Summary of Attacks Against BIOS and Secure Boot

DEF CON 22

Presented by: Oleksandr Bazhaniuk, Yuriy Bulygin, Andrew Furtak, John Loucaides
Date: Saturday August 09, 2014
Time: 12:00 - 12:50
Location: Penn & Teller

A variety of attacks targeting platform firmware have been discussed publicly, drawing attention to the pre-boot and firmware components of the platform such as secure boot, OS loaders, and SMM. Windows 8 Secure Boot provides an important protection against bootkits by enforcing a signature check on each boot component.

This talk will detail and organize some of the attacks and how they work. We will demonstrate a full software bypass of secure boot. In addition, we will describe underlying vulnerabilities and how to assess systems for these issues using chipsec (https://github.com/chipsec/chipsec), an open source framework for platform security assessment. We will cover BIOS write protection, forensics on platform firmware, attacks against SMM, attacks against secure boot, and various other issues. After watching, you should understand how these attacks work, how they are mitigated, and how to test a system for the vulnerability.

Yuriy Bulygin

Yuriy Bulygin is a Chief Threat Architect. Over the past 8 years he has enjoyed analyzing the security of everything from OS to CPU microcode and hardware. He is now leading a security threat research team, advancing research in security threats to modern PC, mobile, and embedded platforms and protections. Twitter: @c7zero

Oleksandr Bazhaniuk

Oleksandr Bazhaniuk is a security researcher and reverse engineer with background in automation of binary vulnerability analysis. He is also a co-founder of DCUA, the first DEF CON group in Ukraine. Twitter: @ABazhaniuk

Andrew Furtak

Andrew Furtak is a security researcher focusing on security analysis of firmware and hardware of modern computing platforms and a security software engineer in the past. Andrew holds a MS in Applied Mathematics and Physics from the Moscow Institute of Physics and Technology.

John Loucaides

John Loucaides is a security researcher who is currently focusing on responding to platform security issues. He has performed security analysis for a wide variety of targets from embedded systems to enterprise networks, developing repeatable methods for improving assurance.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats