[Defcon Russia #29] Александр Ермолов - Safeguarding rootkits: Intel Boot Guard....

2

3

4

5

Skylake

DMI 3.0

PCI-E 3.0

SATA3

PCI-E + SMLink

USB 3.0

TPM 1.2\TPM 2.0

NIC PHY

HDD

DisplayCPU

PCH

DRAM

DDR4

Flash memory

SPI

ACPI EC

eSPIUSB

LPC

6

Flash Descriptors

GbE

ME

ACPI EC

BIOS

7

Skylake

8

9

10

IntelCPU

Intel chipset

NIC PHY

DRAM

SPI flash memory

NIC MAC

ME

NIC MAC

ME UMAME FWMEI (HECI)

BIOS

IMC

DMI

DDR

PCI-E

SPI

11

12

13

14

15

16

17

18

SPI flash memory

RESETIntel CPU

boot ROMIBB BIOS OS

Intel BG startup

ACM

A RESET-vector

HDD

19

20

21

SVN

OEM Root public key

hash

Signature

SVN

IBBM public key

hash

Signature

KEYM IBBMChipset fuses

(FPFs)

hashIBB

SPI flash

BIOS

If the OEM Root private key is compromised, there is no way to replace/revoke it (as long as it s hash is in permanent storage)

The unique IBBM public key can be used for different product lines

So in case of one IBBM private key is compromised, it affects only one product line until this key is replaced

22

23

24

25

26

27

28

29

30

31

32

33

34

35

SVN

OEM Root public key

hash

Signature

SVN

IBBM public key

hash

Signature

KEYM IBBM

36

37

SVN

IBBM public key

hash

Signature

IBBM

IBB

SPI flash

BIOS

38

39

40

41

42

43

44

45

46

47

FIT

SPI flash

Intel CPU

Intel CPU boot ROM

RESET

Intel BIOS ACMIntel BG

startup ACM

FPFs

Intel ME

KEYM

IBBM

BIOS

IBB

0xFFFFFFC0

IBB

48

49

Flash Descriptors

GbE

IFWI = TXE + BIOS

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66