Understanding BIOS & SMM

Blibbet blibbet at gmail.com
Tue Jan 28 17:02:24 PST 2014


 > So if you'd like to get a more technical and quantitative view of 
what> the BIOS/SMM security landscape looks like, you should check out our
 > classes and watch for talks by Corey Kallenberg, John Butterworth, and
 > myself over the next 6 months where we'll be describing 2 new BIOS
 > memory-corruption-to-reflash exploits, 2 new SecureBoot-breaking
 > tricks, and trustworthy computing extensions to Copernicus that will
 > counter many classes of attacks against BIOS dumping software that
 > would let an attacker hide his BIOS presence.

Sounds interesting.

Intel has a 3-day UEFI training course for employes/partners. They put 
their courseware and labs online, and recent builds work with Linux and 
not just Windows/VisualStudio. Targets IHV audience, not security-centric.
http://sourceforge.net/projects/edk2/files/Training/TrainingMaterial/

The above-mentioned Butterworth recently spoke at Perdue on BIOS security:

http://www.cerias.purdue.edu/news_and_events/events/security_seminar/details/index/qa8g9li61m3ip5olpjm8pkgh58

If you're in the Seatle area I'll be doing another half-day dev intro to 
UEFI at the local univerisity capture-the-flag team in March, and I 
think non-students are welcome to attend.




More information about the cypherpunks mailing list