Fixing BIOS/bootloader security --> subsidising DRM, Re: Intel to include DRM in new Pentium 4 series processors

Brian Gladman Brian Gladman" <brg at gladman.plus.com
Sun, 15 Sep 2002 19:27:51 +0800 

From: "Matthew Astley" <lists-ukcrypto@fruitcake.demon.co.uk>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Sunday, September 15, 2002 5:48 PM
Subject: Fixing BIOS/bootloader security --> subsidising DRM, Re: Intel to
include DRM in new Pentium 4 series processors

[snip]
> > > Sure, attacks are possible. I'm not sure whether TCPA has value in
> > > defending against them (what's wrong with booting off of a floppy
> > > or CD-ROM?), but for the sake of this discussion, I'll accept for
> > > the moment that TCPA may provide an effective defense. But that's
> > > not enough for TCPA to provide an order of magnitude improvement
> > > in security.
> >
> > This is not what I said. I said that the _combination_ of Free/Open
> > Source software with secure boot and code metrics provided for this.
> > And in a subsequent post I clarified what I meant by 'order of
> > magnitude'.
> >
> > And I have explained in other posts some of the reasons why booting
> > off a CD or a floppy does not stop BIOS attacks.
>
> Yes, I think you've made it clear that current BIOSes are broken.

What follows is based on work I did some years ago so I am not sure to what
extent it still applies but there may be others here who can comment from
more recent knowledge.

The most important thing in a secure boot sequence is actually very simple -
the removal of a warm reset (this involves a loss of functionality as is
often the case in gaining security).

To gain full control of a machine it is usually important to gain control
very early in the boot sequence and there are hooks via which this is
possible. On a cold reset these hooks are in a state that tells the BIOS not
to use them but on a warm reset they can have values that causes control
flow to branch out of the normal BIOS code.  This is very nice for an
attacker since they can hide late in the boot sequence, plant code that uses
one of these hooks and then force a warm reset.

It is often believed that this can be avoided by setting the BIOS on the
main board to read only so that it cannot be modified but this is not
correct.   It is easier for a BIOS attacker to hide his code in a more
obscure place, preferably somewhere where few if any will look for it.  And
the warm reset trick provides a nice way of hiding pretty well anywhere in
BIOS or even privileged code (e.g. drivers) and yet be able to run code very
early in the boot sequence by forcing a warm reset.

An interesting feature of many PC peripherals is that they have very
powerful microcontrollers running from code in FLASH EEPROM. And a large
number of them have the means for updating their EEPROM code and no means
for swiching their EEPROMs to read only.  And it is in the nature of many of
these peripherals that they have to be given privileged access to the PC bus
and to PC memory.   An attack might seem difficult because an attacker has
to cope with a huge nuimber of different machines and peripherals but if you
think about where many PCs come from it is not so hard to target a few
specific peripherals and stand a very high chance of success.

And these attacks are the tip of the iceberg. They were developed in the
1980s and are old hat compared with what can be done now.

Do end users need to be protected from sophisticated forms of attack likely,
until now at least, to be used only by governments?

When laws are proposed, it seems in all seriousness, to allow content
providers to hack into machines that they believe are infringing their
rights, I for one want a much higher level of defence.  It is one thing to
face 18 year old hackers but entirely another to face companies with
millions of dollars to spend in doing this (David thinks that they will go
for the easier attacks but I am not so sure).

And, with apologies to the lawyers on this list, I don't trust the average
constitutional lawyer to understand the utter stupidity of such proposals
and I don't hence trust legislatures to necessarily throw them out (pi = 3
and all that).

People in my position face a difficult judgement - do we stay silent for
fear of promoting the attacks which we worry about or do we talk about them
in the hope that we can get others to take them seriously and do something
about them.

Although I have known about BIOS attacks for 20 years, I have not discussed
them openly in such detail before now.  But given the stupidity being shown
in the US in the DMCA and in the calls for laws to legalise 'Hollywood
Hackers Inc', I now feel that people have a right to know what they might be
up against once hacking becomes a lawful million dollar industry.

  Brian