Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller

Hardware security boundaries are really difficult to support and correctly design. On modern x86 platforms exist a lot of different hardware components. It's clear they should be included in the usual threat model's obvious external paths, but what if the attacker can compromise one of the trusted components? We have previously seen when researchers compromise TPM and start the initial point of the attack from inside of trusted boundary. All these points create concerns on the current threat modeling process because after attacker crosses a trusted boundary, the attack surface significantly changes. Does this mean the attack surface is dynamic and not static?

In our presentation, we focus on reverse engineering Embedded Controller (EC) from one of the recent Lenovo Thinkpad laptops, attacks from EC trusted boundary the main platform firmware (BIOS) and we manage to bypass Intel BIOS Guard technology (Lenovo specific implementation). We will present multiple topics across security boundaries problems on x86 platforms, as well as demonstrate platform design problems with trust to third-party components as EC and show the real attacks from OS-level to EC/from EC to BIOS.

This research targeting reverse engineering topics of EC firmware are based on ARC processor architecture, the internals of EC architecture and specific operating modes to support SMI-handlers on EC side (include BIOS Guard). Also, we reverse engineered the most interesting parts of communications and relations between BIOS and EC. The attack surface from EC with attacker perspective is quite large and can include DMA attacks, disclose of PCI memory space to attack devices and the possibility of persistent rootkit/implant installation.

Presented by