Firmware Security Foundations Abstract
A variety of attacks targeting firmware have been discussed publicly, drawing attention to the pre-boot and firmware components of the platform such as UEFI, SMM, Intel ME, BMC, OS boot loaders and secure booting. This training will organize and discuss details of the objectives, attack vectors, vulnerabilities and exploits against various types of firmware, review mitigations as well as tools and methods available to analyze security of the firmware components. It will also detail protections available in hardware and in firmware such as Secure Boot, Hardware Root of Trust implemented by modern operating systems against bootkits.
The training is done in two parts:
- A structured approach to security analysis of different types of firmware and mitigations through a lecture and hands-on exercises to test different firmware for vulnerabilities. After the training, students will have basic understanding of platform hardware components, firmware components, attacks against different types of firmware, and available mitigations. Students can apply this knowledge to identify firmware vulnerabilities and perform forensic analysis.
- Apply concepts to an enterprise environment. Using an understanding of security issues, students explore potential risks to operational environments including both supply chain and remote malware attacks. Students will perform assessments and basic forensic analysis of potential firmware attacks. Goals Prerequisites
- Understanding of x86 platform hardware and firmware fundamentals is welcome, but not required
- A moderate understanding of the Linux command line environment is expected. Equipment & Tools Used During Training:
- Learn about UEFI, SMM, Intel ME, BMC firmware.
- Understand attacks against different types of firmware and corresponding mitigations.
- Perform basic cybersecurity actions for firmware.
- Software : Ubuntu Linux* (bootable USB), Miscellaneous Open Source Tools for UEFI (UEFITool, uefi_firmware_parser, RWEverything, …).
- Students should bring a PC laptop with UEFI-based firmware and a UEFI-enabled operating system (ex: Microsoft Windows 10*, macOS*). Students will need to be comfortable booting and running software from the provided USB thumb drives. Trainer Bio Chuck Tran is a security researcher at Eclypsium. His main focus is on embedded systems security, firmware security, and exploitation techniques. Recently, his main focus has been BIOS and UEFI security. He has competed in numerous CTFs and has helped provide training for security professionals, and universities cybersecurity teams about hardware hacking, exploitation techniques, and embedded systems security.