The presentation by John Butterworth, Corey Kallenberg and Xeno Kovah, "BIOS Security," addresses the implementation of the Static Root of Trust for Measurement (SRTM) in a PC configured prior to the 2011 National Institute of Standards and Technology (NIST) special publications that provide details about how the SRTM should be implemented in the PC's BIOS.
The problem was found in some PCs with TPMs with the BIOS incorrectly implemented. According to Kallenberg, "What we have discovered is not an issue with the TPM itself, but with the way the SRTM and BIOS have been implemented in some older PCs."
The MITRE presentation discusses how the BIOS, and thus the SRTM, can be manipulated either due to a configuration that does not enable signed BIOS updates, or via an exploit that allows for BIOS reflash even in the presence of a signed update requirement.
TCG's PC Client specifications, http://www.trustedcomputinggroup.org/files/resource_files/CB0B2BFA-1A4B-B294-D0C3B9075B5AFF17/TCG_PCClientImplementation_1-21_1_00.pdf, have always required a secure update process for the Core Root of Trust for Measurement.
For example, the PC Client Work Group Specific Implementation Specification for Conventional Bios, Version 1.21 Errata, Revision 1.00 for TPM Family 1.2; Level 2 notes that "...immutable is defined that, in order to maintain trust in the Host Platform, only a Host Platform manufacturer-approved agent and method MUST perform the replacement or modification of code or data. This allows the manufacturer to control the upgrade method for the portion of the Host Platform that is the Static Core Root of Trust for Measurement (S-CRTM) with consideration for the security properties of the Platform's Protection Profile. Additionally, Section 18.104.22.168 (Static Core Root of Trust for Measurement (S-CRTM)) defines the S-CRTM MUST be an immutable portion of the Host Platform's initialization code."
Implementations referenced in the Black Hat presentation appear to have had an implementation issue relative to requirements that existed when the platforms were built.
The industry can get additional recommendations for secure BIOS implementation in the NIST SP 800-155, available at http://csrc.nist.gov/publications/drafts/800-155/draft-SP800-155_Dec2011.pdf and NIST SP 800-147, http://csrc.nist.gov/publications/nistpubs/800-147/NIST-SP800-147-April2011.pdf.
The MITRE Team has developed a new timing-based attestation technique to be used with the TPM to help detect the issue uncovered in the research. The industry can access code for this at http://code.google.com/p/timing-attestation.
Additional tools to check the BIOS configuration for weaknesses, or dump and inspect the BIOS contents, will be available this month at http://www.mitre.org/work/cybersecurity/blog/cyber_tools_butterworth1.htm.
The Trusted Computing Group (TCG) is a not-for-profit organization that develops, defines and promotes open, vendor-neutral, global industry standards based on a hardware root of trust, for interoperable trusted computing platforms. Billions of endpoints use TCG standards to ensure system integrity, protect networks and secure data. For more information, see www.trustedcomputinggroup.org and on Twitter and LinkedIn.
Brands and trademarks are the property of their respective owners.