[coreboot] [Resend] Tapping into the core (33C3)

Maxim Goryachy mgoryachy at ptsecurity.com
Tue Jan 17 12:11:38 CET 2017 

On 16.01.2017 18:41, Denis 'GNUtoo' Carikli wrote:

Hello Denis.

Thank you for interest to our talk.

Hi,

I saw your presentation "Tapping into the core"[1] that you gave at the
last CCC.

As I understand from the slides DCI can be activated trough:
- The flash descriptor
- UEFI
- The P2SB register

Are skylake platform safe if:
- DCI is disabled in the flash descriptor.
- DCI is not activated by the boot firmware(UEFI or coreboot).
- DCI is not activated troug the P2SB register.

All the above require either code execution on the machine or to open
the machine with a screwdriver and reprogram the flash with an external
flash programmer.

If DCI is enabled in the flash descriptor, then the following attacks
can benefit from an enabled-by-default DCI:
- Malicious USB devices trying to take over the computer.
- Evil maid attacks when trying to bypass the TPM. This might or might
  not work depending on how the TPM application inside the Management
  engine works.

If I understand correctly, when DCI is disabled in the flash
descriptor, such attacks are not possible and the computer is safe.

Unfortunately no, DCI can be activated through P2SB device at any
time.  We checked it on Skylake and Kabylake.




Since skylake computer can be secured, the feature would become an
enormous advantage: Coreboot developers might be able to use that
feature to make debugging and replacing intel blobs faster and easier.
Having more information on the protocol or free software and open
source tools would help. This might also be useful for debugging the
Linux kernel or other hardware related projects.

It might also be possible to run coreboot on laptops with bootguard:
Some programable[1] USB3 device controller exist, if a tiny enough USB
key can be made, it might be possible to bypass bootguard this way.
Users doing that would then be able to use coreboot on more recent
computers.

I think it is possible. I'm using DCI for BIOS research.




Some questions:
- Can the debug port be used as an usb device controller?

Sorry? I don't understand the question.



- What is the relationship between DCI and the Management Engine?
  Can the Management Engine be controlled trough DCI?

I think it is two different device into PCH. They have some
shared register, but We haven't research it yet entirely .



- Do you have more documentation on the protocol? Is it possible to
  have the slides?

We are planning to write a paper about protocol and driver for
support DCI.




By the way, coreboot and libreboot have several utilities related to
the flash descriptor:
- ifdtool[3]
- ich9gen[4]

PS: Sorry for the inconvenience, due to bad exim configuration which
will hopefully be fixed now, I've to resend the mail.

References:
-----------
[1]https://media.ccc.de/v/33c3-8069-tapping_into_the_core
[2]http://www.cypress.com/products/ez-usb-fx3-superspeed-usb-30-peripheral-controller
[3]utils/ifdtool in coreboot sources.
[4]resources/utilities/ich9deblob in libreboot sources.

Denis.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20170117/502ff6d1/attachment.html>

More information about the coreboot mailing list