TOCTOU Attacks Against Secure Boot and BootGuard

Explore TOCTOU attacks against Secure Boot and BootGuard in this Hack In The Box Security Conference talk. Dive into the vulnerabilities of Intel CPUs' BootGuard Verified Boot mode, the core root of trust during the boot process. Learn about errors in firmware volume handling and a new technique for altering firmware post-signature check. Discover how to construct an affordable open-source tool for investigating these Time-of-Check-Time-of-Use (TOCTOU) techniques and apply it to test your own systems' security. Cover topics including HDMI issues, BootGuard overview, free software community concerns, logic analyzer usage, data logging, improved proof of concept, board management controller implications, supply chain attack risks, Intel's response, firmware patches, and the importance of open-source firmware. Gain insights into the complexities of secure boot processes and the ongoing challenges in maintaining a robust chain of trust in modern computing systems.