BIOS Chronomancy: Fixing the Core Root of Trust for MeasurementDecember 2013
In this paper, we look at the implementation of the Core Root of Trust for Measurement (CRTM) from a Dell Latitude E6400 laptop. We describe how the implementation of the CRTM on this system doesn't meet the requirements set forth by either the Trusted Platform Module (TPM) PC client specification  or NIST 800-155 guidance. We show how novel tick malware, a 51-byte patch to the CRTM, can replay a forged measurement to the TPM, falsely indicating that the BIOS is pristine. This attack is broadly applicable, because all CRTMs we have seen to date are rooted in mutable firmware. We also show how fl ea malware can survive attempts to reflash infected firmware with a clean image. To fix the un-trustworthy CRTM we ported an open source "TPM-timing-based attestation" implementation  from running in the Windows kernel, to running in an OEM's BIOS and SMRAM. This created a new, stronger CRTM that detects tick, flea, and other malware embedded in the BIOS. We call our system "BIOS Chronomancy," and we will show that it works in a real vendor BIOS, with all the associated complexity, rather than in a simplified research environment.