Bypassing Intel Boot Guard, EdDSA

grarpamp grarpamp at gmail.com
Sat Oct 7 18:20:56 PDT 2017


https://embedi.com/blog/bypassing-intel-boot-guard
https://github.com/flothrone/bootguard
https://github.com/REhints/BlackHat_2017
https://github.com/tianocore/edk2
https://en.wikipedia.org/wiki/Trusted_Platform_Module
https://embedi.com/blog

Killchain of IoT Devices
Betraying the BIOS: Where the Guardians of the BIOS are Failing

In recent years, there is an increasing attention to the UEFI BIOS
security. As a result, there are more advanced technologies created to
protect UEFI BIOS from illegal modifications. One of such technologies
is Intel Boot Guard (BG) – a hardware-assisted BIOS integrity
verification mechanism available since Haswell microarchitecture
(2013). So-called «UEFI rootkits killer» this technology is designed
to create a trusted boot chain (where a current boot component
cryptographically measures/verifies the integrity of the next one)
with Root-of-Trust locked into hardware.
How is that possible? Let’s take a look...


https://news.ycombinator.com/item?id=15414760
https://research.kudelskisecurity.com/2017/10/04/defeating-eddsa-with-faults/

How to defeat Ed25519 and EdDSA using faults
This work was performed with my colleague Sylvain Pelissier, we
demonstrated that the EdDSA signature scheme is vulnerable to single
fault attacks, and mounted such an attack against the Ed25519 scheme
running on an Arduino Nano board. We presented a paper on the topic at
FDTC 2017, last week in Taipei.


https://www.openbsd.org/62.html
Release iminent.


More information about the cypherpunks mailing list