[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Understanding BIOS & SMM
- To: cpunks <[email protected]>
- Subject: Understanding BIOS & SMM
- From: [email protected] (Blibbet)
- Date: Tue, 28 Jan 2014 17:02:24 -0800
- In-reply-to: <CAJVRA1TTg5WT7wntSbv9DBYLXebdyNjD7CURizfKm+icK_ZW=g@mail.gmail.com>
- References: <CAEha3fcyhooj15LraBLRB4+PGd9UbxtFt7GvJ1rYq1=zb-+YKQ@mail.gmail.com> <CAJVRA1TTg5WT7wntSbv9DBYLXebdyNjD7CURizfKm+icK_ZW=g@mail.gmail.com>
> So if you'd like to get a more technical and quantitative view of
what> the BIOS/SMM security landscape looks like, you should check out our
> classes and watch for talks by Corey Kallenberg, John Butterworth, and
> myself over the next 6 months where we'll be describing 2 new BIOS
> memory-corruption-to-reflash exploits, 2 new SecureBoot-breaking
> tricks, and trustworthy computing extensions to Copernicus that will
> counter many classes of attacks against BIOS dumping software that
> would let an attacker hide his BIOS presence.
Sounds interesting.
Intel has a 3-day UEFI training course for employes/partners. They put
their courseware and labs online, and recent builds work with Linux and
not just Windows/VisualStudio. Targets IHV audience, not security-centric.
http://sourceforge.net/projects/edk2/files/Training/TrainingMaterial/
The above-mentioned Butterworth recently spoke at Perdue on BIOS security:
http://www.cerias.purdue.edu/news_and_events/events/security_seminar/details/index/qa8g9li61m3ip5olpjm8pkgh58
If you're in the Seatle area I'll be doing another half-day dev intro to
UEFI at the local univerisity capture-the-flag team in March, and I
think non-students are welcome to attend.