BIOS chronomancy: fixing the core root of trust for measurement

In this paper we look at the implementation of the Core Root of Trust for Measurement (CRTM) from a Dell Latitude E6400 laptop. We describe how the implementation of the CRTM on this system doesn't meet the requirements set forth by either the Trusted Platform Module(TPM)PC client specification or NIST 800-155 guidance. We show how novel tick malware, a 51 byte patch to the CRTM, can replay a forged measurement to the TPM, falsely indicating that the BIOS is pristine. This attack is broadly applicable, because all CRTMs we have seen to date are rooted in mutable firmware. We also show how flea malware can survive attempts to reflash infected firmware with a clean image. To fix the untrustworthy CRTM we ported an open source "TPM-timing-based attestation" implementation from running in the Windows kernel, to running in an OEM's BIOS and SMRAM. This created a new, stronger CRTM that detects tick, flea, and other malware embedded in the BIOS. We call our system "BIOS Chronomancy", and we show that it works in a real vendor BIOS, with all the associated complexity, rather than in a simplified research environment.

[1]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[2]  B. E. Eckbo,et al.  Appendix , 1826, Epilepsy Research.

[3]  Rafal Wojtczuk,et al.  Attacking Intel TXT fi via SINIT code execution hijacking , 2011 .

[4]  Ahmad-Reza Sadeghi,et al.  Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks , 2009, STC '09.

[5]  Bart Preneel,et al.  Remote attestation on legacy operating systems with trusted platform modules , 2008, Sci. Comput. Program..

[6]  Adrian Perrig,et al.  SBAP: Software-Based Attestation for Peripherals , 2010, TRUST.

[7]  Adrian Perrig,et al.  VIPER: verifying the integrity of PERipherals' firmware , 2011, CCS '11.

[8]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[9]  Xeno Kovah,et al.  New Results for Timing-Based Attestation , 2012, 2012 IEEE Symposium on Security and Privacy.

[10]  Peng Ning,et al.  SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms , 2011, CCS '11.

[11]  Pradeep K. Khosla,et al.  A software primitive for externally-verifiable untampered execution and its applications to securing computing systems , 2009 .

[12]  Zhi Wang,et al.  HyperSentry: enabling stealthy in-context measurement of hypervisor integrity , 2010, CCS '10.

[13]  Jiang Wang,et al.  Autonomic Recovery: HyperCheck: A Hardware-Assisted Integrity Monitor , 2013 .

[14]  Bernhard Kauer OSLO: Improving the Security of Trusted Computing , 2007, USENIX Security Symposium.

[15]  Elaine Shi,et al.  Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems , 2005, SOSP '05.

[16]  David A. Cooper,et al.  BIOS protection guidelines , 2011 .