securing secure boot on xen
play

Securing Secure Boot on Xen Ross Lagerwall Software Engineer, - PowerPoint PPT Presentation

Sep 27, 2023 •147 likes •303 views

Securing Secure Boot on Xen Ross Lagerwall Software Engineer, Citrix Systems 1 / 15 Presentation licensed CC-By-SA-4.0 Why Secure Boot? How can we prevent running malware at boot? With Secure Boot! What if the machine is a VM in

  1. Securing Secure Boot on Xen Ross Lagerwall Software Engineer, Citrix Systems 1 / 15 Presentation licensed CC-By-SA-4.0

  2. Why Secure Boot? ● How can we prevent running malware at boot? ● With Secure Boot! ● What if the machine is a VM in the cloud? ● Xen doesn‘t support Secure Boot yet – let΄s see how it can be done. 2

  3. Background ● UEFI is a replacement for the BIOS ● It defines how operating systems interact with firmware including how the OS is started ● Secure Boot is part of the UEFI specification from 2.3.1 Errata C ● Using Secure Boot on Xen requires booting the guest as a UEFI guest Operating system ● Support for this exists using OVMF Extensible Firmware Interface Firmware 3 Images: Tiancocore (https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Logo/Logo.bmp) Hardware UEFI (https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface)

  4. Background ● Starting an OS under UEFI works differently compared with BIOS ● The firmware knows how to load a specified file on a FAT-formatted filesystem – could be a bootloader or an OS kernel. ● With Secure Boot, there is an extra step: Before executing the file its signature is verified 4

  5. Background ● How is it verified? ● Hardware has NVRAM which stores UEFI variables and these include certificates databases (called PK, KEK, db) ● The kernel to be booted needs to be signed by one of the trusted certificates ● If malware patches or replaces the kernel the firmware will refuse to start it because it fails the signature check 5

  6. Background ● How are the certificate databases populated? ● Prepopulated at the factory ● They are UEFI authenticated variables which require updates to be signed by the certificates already stored there ● Alternatively a platform-specific reset method can be used to clear the databases 6

  7. Implementation on real hardware ● The code which implements SetVariable() (i.e. variable services) needs to be protected from malware otherwise Secure Boot is compromised ● But malware could be running at the highest privilege level! ● An extra level of privilege is needed ● System Management Mode! ● Put the code in SMRAM so that it cannot be accessed outside of SMM ● Configure the NVRAM so that it can only be written from SMM ● Setting variables requires trapping into SMM 7

  8. Implementation on KVM ● KVM virtualizes what real hardware does ● QEMU emulates a block of flash memory for the NVRAM ● KVM emulates SMM for guests ● Reuses existing code for the security-critical parts of variables services See Securing secure boot with System Management Mode, Paolo 8 Bonzini, KVM Forum 2015 for more details.

  9. Implementation on Xen ● There are numerous vulnerabilities and attacks against SMM ● Xen has no support for emulating SMM ● Using emulated flash limits flexibility of variable storage ● How can we do better? 9

  10. Implementation on Xen ● With virtualization, there are already two distinct privilege levels (guest and hypervisor) so SMM is not needed ● Run a daemon that implements variable services outside of the guest execution context ● Add a new module to OVMF that implements variables services by proxying to the daemon running outside the guest 10

  11. Implementation on Xen ● The guest has no direct access to the code that executes the variables services ● Nor does it have direct access to the variable storage ● Variable storage is abstracted so that different backends can be used: Berkeley DB, SQLite, MySQL, XAPI database, flat files, etc. 11

  12. Implementation on Xen Hypervisor (dom0) Guest (n) Memory OVMF map varstored (n) OS XenVariable module XAPI DB return return handler_set_variable() store ioport write(port, pagenr) SetVariable() SetVariable() dispatch 12

  13. Implementation on Xen ● varstored: A daemon that implements all the required variable services using the XAPI database for storage ● XenVariable: An OVMF module that proxies variable service calls to varstored ● It works with Xen to securely implement Secure Boot and boots Linux and Windows guests ● Could be used with KVM without much difficulty ● It is not a platform specific implementation unlike the other approaches 13

  14. Demo ● Video at https://rossl.org/fosdem2019.mkv 14

  15. When can I use it? ● Not yet publicly available – will be released shortly and announced on the Xen mailing list 15

Recommend

Securing secure boot with System Management Mode Paolo Bonzini Red Hat, Inc. KVM Forum 2015

Securing secure boot with System Management Mode Paolo Bonzini Red Hat, Inc. KVM Forum 2015

Securing secure boot with System Management Mode Paolo Bonzini Red Hat, Inc. KVM Forum 2015 Outline UEFI overview Secure boot and SMM Chipset support: QEMU Hypervisor support: KVM Paolo Bonzini KVM Forum 2015 What is UEFI?

