By: Yuriy Bulygin, Oleksandr Bazhaniuk

Scheduled on: June 16 at 10:30

Over the past few years, a number of vulnerabilities have been discovered in (U)EFI based firmware on PC and Mac systems. These issues could lead to persistent and stealthy firmware rootkits, bypass of modern low level OS security mechanisms such as Secure Boot or recent Windows 10 Virtualization Based Security, compromise of the hypervisor and virtual machines or make a system permanently unbootable.

Recently, we have discovered hardware specific SMM vulnerabilities in Coreboot and UEFI based firmware. In this presentation we will describe details of these “unchecked MMIO BAR” vulnerabilities and latest extensions to CHIPSEC framework which can help analyzing firmware for these issues. We will also discuss new potential vulnerabilities specific to Coreboot which could lead to privilege escalation to System Management Mode. While some of the issues seem to only affect specific systems, others are in the core functionality of Coreboot. We will discuss root cause and possible mitigations in design and implementation for each of the issues.