BIOS Chronomancy: Fixing the Core Root of Trust for Measurement

December 2013
John Butterworth, The MITRE Corporation
Corey Kallenberg, The MITRE Corporation
Xeno Kovah, The MITRE Corporation
Amy L. Herzog, The MITRE Corporation
Download PDF (720.29 KB)

In this paper, we look at the implementation of the Core Root of Trust for Measurement (CRTM) from a Dell Latitude E6400 laptop. We describe how the implementation of the CRTM on this system doesn't meet the requirements set forth by either the Trusted Platform Module (TPM) PC client specification [12] or NIST 800-155[20] guidance. We show how novel tick malware, a 51-byte patch to the CRTM, can replay a forged measurement to the TPM, falsely indicating that the BIOS is pristine. This attack is broadly applicable, because all CRTMs we have seen to date are rooted in mutable firmware. We also show how fl ea malware can survive attempts to reflash infected firmware with a clean image. To fix the un-trustworthy CRTM we ported an open source "TPM-timing-based attestation" implementation [17] from running in the Windows kernel, to running in an OEM's BIOS and SMRAM. This created a new, stronger CRTM that detects tick, flea, and other malware embedded in the BIOS. We call our system "BIOS Chronomancy," and we will show that it works in a real vendor BIOS, with all the associated complexity, rather than in a simplified research environment.


Publication Search