Email or username:

Password:

Forgot your password?
Top-level
tsk

@dangoodin This makes hypervisor-based operating systems look especially good right now. Attacker has to do a rare/unlikely VM breakout before they can get to your actual system firmware.

3 comments
Dan Goodin

@tasket

What's stopping someone from using this attack on the host machine?

tsk

@dangoodin Physical threat model is a separate concern, to me anyway. Though I can't think how an "evil maid" would succeed undetected vs various boot chain checks (incl open source ones like Qubes' anti-evil-maid; IIRC a fw boot logo would have to be included in both the sealing and measurement process).

Remote threats to a regular OS are a very big concern w something like this, because 1) typical OS protections are weak due to the kernel being very complex (just one priv escalation and they've got into your firmware) and 2) online system means many hours and avenues of opportunity throughout each day and 3) high value exploit bc its so privileged and hard to detect or remedy. Putting VM breakout requirement in their way is a game changer, IMO. #sanity

As for this particular class of exploit, malformed images, a permanent fix may be possible if an update including a setting to disable custom image, or perhaps a better parser that is formally verified. But you still have to wonder what else the fw may be parsing insecurely.

@dangoodin Physical threat model is a separate concern, to me anyway. Though I can't think how an "evil maid" would succeed undetected vs various boot chain checks (incl open source ones like Qubes' anti-evil-maid; IIRC a fw boot logo would have to be included in both the sealing and measurement process).

tsk

@dangoodin I think this shows a critical difference in boot protection schemes:

Anti-evil-maid makes the system validate itself to the user. If anything loaded up to that point doesn't match what was used to seal the all-clear phrase, then nothing the malware does will be able to cryptographically unseal the phrase. In a sense it doesn't matter if malware was loaded, as long as the user is diligent enough to watch for the phrase. That's a significant payoff for a small amount of extra effort!

Secureboot validates the fw to an absent authority (the OEM) so there can be no out-of-band check performed. This reminds me a lot of DRM's weaknesses.

@dangoodin I think this shows a critical difference in boot protection schemes:

Anti-evil-maid makes the system validate itself to the user. If anything loaded up to that point doesn't match what was used to seal the all-clear phrase, then nothing the malware does will be able to cryptographically unseal the phrase. In a sense it doesn't matter if malware was loaded, as long as the user is diligent enough to watch for the phrase. That's a significant payoff for a small amount of extra effort!

Go Up