591 views • 29 slides
Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure

Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure

Top 10 Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure Boot Theory Internal boot ROM 1 st stage boot loader N th stage Verify signature Optional decrypt boot loader OS / Application 2

517 views • 25 slides
Extending the Secure Boot Certificate and Signature Chain of Trust to the OS Fionnuala Gunter,

Extending the Secure Boot Certificate and Signature Chain of Trust to the OS Fionnuala Gunter,

Extending the Secure Boot Certificate and Signature Chain of Trust to the OS Fionnuala Gunter, fin.gunter@hypori.com Mimi Zohar, zohar@linux.vnet.ibm.com Secure Boot Chains of Trust Secure Boot places the root of PK trust in hardware

847 views • 16 slides
HOST Secure Boot I ECE 525 Secure Boot Introduction Embedded system security can be partitioned

HOST Secure Boot I ECE 525 Secure Boot Introduction Embedded system security can be partitioned

HOST Secure Boot I ECE 525 Secure Boot Introduction Embedded system security can be partitioned into two categories: Security issues associated with the design Security issues associated with the system and application data once the

1.13k views • 25 slides
Secure and flexible boot with U-Boot bootloader Marek Va sut < marex@denx.de > October

Secure and flexible boot with U-Boot bootloader Marek Va sut < marex@denx.de > October

Secure and flexible boot with U-Boot bootloader Marek Va sut < marex@denx.de > October 15, 2014 Marek Va sut < marex@denx.de > Secure and flexible boot with U-Boot bootloader Marek Vasut Software engineer at DENX S.E. since

382 views • 35 slides
Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL

Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL

Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL TIEMPO S.A.S. December 3, 2019 1 Outline Connected Objects Securing IoT with a hardware Secure Element Introduction Securing Treats

537 views • 10 slides
Setup For Failure: Defea0ng UEFI Secure Boot Corey

Setup For Failure: Defea0ng UEFI Secure Boot Corey

Setup For Failure: Defea0ng UEFI Secure Boot Corey Kallenberg @coreykal Sam Cornwell @ssc0rnwell Xeno Kovah @xenokovah John BuGerworth

1.22k views • 84 slides
SECURING SECURE SHELL INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT AGAINST INSIDER THREATS

SECURING SECURE SHELL INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT AGAINST INSIDER THREATS

SECURING SECURE SHELL INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT AGAINST INSIDER THREATS Applying Due Care Via Common Sense Approach April 2017 100% 46% Ponemon 2014 SSH Security Vulnerability of 2000 Global do not Organizations Report

307 views • 29 slides
Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure Routing? Current routing protocols assume trusted environment! Even misconfigurations severely disrupt Internet routing Secure routing

245 views • 22 slides
Defeating Secure Boot with EMFI Ang Cui, PhD & Rick Housley {a|r}@redballoonsecurity.com

Defeating Secure Boot with EMFI Ang Cui, PhD & Rick Housley {a|r}@redballoonsecurity.com

Defeating Secure Boot with EMFI Ang Cui, PhD & Rick Housley {a|r}@redballoonsecurity.com PROJECT 1. Open-source project to democratize EMFI research 2. 2 years of work so far PROJECT Disclaimer: BadFET-style EMFI research is

1.55k views • 126 slides
RE-FRAME LET'S MAKE A CLOCK (WOW!) TO UNDERSTAND RE-FRAME, YOU MUST BE ABLE TO LIVE WITHOUT IT.

RE-FRAME LET'S MAKE A CLOCK (WOW!) TO UNDERSTAND RE-FRAME, YOU MUST BE ABLE TO LIVE WITHOUT IT.

RE-FRAME LET'S MAKE A CLOCK (WOW!) TO UNDERSTAND RE-FRAME, YOU MUST BE ABLE TO LIVE WITHOUT IT. BOOT https://github.com/boot-clj/boot BOOT TEMPLATES boot -d seancorfield/boot-new new -t tenzing -n <name> [+a <option>]* $ cd

566 views • 22 slides
Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K.

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K.

