Joanna Rutkowska's blog points to recent paper on a survey of the various problems and attacks presented against the x86 platform over the last 10 years. The paper does not present new exploits but does cover: the BIOS (UEFI) and booting; peripherals; the Intel Management Engine; and several other aspects of x86 insecurity. Some of the problems appear insurmountable as described.
(Score: 5, Informative) by Anonymous Coward on Friday October 30 2015, @02:13PM
I will save you the 44 pages of drivel and show you the half-a-page summary:
We have seen that the Intel x86 platform offers pretty advanced isolation and
sandboxing technologies (MMU, VT-x, VT-d) that can be used to effectively
de-privilege most of the peripheral devices, including their firmware, as well as
their corresponding drivers and subsystems executing as part of the host OS.
This allows to build heavily decomposed systems, which do not need to trust
networking or USB devices, drivers and stacks. This does require, of course,
specially designed operating systems to take advantage of these technologies.
Sadly most systems are not designed that way and instead follow the monolithic
paradigm in which almost everything is considered trusted.
But one aspect still presents a serious security challenge on x86 platform: the
boot security. Intel has introduced many competing and/or complementary
technologies which are supposed to solve the problem of boot security: support
for TPM and TXT, support for SMM sandboxing, finally Boot Guard and UEFI
Secure Boot. Unfortunately, as we have seen in the first chapter, none of these
technologies seem satisfactory, each introducing more potential problems than it
might be solving.
Finally, the Intel Management Engine (ME) technology, which is now part of
all Intel processors, stands out as very troublesome, as explained in one of the
chapters above. Sadly, and most depressing, there is no option for us users to
opt-out from having this on our computing devices, whether we want it or not.
The author considers this as probably the biggest mistake the PC industry has
got itself into she has every witnessed.
(Score: 2) by Runaway1956 on Friday October 30 2015, @03:23PM
Thank you for that. I did wade through a lot of verbiage, and still couldn't figure out what she was saying. Your summary helped a lot.
(Score: 5, Insightful) by tangomargarine on Friday October 30 2015, @03:46PM
But one aspect still presents a serious security challenge on x86 platform: the
boot security. Intel has introduced many competing and/or complementary
technologies which are supposed to solve the problem of boot security: support
for TPM and TXT, support for SMM sandboxing, finally Boot Guard and UEFI
Secure Boot. Unfortunately, as we have seen in the first chapter, none of these
technologies seem satisfactory, each introducing more potential problems than it
might be solving.
How would one go about "solving the boot security problem?" It seems like a chicken-and-egg situation to me. Either you accept some amount of risk that if somebody gets their physical hands on your machine, you're boned, but it's easier for you, the customer, to use; or you add crazy anal probes like Secure Boot (I rather doubt the version now is their endgame...hardware whitelists and TPM, anyone?) that make it much harder for you, the customer, to tinker with your stuff, but secure it for...somebody else.
Can somebody give an example of boot security done "right"?
Security, especially in this situation, boils down to fail-secure or fail-usable.
1) OS security can be avoided by booting something else on the same machine and then just reading the hard drive to ignore permissions.
2) So make it so you can't boot anything but the installed OS by locking the BIOS.
3) But you can reset the BIOS by pulling the cell battery.
4) So do something else so that you can't do that.
If you make it impossible to circumvent, then of course you're boned if you forget your own password.
Just talking out of my ass here.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Saturday October 31 2015, @10:59AM
3) But you can reset the BIOS by pulling the cell battery
The coin cell on your motherboard keeps your CMOS from losing its marbles.
BIOS is a completely different chip.
-- gewg_
(Score: 2) by tangomargarine on Sunday November 01 2015, @04:35AM
Complementary metal-oxide semiconductor, or CMOS, typically refers to a battery-powered memory chip in your computer that stores startup information. Your computer's basic input/output system (BIOS) uses this information when starting your computer.
You may notice on the initial start up screen, called the POST screen, an option is available to enter the BIOS or CMOS setup. When you enter this setup area, you are entering the CMOS setup, not the BIOS setup. The BIOS chip and program cannot be updated directly by a user. The only way to update the BIOS is using a BIOS flash program called a BIOS update, which updates the BIOS to a different version.
So it's where your BIOS settings are stored, not the BIOS itself? Which in this case is exactly what we care about--the password.
I guess I don't follow your point. Other than perhaps being technically correct.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"