Sorry, I forgot to attach slides.
On 16.01.2017 18:41, Denis 'GNUtoo' Carikli wrote:
Hello Denis.
Thank you for interest to our talk.
Hi,
I saw your presentation "Tapping into the core"[1] that you gave at the last CCC.
As I understand from the slides DCI can be activated trough: - The flash descriptor - UEFI - The P2SB register
Are skylake platform safe if: - DCI is disabled in the flash descriptor. - DCI is not activated by the boot firmware(UEFI or coreboot). - DCI is not activated troug the P2SB register.
All the above require either code execution on the machine or to open the machine with a screwdriver and reprogram the flash with an external flash programmer.
If DCI is enabled in the flash descriptor, then the following attacks can benefit from an enabled-by-default DCI: - Malicious USB devices trying to take over the computer. - Evil maid attacks when trying to bypass the TPM. This might or might not work depending on how the TPM application inside the Management engine works.
If I understand correctly, when DCI is disabled in the flash descriptor, such attacks are not possible and the computer is safe.
Unfortunately no, DCI can be activated through P2SB device at any time. We checked it on Skylake and Kabylake.
Since skylake computer can be secured, the feature would become an enormous advantage: Coreboot developers might be able to use that feature to make debugging and replacing intel blobs faster and easier. Having more information on the protocol or free software and open source tools would help. This might also be useful for debugging the Linux kernel or other hardware related projects.
It might also be possible to run coreboot on laptops with bootguard: Some programable[1] USB3 device controller exist, if a tiny enough USB key can be made, it might be possible to bypass bootguard this way. Users doing that would then be able to use coreboot on more recent computers.
I think it is possible. I'm using DCI for BIOS research.
Some questions: - Can the debug port be used as an usb device controller?
Sorry? I don't understand the question.
- What is the relationship between DCI and the Management Engine? Can the Management Engine be controlled trough DCI?
I think it is two different device into PCH. They have some shared register, but We haven't research it yet entirely .
- Do you have more documentation on the protocol? Is it possible to have the slides?
We are planning to write a paper about protocol and driver for support DCI.
By the way, coreboot and libreboot have several utilities related to the flash descriptor: - ifdtool[3] - ich9gen[4]
PS: Sorry for the inconvenience, due to bad exim configuration which will hopefully be fixed now, I've to resend the mail.
References: ----------- [1]https://media.ccc.de/v/33c3-8069-tapping_into_the_core [2]http://www.cypress.com/products/ez-usb-fx3-superspeed-usb-30-peripheral-cont... [3]utils/ifdtool in coreboot sources. [4]resources/utilities/ich9deblob in libreboot sources.
Denis.