Gregory's ServerHas there been any discussion as to how these attacks interact with TPM/PCR-based system integrity checks? My understanding is that even if this method were used to bypass Secure Boot protections/etc, that behavior would still result in modified PCR measurements and would be detectable in any subsequent boot processes that rely on TPM-sealed secrets? (for instance, disk encryption)
|
2 comments
@hattifattener @dangoodin @matrosov So I think the ultimate issue might be that arbitrary code execution within DXE likely means that an attacker can call or otherwise implement the logic of PCR extension themselves with arbitrary digests to fool the TPM into thinking that everything is fine. If this extends to being able to i.e. load a filesystem driver, unpack and relocate a malicious EFI PE, and jump to its entry point manually, seems like you could bypass any PCR checks as well |
@josh @dangoodin @matrosov
Same thought here. If an attacker can write to your ESP that's usually game over. The exception is if your boot sequence is being measured into your TPM. Seems to me that the larger problem is that the boot sequence isn't measuring the logo file.