Agenda
- The role of the BIOS
- Attacking a legacy BIOS
- Limitations of the legacy BIOS
- Introduction to the EFI environment
- Attacking the EFI environment
- UEFI, summary and conclusions
Some Caveats…
- This talk is about rootkit persistenceThis persistence
- How to deploy a rootkit from the BIOS/EFIHow EFI
- Not concerned with what the rootkit actually does
- This talk is not about Trusted ComputingThis Computing……
- EFI spec does not mandate TPMEFI TPM
- Some attacks may require physical accessSome access
- And most require root accessAnd access
- Could be deployed as a blended attack
- e.g. browser bug –> escalation to kernel > –> firmware
- Parts of this research are still work in progress…
Author: John Heasman