.I'll discuss a couple ways that an attacker can gain access to the BIOS and demonstrate an exploit we discovered in the BIOS update process that bypasses the signed firmware update and allows an attacker to execute arbitrary code in the context of System Management Mode. This allows an attacker to install a malicious BIOS reflash even in the presence of a signed update requirement.Next I'll show what happens when an attacker is able to do once he gains access to a system BIOS. I'll show how a 51 byte patch to the SRTM can cause it to provide a forged measurement to the TPM indicating that the BIOS is pristine. If a TPM Quote is used to query the boot state of the system, this TPM-signed falsification will then serve as the root of misplaced trust. We also show how reflashing the BIOS may not necessarily remove this trust-subverting malware.To fix the un-trustworthy SRTM we apply the technique of "timing-based attestation" to create a custom SRTM that can detect malicious modifications of itself. We call our timing-based attestation system "BIOS Chronomancy" because the extra trust is divined from timing, and we show that it could be incorporated into vendor BIOSes as a stronger root of trust for measurement. About the speaker: John Butterworth is a security researcher at The MITRE Corporation who specializes in low level system security. Currently he is applying his electrical engineering background and firmware engineering background to investigate UEFI/BIOS security.