Wednesday, April 19, 2017

Hardware enabled trust

Siege has been doing some work with hardware and software enabled root of trust implementations over the past few years. Specifically, looking at implementations like Trusted Platform Module (TPM), boot processes, UEFI, hypervisors and other implementations that utilize hardware "trust" functionality. Wanted to share some insight into what the research and implementation communities are doing.

To start, the major presentation that started a lot of attention for hypervisors and hardware trust was Joanna Rutkowska's 2006 Blue Pill presentation at Blackhat. That discussed injecting a hypervisor rootkit into a running operating system utilizing AMD's SVM (Secure Virtual Machine) instructions. Also discussed countermeasures, detections, and possible extensions to Intel's VT-x instructions. Also in 2006 researchers from Watson research discussed virtualizing the TPM so virtual machines could utilize TPM functionality.

In 2009 Rafal Wojtczuk, Rutkowska and Alexander Tereshkin presented several attacks  against the Intel's TXT (Trusted Execution Technology). Also in 2009 Rafal and Joanna presented an attack against System Management Mode (SMM). From the paper:
System Management Mode (SMM) is the most privileged CPU operation mode on x86/x86_64 architectures. It can be thought of as of "Ring -2", as the code executing in SMM has more privileges than even hardware hypervisors (VT), which are colloquially referred to as if operating in "Ring -1".
The authors describe
how to practically exploit this problem, showing working proof of concept codes that allow for arbitrary SMM code execution. This allows for various kind of abuses of the super-privileged SMM mode, e.g. via SMM rootkits
In 2011 Rafal Wojtczuk and Rutkowska presented an attack against the Intel VT-d and by extension Intel's TXT (Trusted Execution Technology). Wojticzuk, Rutkowska and Tereshkin were all part of Rutkowska's Invisible Things Lab, where the Qubes OS was also developed. Some of their posts on Qubes are available here. Qubes is an interesting project as they are attempting to implement defenses against the operating system/kernel, hypervisors and hardware that they are aware of by utilizing the full functionality of the hardware and secure design principles with strong isolation to build a significantly more secure operating system environment.
There are tons of other papers out there as well, I'd love to do a more comprehensive survey on the topic at some point. Siege has been doing some really cool research in the area and we started years ago, finally got to present it at Blackhat in 2016. Breaking Hardware Enforced Security with Hypervisors has some good information on the area and approaches to subverting the TPM interactions with the kernel/boot process by leveraging other architectural features (in our case, VT-x). Hopefully we'll have an opportunity to present some of the other things we've done in the domain in the next few years.