Understanding BIOS & SMM
Blibbet
blibbet at gmail.com
Tue Jan 28 17:02:24 PST 2014
> So if you'd like to get a more technical and quantitative view of
what> the BIOS/SMM security landscape looks like, you should check out our
> classes and watch for talks by Corey Kallenberg, John Butterworth, and
> myself over the next 6 months where we'll be describing 2 new BIOS
> memory-corruption-to-reflash exploits, 2 new SecureBoot-breaking
> tricks, and trustworthy computing extensions to Copernicus that will
> counter many classes of attacks against BIOS dumping software that
> would let an attacker hide his BIOS presence.
Sounds interesting.
Intel has a 3-day UEFI training course for employes/partners. They put
their courseware and labs online, and recent builds work with Linux and
not just Windows/VisualStudio. Targets IHV audience, not security-centric.
http://sourceforge.net/projects/edk2/files/Training/TrainingMaterial/
The above-mentioned Butterworth recently spoke at Perdue on BIOS security:
http://www.cerias.purdue.edu/news_and_events/events/security_seminar/details/index/qa8g9li61m3ip5olpjm8pkgh58
If you're in the Seatle area I'll be doing another half-day dev intro to
UEFI at the local univerisity capture-the-flag team in March, and I
think non-students are welcome to attend.
More information about the cypherpunks
mailing list