ACPI and SMI handlers: some limits to trusted computing

Abstract: Trusted computing has been explored through several international initiatives. Trust in a platform generally requires a subset of its components to be trusted (typically, the CPU, the chipset and a virtual machine hypervisor). These components are granted maximal privileges and constitute the so called Trusted Computing Base (TCB), the size of which should be minimal. The rest of the platform is only granted limited privileges and cannot perform security-critical operations. A few initiatives aim at excluding … Show more

“…Our models fall in the latter case, and we have to further inspect the output trace to see how its steps can be used to reconstruct a valid trace: we do observe in the output trace the expected intermediary messages on the channels cpu tpm and os, and we can follow the source of these messages up to a dynamic root of trust request, of whose validity we have to again make sure. By a similar analysis of attack traces returned by ProVerif, we can observe the attacks of [13,29] in our models, when we allow the STM to be modified arbitrarily.…”

“…That is why the SMI handler is stored in a memory area called SMRAM, which enjoys special hardware protection. Still, as shown in [13,29], the security guarantees of trusted computing can be violated using the CPU caching mechanism to compromise the SMI handler. Roughly, these attacks work because the protection of the SMRAM is not carried on to its cached contents.…”

“…While our model takes into account at an abstract level the attacks and mitigations of [13,29], further refinements and soundness results are necessary in order to be able to conclude that attacks such as these or as [31,30] are not possible in practice. We need to develop models that are abstract enough to allow clear specifications and automated reasoning, and realistic enough to capture for instance implementation flaws.…”

“…However, turning this idea into a secure design and implementation is not easy, as various attacks have shown [13,29]. For more assurance, one could use models and tools that allow automated verification of desired properties against trusted computing protocols and implementations.…”

Automated Verification of Dynamic Root of Trust Protocols

“…Our models fall in the latter case, and we have to further inspect the output trace to see how its steps can be used to reconstruct a valid trace: we do observe in the output trace the expected intermediary messages on the channels cpu tpm and os, and we can follow the source of these messages up to a dynamic root of trust request, of whose validity we have to again make sure. By a similar analysis of attack traces returned by ProVerif, we can observe the attacks of [13,29] in our models, when we allow the STM to be modified arbitrarily.…”

“…That is why the SMI handler is stored in a memory area called SMRAM, which enjoys special hardware protection. Still, as shown in [13,29], the security guarantees of trusted computing can be violated using the CPU caching mechanism to compromise the SMI handler. Roughly, these attacks work because the protection of the SMRAM is not carried on to its cached contents.…”

“…While our model takes into account at an abstract level the attacks and mitigations of [13,29], further refinements and soundness results are necessary in order to be able to conclude that attacks such as these or as [31,30] are not possible in practice. We need to develop models that are abstract enough to allow clear specifications and automated reasoning, and realistic enough to capture for instance implementation flaws.…”

“…However, turning this idea into a secure design and implementation is not easy, as various attacks have shown [13,29]. For more assurance, one could use models and tools that allow automated verification of desired properties against trusted computing protocols and implementations.…”

Automated Verification of Dynamic Root of Trust Protocols

x86 System Management Mode (SMM) Evaluation for Mixed Critical Systems

Energy saving of embedded systems; advanced power management