UEFI BIOS Accessibility for the Visually Impaired

People with some kind of disability face a high level of difficulty for everyday tasks because, in many cases, accessibility was not considered necessary when the task or process was designed. An example of this scenario is a computer's BIOS configuration screens, which do not consider the specific needs, such as screen readers, of visually impaired people. This paper proposes the idea that it is possible to make the pre-operating system environment accessible to visually impaired people. We report our work-in-progress in creating a screen reader prototype, accessing audio cards compatible with the High Definition Audio specification in systems running UEFI compliant firmware.Comment: 6 page

Bootbandit: A macOS Bootloader Attack

Full disk encryption (FDE) is used to protect a computer system against data theft by physical access. If a laptop or hard disk drive protected with FDE is stolen or lost, the data remains unreadable without the encryption key. To foil this defense, an intruder can gain physical access to a computer system in a so-called “evil maid” attack, install malware in the boot (pre-operating system) environment, and use the malware to intercept the victim’s password. Such an attack relies on the fact that the system is in a vulnerable state before booting into the operating system. In this paper, we discuss an evil maid type of attack, in which the victim’s password is stolen in the boot environment, passed to the macOS user environment, and then exfiltrated from the system to the attacker’s remote command and control server. On a macOS system, this attack has additional implications due to “password forwarding” technology, in which users’ account passwords also serve as FDE passwords

Language applications for UEFI BIOS

textThe Unified Extensible Firmware Interface (UEFI) is the industry-standard Basic Input/Output System (BIOS) firmware specification used by modern desktop, portable, and server computers, and is increasingly being ported to today's new mobile form factors as well. UEFI is firmware responsible for bootstrapping the hardware, turning control over to an operating system loader, and then providing runtime services to the operating system. ANTLR (ANother Tool for Language Recognition) is a lexer-parser generator for reading, processing, executing, and translating structured text and binary files. It supersedes older technologies such as lex/yacc or flex/bison and is widely used to build languages and programming tools. ANTLR accepts a provided grammar and generates a parser that can build and walk parse trees. This report studies UEFI BIOS and compiler theory and demonstrates ways compiler theory can be leveraged to solve problems in the UEFI BIOS domain. Specifically, this report uses ANTLR to implement two language applications aimed at furthering the development of UEFI BIOS implementations. They are: 1. A software complexity analysis application for UEFI created that leverages ANTLR's standard general-purpose C language grammar. The complexity analysis application uses general-purpose and domain-specific measures to give a complexity score to UEFI BIOS modules. 2. An ANTLR grammar created for the VFR domain-specific language, and a sample application which puts the grammar to use. VFR is a language describing visual elements on a display; the sample application creates an HTML preview of VFR code without requiring a developer to build and flash a BIOS image on a target machine to see its graphical layout.Electrical and Computer Engineerin

BootBandit: A macOS bootloader attack

Historically, the boot phase on personal computers left systems in a relatively vulnerable state. Because traditional antivirus software runs within the operating system, the boot environment is difficult to protect from malware. Examples of attacks against bootloaders include so‐called “evil maid” attacks, in which an intruder physically obtains a boot disk to install malicious software for obtaining the password used to encrypt a disk. The password then must be stored and retrieved again through physical access. In this paper, we discuss an attack that borrows concepts from the evil maid. We assume exploitation can be used to infect a bootloader on a system running macOS remotely to install code to steal the user\u27s password. We explore the ability to create a communication channel between the bootloader and the operating system to remotely steal the password for a disk protected by FileVault 2. On a macOS system, this attack has additional implications due to “password forwarding” technology, in which a user\u27s account password also serves as the FileVault password, enabling an additional attack surface through privilege escalation

Enterprise platform systems management security threats and mitigation techniques

Developers and technologists of enterprise systems such as servers, storage and networking products must constantly anticipate new cybersecurity threats and evolving security requirements. These requirements are typically sourced from marketing, customer expectations, manufacturing and evolving government standards. Much ongoing major research focus has been on securing the main enterprise system purpose functionality, operating system, network and storage. There appears, however, to be far less research and a growing number of reports of vulnerabilities in the area of enterprise systems management hardware and software subsystems. Many recent examples are within types of subsystems such as baseboard management controllers (BMCs), which are intricate embedded subsystems, independent of the host server system functionality. A BMC is typically comprised of a specialized system-on-a-chip, RAM, non-volatile storage, and sensors, and runs an embedded LINUX Operating System. The BMC’s primary roles are always increasing in scope including managing system inventory, system operational health, thermal and power control, event logging, remote console access, provisioning, performance monitoring, software updates and failure prediction and remediation. To compromise or create a denial of service of such subsystems has an increasing impact on equipment manufacturers and large and small enterprises. This report’s primary objective is to research real-world and theoretical hardware and software cyber-attack vectors on enterprise product platforms, inclusive of BMCs, BIOS and other embedded systems within such products. For each presented attack vector, best practices and suggestions for effective avoidance and mitigation are explored. Domains of particular interest are physical access security, hardware manipulation and secure boot protections against software image manipulation, BIOS recovery and secure field debug techniques.Electrical and Computer Engineerin

Embedded Firmware Solutions

Computer scienc

Embedded Firmware Solutions: Development Best Practices for the Internet of Things

Embedded Firmware Solutions is the perfect introduction and daily-use field guide--for the thousands of firmware designers, hardware engineers, architects, managers, and developers--to Intel’s new firmware direction (including Quark coverage), showing how to integrate Intel® Architecture designs into their plans. Featuring hands-on examples and exercises using Open Source codebases, like Coreboot and EFI Development Kit (tianocore) and Chromebook, this is the first book that combines a timely and thorough overview of firmware solutions for the rapidly evolving embedded ecosystem with in-depth coverage of requirements and optimization

Model checking boot code from AWS data centers

© 2020, The Author(s). This paper describes our experience with symbolic model checking in an industrial setting. We have proved that the initial boot code running in data centers at Amazon Web Services is memory safe, an essential step in establishing the security of any data center. Standard static analysis tools cannot be easily used on boot code without modification owing to issues not commonly found in higher-level code, including memory-mapped device interfaces, byte-level memory access, and linker scripts. This paper describes automated solutions to these issues and their implementation in the C Bounded Model Checker (CBMC). CBMC is now the first source-level static analysis tool to extract the memory layout described in a linker script for use in its analysis