Joseph Tartaro, Enrique Nissim, and Krzysztof Okupski of IOActive Research, will be presenting ‘Back to the Future with Platform Security’ at Hexacon 2023.
In the last decade the industry has seen a large amount of research released around Intel platform security. Since the release of CHIPSEC, the industry has had a tool to quickly analyze their Intel platform against a secure baseline for misconfigurations. As a result of this, it has become more difficult to find misconfigured Intel platforms from major OEMs.
As we dove into the platform security realm ourselves, we noticed a complete lack of focus and analysis of AMD platforms. This was a surprise to us due to the popularity and significantly growing market share of AMD.
The team will dive into interesting architectural differences across Intel and AMD that make up for the security of the platform. As part of it, we provide a first glance of various AMD security features, such as ROM Armor and Platform Secure Boot. Additionally, we’re going to present several vulnerabilities that, when combined, allowed us to inject a persistent firmware implant running in ring -2 on various systems.
All these details have been flushed into a tool that we developed which can be used by end users to quickly verify that their systems are free from common misconfigurations.