Data-Only Attacks Against UEFI BIOS
Alex Ermolov Security Researcher


What comes to your mind when you hear about UEFI BIOS vulnerabilities? For a long time the obvious answer was issues in SMM (System Management Mode) code, which enables one of the protection mechanisms against UEFI BIOS modifications. This was the reason of creation other platform protective technologies, but still new issues in SMM keep being discovered.

Though, supported not by each OEM/IBV, there are a number of mitigations applied for SMM code. Beyond that, a lot of firmware verification techniques were introduced recently. All measures grown by vendors aimed to protect the firmware code integrity and runtime UEFI BIOS interfaces (like SMI handlers) from software attacks and hardware tampering. However, UEFI firmware architecture still allows to develop attack vectors that has almost none countermeasures nowadays and allows to bypass all known UEFI BIOS mitigations and protection technologies.

In this talk we’ll describe current UEFI BIOS security model and talk about one if its main disadvantages, which could be exploited by recently discovered vulnerabilities.