July 19, 2015

Defending UEFI: Tools & Lab - July 19th 2015

This session will begin with a one-hour talk on UEFI firmware security tools, focusing on UEFI Shell commands and CHIPSEC, via LUV-live, and a few other tools.

We will then switch to a two-hour lab, learning to boot into LUV-live and UEFI Shell boot disk, and starting to learn how to use these tools.  In the lab, you'll learn how to take a dump of your ROM, and see if it has changed since the last time you saved the image. You'll use some tools to test
if your OEM has decent firmware, of if your box has attackable vulnerabilities.

If some attendees will consider sharing their ROM dumps, they will be shared in a post-class forensic training fodder.

Helpful skills:

PC hardware fundamentals, BIOS and UEFI fundamentals, Python skills, Bash shell scripting and cmd.exe batch file scripting skills.

Lab requirements:

You will need a UEFI-based Intel x86 or x64 system for the lab, a laptop or perhaps a Minnowboard. No Itanium, ARM, AMD, Transmeta, or other
non-Intel x86/x64 systems in the lab.

You'll be needing to boot from a Linux live-boot distro and a UEFI Shell boot disk, you'll need to disable SecureBoot to do the latter. You need to backup this system, and be able to survive if you happen to brick it during firmware explorations during lab. You can build your own LUV-live, if you don't trust the thumbdrive provided. (Again, backup your system before working with the lab!). Alternatively, you can use QEMU in a safer environment, but you'll need to setup a TianoCore EDK-II build environment, to built an OVMF image to use with QEMU, and we won't be doing any EDK-II focus in talk, you'll need to prepare this in advance. Most of the focus is on UEFI, only a little on BIOS. The lab focus will be UEFI.  BIOS systems can't use UEFI Shell boot disk.