In the last decade the industry has seen a large amount of research released around Intel platform security. Since the release of CHIPSEC, the industry has had a tool to quickly analyze their Intel platform against a secure baseline for misconfigurations. As a result of this, it has become more difficult to find misconfigured Intel platforms from major OEMs.
As we dove into the platform security realm ourselves, we noticed a complete lack of focus and analysis of AMD platforms. This was a surprise to us due to the popularity and significantly growing market share of AMD.
In this presentation we start with an overview of how secure boot works under the hood and showcase various vulnerabilities and implementation mistakes our team has found. We will then dive into interesting architectural differences across Intel and AMD that make up for the security of the platform. Additionally, we’re going to present details and proof of concepts for several vulnerabilities found in the targeted platforms. These include unlocked SMRAM regions, SPI flash misconfigurations, as well as memory corruption and race conditions issues in SMM modules.
All these details have been flushed into a tool that we developed which can be used by end users to quickly verify that their systems are free from common misconfigurations.
Enrique Nissim is a Principal Security Consultant at IOActive with over 10 years of experience. He is passionate about vulnerability research, exploitation techniques, firmware and OS internals and he has presented his work at multiple conferences, such as Ekoparty, CansecWest, 44Con, AsiaSecWest and ZeroNights.
Joseph Tartaro is interested in offensive security and hacking of retro and modern video games. He makes a living as a Principal Security Consultant at IOActive, which helps fund his degenerate passion for hardware hacking on old video game consoles. He’s spoken at conferences such as Defcon, CCC and Ruxcon and helped bring Metal Gear Online back to life. He enjoys international travel to security conferences to kick it with awesome hackers.
Krzysztof Okupski is a Senior Security Consultant with IOActive where he specializes in embedded security. While he enjoys hacking various targets, he is particularly interested in the nitty-gritty details of platform security where small misconfigurations can lead to critical issues.