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K. MASMOUDI, K. MASMOUDI, H. AFIFI H. AFIFI Boston, 08/2004 6 th PCRD Integrated Project Goal : provide secure communication

450 views • 22 slides
Securing Energy Efficiency to Secure the Energy Union www.jrc.ec.europa.eu Yamina Saheb Heinz

Securing Energy Efficiency to Secure the Energy Union www.jrc.ec.europa.eu Yamina Saheb Heinz

Securing Energy Efficiency to Secure the Energy Union www.jrc.ec.europa.eu Yamina Saheb Heinz Ossenbrink Serving society Stimulating innovation Supporting legislation Does energy efficiency reduce the size of the energy trilemma? Energy

369 views • 20 slides
Securing RFID with Ultra-wideband Modulation Pengyuan Yu, Patrick Schaumont and Dong Ha

Securing RFID with Ultra-wideband Modulation Pengyuan Yu, Patrick Schaumont and Dong Ha

Securing RFID with Ultra-wideband Modulation Pengyuan Yu, Patrick Schaumont and Dong Ha Presented By: Eric Simpson Summary Traditional Secure Communications Securing the physical layer with UWB TH-PPM RFID digital baseband

386 views • 19 slides
LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Can We Have it Both Ways? Safe Secure Privacy-friendly

892 views • 62 slides
Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the

Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the

Securing Linux VMs in a Hosted Environment mikbras@microsoft.com Goal attacks from the outside To protect Linux VMs from outside attacks (from processes running on the host). Injecting code into the boot chain. Stealing data from

559 views • 18 slides
BIOS and Secure Boot Attacks Uncovered Ruxcon 2014 Advanced Threat Research, Intel Security John

BIOS and Secure Boot Attacks Uncovered Ruxcon 2014 Advanced Threat Research, Intel Security John

BIOS and Secure Boot Attacks Uncovered Ruxcon 2014 Advanced Threat Research, Intel Security John Loucaides (presenting) In n The he Be Begi ginnin nning Was as The he Leg egacy acy BI BIOS.. S.. Leg egacy acy BI BIOS 1. CPU

1.36k views • 101 slides
Securing The Web Browser Keeping the Phish in the Sea What is Wrong With This? Where to Begin?

Securing The Web Browser Keeping the Phish in the Sea What is Wrong With This? Where to Begin?

Securing The Web Browser Keeping the Phish in the Sea What is Wrong With This? Where to Begin? Security indicator only in the content region Notice that it is used for personal data that should be secure No access to the location or

933 views • 21 slides
Securing PHP Applications By: Ilia Alshanetsky What is Security? Security is a measurement, not

Securing PHP Applications By: Ilia Alshanetsky What is Security? Security is a measurement, not

Securing PHP Applications By: Ilia Alshanetsky What is Security? Security is a measurement, not a characteristic. It s is also an growing problem that requires an continually evolving solution. A good measure of secure application is it

782 views • 74 slides
I Boot when U-Boot @bernardomr (MIA) @_evict 1 / 44 Agenda 1. Introduction 2. The target device

I Boot when U-Boot @bernardomr (MIA) @_evict 1 / 44 Agenda 1. Introduction 2. The target device

I Boot when U-Boot @bernardomr (MIA) @_evict 1 / 44 Agenda 1. Introduction 2. The target device 3. The bootkit 4. Defending / Detecting 2 / 44 Introduction Vincent Works at KPN REDteam Likes Linux and low-level stu Located in Amsterdam

792 views • 44 slides
Trending Boot Technology The Most Determinate Piece of Equipment in Skiing is the Boot. Boots are

Trending Boot Technology The Most Determinate Piece of Equipment in Skiing is the Boot. Boots are

Trending Boot Technology The Most Determinate Piece of Equipment in Skiing is the Boot. Boots are the transmitters of body movement to the ski. Proper support, comfort, and performance application make the difference between a good day on the snow

431 views • 29 slides
Dec 08 Backup Boot Flash Tools (BBF): Introduction Introduction The Backup Boot Flash (BBF) is

Dec 08 Backup Boot Flash Tools (BBF): Introduction Introduction The Backup Boot Flash (BBF) is

Dec 08 Backup Boot Flash Tools (BBF): Introduction Introduction The Backup Boot Flash (BBF) is an innovative SPI tool created by DediProg to force the application controller to work (read, program, update..) on the backup memory inserted in the

1.06k views • 17 slides
IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT is a system of systems, with A great deal of heterogeneity (sensing, computation, communication, energy) New types of devices appearing all

1.35k views • 65 slides
Securing the Supply Chain 1 We need to make Security the Foundation We need to Deliver

Securing the Supply Chain 1 We need to make Security the Foundation We need to Deliver

Securing the Supply Chain 1 We need to make Security the Foundation We need to Deliver Uncompromised Cost, Schedule, Performance ARE ONLY EFFECTIVE IN A SECURE ENVIROMENT 2 Delivered Uncompromised by Mitre 5 Key Structural Challenges 15

227 views • 11 slides

More recommend