SMM attacks
Posted: Mon Apr 21, 2014 1:50 pm
Hello, who know some of my previous posts have heard about my tries to get into smram.
Successful attemps to execute in SMM and their prevention:
1. SMRAM - without protection => SMRAM locking in firmware, Loic Duflot 2006
2. TOP_SWAP to access Non-volatile memory + reboot => TOP_SWAP locking in firmware, Sun Bing 2007
3. SMRAM caching writes => SMRAM MTRRs locking in firmware, Joanna Rutkowska, Rafal Wojtczuk 2009
4. TXT attack to write SMM => Intel issued microcode update, Rutkowska, Wojtczuk 2011
5. D_LCK D_OPEN prevents DMA accesses to SMRAM
next one should be Extreme Privilege Escalation On Windows 8/UEFI Systems on DEF CON 2014 by Corey Kallenberg which should present one attack on SMM. "This talk will disclose two vulnerabilities that were discovered in the Intel provided UEFI reference implementation, and detail the unusual techniques needed to successfully exploit them.", but this one looks like being carried out just by firmware update. Does anybody have information about them?
I was thinking about attacking it trough booting from Thunderbolt mass storage, which will dispatch it's own SMI handler as PCI option ROM or will take over whole firmware by the same behaviour. Was this behaviour prevented? Does firmware set the IOMMU up before?
Edit: If anybody is willing to help with testing the thunderbolt option ROM code and have reflashable thunderbolt/pci/expresscard/firewire device? PM me and I will send you the source code.
Successful attemps to execute in SMM and their prevention:
1. SMRAM - without protection => SMRAM locking in firmware, Loic Duflot 2006
2. TOP_SWAP to access Non-volatile memory + reboot => TOP_SWAP locking in firmware, Sun Bing 2007
3. SMRAM caching writes => SMRAM MTRRs locking in firmware, Joanna Rutkowska, Rafal Wojtczuk 2009
4. TXT attack to write SMM => Intel issued microcode update, Rutkowska, Wojtczuk 2011
5. D_LCK D_OPEN prevents DMA accesses to SMRAM
next one should be Extreme Privilege Escalation On Windows 8/UEFI Systems on DEF CON 2014 by Corey Kallenberg which should present one attack on SMM. "This talk will disclose two vulnerabilities that were discovered in the Intel provided UEFI reference implementation, and detail the unusual techniques needed to successfully exploit them.", but this one looks like being carried out just by firmware update. Does anybody have information about them?
I was thinking about attacking it trough booting from Thunderbolt mass storage, which will dispatch it's own SMI handler as PCI option ROM or will take over whole firmware by the same behaviour. Was this behaviour prevented? Does firmware set the IOMMU up before?
Edit: If anybody is willing to help with testing the thunderbolt option ROM code and have reflashable thunderbolt/pci/expresscard/firewire device? PM me and I will send you the source code.