https://embedi.com/blog/bypassing-intel-boot-guard https://github.com/flothrone/bootguard https://github.com/REhints/BlackHat_2017 https://github.com/tianocore/edk2 https://en.wikipedia.org/wiki/Trusted_Platform_Module https://embedi.com/blog Killchain of IoT Devices Betraying the BIOS: Where the Guardians of the BIOS are Failing In recent years, there is an increasing attention to the UEFI BIOS security. As a result, there are more advanced technologies created to protect UEFI BIOS from illegal modifications. One of such technologies is Intel Boot Guard (BG) – a hardware-assisted BIOS integrity verification mechanism available since Haswell microarchitecture (2013). So-called «UEFI rootkits killer» this technology is designed to create a trusted boot chain (where a current boot component cryptographically measures/verifies the integrity of the next one) with Root-of-Trust locked into hardware. How is that possible? Let’s take a look... https://news.ycombinator.com/item?id=15414760 https://research.kudelskisecurity.com/2017/10/04/defeating-eddsa-with-faults... How to defeat Ed25519 and EdDSA using faults This work was performed with my colleague Sylvain Pelissier, we demonstrated that the EdDSA signature scheme is vulnerable to single fault attacks, and mounted such an attack against the Ed25519 scheme running on an Arduino Nano board. We presented a paper on the topic at FDTC 2017, last week in Taipei. https://www.openbsd.org/62.html Release iminent.