Session 8: System Security and Authentication CODASPY ’19, March 25–27, 2019, Richardson, TX, USA BootKeeper: Validating Software Integrity Properties on Boot Firmware Images Ronny Chevalier Stefano Cristalli Christophe Hauser CentraleSupélec, Inria, Univ Rennes, Università degli Studi di Milano University of Southern California CNRS, IRISA
[email protected] [email protected] [email protected] Yan Shoshitaishvili Ruoyu Wang Christopher Kruegel Arizona State University Arizona State University University of California, Santa
[email protected] [email protected] Barbara
[email protected] Giovanni Vigna Danilo Bruschi Andrea Lanzi University of California, Santa Università degli Studi di Milano Università degli Studi di Milano Barbara
[email protected] [email protected] [email protected] ABSTRACT Boot Firmware Images. In Ninth ACM Conference on Data and Application Boot firmware, like UEFI-compliant firmware, has been the target Security and Privacy (CODASPY ’19), March 25–27, 2019, Richardson, TX, USA. of numerous attacks, giving the attacker control over the entire ACM, New York, NY, USA, 11 pages. https://doi.org/10.1145/3292006.3300026 system while being undetected. The measured boot mechanism of a computer platform ensures its integrity by using cryptographic 1 INTRODUCTION measurements to detect such attacks. This is typically performed by relying on a Trusted Platform Module (TPM). Recent work, however, One of the most critical components of every computer is the shows that vendors do not respect the specifications that have been boot firmware (e.g., BIOS or UEFI-compliant firmware), which isin devised to ensure the integrity of the firmware’s loading process. charge of initializing and testing the various hardware components, As a result, attackers may bypass such measurement mechanisms and then transfer execution to the Operating System (OS).