Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Bypassing Hardware-Based Trusted Boot Through x86 Downgrade

Hack In The Box Security Conference via YouTube

Overview

Explore the intricacies of bypassing hardware-based trusted boot through x86 downgrade in this 33-minute conference talk from the Hack In The Box Security Conference. Delve into the vulnerability discovered in the Intel CPU microcode loader, which allows for downgrading CPU microcode and potentially removing security fixes for vulnerabilities like Spectre var2. Examine the implications of loading older versions of Intel Authenticated Code Modules (ACMs) and their impact on Intel security technologies such as Boot Guard, BIOS Guard, TXT, and SGX. Learn how exploiting patched vulnerabilities in ACMs can lead to bypassing trusted/measured boot on Intel TXT & BIOS Guard protected platforms. Gain insights into firmware security, undocumented technologies, and architectural flaws as the speaker demonstrates the practical application of this attack vector on a real-world system.

Syllabus

Intro
Inside Intel CPU
Firmware Interface Table (FIT)
Microcode Update binary main header
Microcode Update binary extended header
Microcode Update binary data
Known facts about Microcode
Authenticated Code Modules (ACMS)
Useful links to start digging
Updating Microcode in UEFI BIOS
Microcode Update loading process
Platform Init
Microcode Downgrade
Side channel attacks
Debug capabilities
Downgrading ACMs. Intel BIOS Guard
Downgrading ACMs. Intel TXT
#Report and Reaction
#Mitigations

Taught by

Hack In The Box Security Conference

Reviews

Start your review of Bypassing Hardware-Based Trusted Boot Through x86 Downgrade

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.