EFI Preboot Guidelines and Win8 UEFI Secure Boot for HP Business Notebooks and Desktops
UEFI, SecureBoot, DeviceGuard, TPM a WHB...UEFI knows FAT32 and can read EFI system partition EFI...
Transcript of UEFI, SecureBoot, DeviceGuard, TPM a WHB...UEFI knows FAT32 and can read EFI system partition EFI...
Ing. Ondřej Ševeček | GOPAS a.s.
MCSM:Directory | MVP:Security | CISA | CISM | CEH | CHFI
[email protected] | www.sevecek.com
relevantní kurzy:
GOC163 (Moderní bezpečnost), GOC169 (ISO 27001),
GOC165 (CISM), GOC163 (GDPR a ZaKB)
UEFI, SecureBoot, DeviceGuard, TPM a WHB(un)related technologies
GOLD PARTNER: Hlavní partner: Hlavní odborný partner:
Virtual MachineHardware
UEFI
Secure Boot
Device Guard
TPM WHB
UEFI
UEFI, SecureBoot, DeviceGuard, TPM a WHB
Unified Extensible Firmware Interface newer BIOS :-)
– backward compatible
can be x32/x64– BIOS was 16bit
– better code and "drivers", bigger RAM
two APIs– boot services
– runtime services
configurable from OS with a runtime service
NVRAM– non-volatile RAM
– config + OS variables
– accessible through runtime services from OS
Hyper-V VM generations– generation 1 = BIOS
– generation 2 = UEFI
UEFI knows its boot devices
UEFI boots from MBR and GPT disks
old MBR disks (dumb jump to MBR)– max 4 partitions, 2 TB
– sector 0 = MBR512 bytes of code to jump into the Active partition
– boot sector512+ bytes of code to find bootmgr on the partition (NTFS, FAT, ...)
GPT disks (understands)– sector 1+ = GPT
– max 127 partitions, 68 000 000 000 TB with 4kB sector disks
– partition GUIDS and types• EFI system partition (ESP) = C12A7328-F81F-11D2-BA4B-00A0C93EC93B
• no active partition
UEFI knows FAT32 and can read EFI system partition
EFI partition– FAT32 (up to 32 GB)
– FASTFAT if supported
can boot directly bootxxxxx.efi– faster and OS configurable
– can check digital signatures of boot files
removable media– CD/DVD, USB flash
– single UDF/CDFS/FAT32 partition• up to 32 GB
Firmware variables and UEFI locks
NVRAM
– non-volatile RAM storage
– accessible read/write over runtime services API
locking
– changes must be written during boot services phase by a trusted
UEFI application
– RunAsPPL, DeviceGuard
UEFI lock on RunAsPPL
SecureBoot
UEFI, SecureBoot, DeviceGuard, TPM a WHB
SecureBoot
UEFI only
GPT + EFI partition
checking signatures of boot components
– UEFI: boot sector + boot loader
– OS: winload, kernel, drivers, LSASS, ...
SecureBoot enabled on HW (msinfo32)
SecureBoot enabled on VM (msinfo32)
SecureBoot requirements
GPT + EFI disk
supporting OS
– 8.1/2012 x64 and newer
disabled CSM (compatibility support mode)
– plus disable any "legacy" options
password protected "BIOS"
OS vendor public signature verification keys (re)loaded
Enabling secure boot within "BIOS"
SecureBoot protection
protects against boot code modifications
– does not prevent booting "rogue OS" in itself
DeviceGuard
UEFI, SecureBoot, DeviceGuard, TPM a WHB
LSASS sensitive memory vulnerability
High-Level OS
ProcessProcess
ProcessLSASSProcess
NTLM
TGT
password
Process
Attacker
Smart card principle
CryptoCPU
public storage
memory
protected private
crypt memory
OS
firmware
ROM
API calls
PINmaster PIN
PC
Attacker
LSASS sensitive memory solution
Hypervisor
Secure Kernel
Isolate User Mode
(IUM)
High-Level OS
Process LSASSProcess
Process Process
NTLM
TGT
password
vmbustrustlet
Attacker
Requirements
SecureBoot => UEFI
– ensures that the secure kernel and lsass would load untouched
– the secure kernel ensures that only the first interface user (lsass)
can use it
(Non)Protection
long-term memory credential protection– does not protect BitLocker AES FVEK yet
vulnerabilities– can be disabled by Admins with restart remotely (without UEFI lock)
– can be disabled by Admins with restart attended (with UEFI lock)
– hardware keyloggers
– software keyloggers
– RDP + HTTP basic auth loggers
– SSO injections
– memory dumping
– local management
Disabling DeviceGuard with UEFI lock
TPM
UEFI, SecureBoot, DeviceGuard, TPM a WHB
Used by
BitLocker to store volume decryptor
TPM smart cards
Windows Hello for Business
Trusted Platform/Policy Module
on-board smart-card– or plug-in module if supported by motherboard and BIOS
– or VM emulated
unlocked with multiple entry-key-parts– UEFI NVRAM hash
– boot sector hash
– boot loader hash, ...
+PIN possibly
owner password for privileged operations– clear, export, ...
VM emulated TPM vs. hardware based
VM TPM emulation
does not require physical TPM on the host
data stored encrypted in the VM configuration file
– encrypted with HgsGuardian
– either local or remote if configured
TPM ownership always some password present
– maybe not known to us :-)
OS can store owner password– None– Delegated
• binary blob only (not easily remembered)• newer applications support only
– Full• plain-text password• any application support
reset ownership password always possible– must clear the TPM– requires physical presence (BIOS instead of UEFI application)
TPM owner information in registry
HKLM\System\CurrentControlSet\Service\TPM\WMI\Admin
TPM state and owner authorization in PowerShell
Get-TPM
Clearing TPM without owner password
TPM virtual smart-cards
smart-card logon
– Kerberos PKINIT
– enterprise PKI + client certificates
– change PIN with CTRL-ALT-DEL
– PIN length policy
binds user identity to the machine
Provisioning TPM virtual smart cardtpmvscmgr.exe create /name "userADlogon" /AdminKey PROMPT /PIN prompt
/generate /pinpolicy minlen 4
# AdminKey: 48 hexa-digits (0-9,A-F)
# PIN: 8 any-characters by default
certutil –csplist
# Microsoft Smart Card Key Storage Provider
certutil –scinfo
tpmvscmgr destroy /instance root\smartcardreader\0000
# if unknown, use Device Manager for lookup
Looking up virtual smart card device in devmgmt.msc
Attestation
AD CS can require hardware attestations for issued
certificates
certificate request is signed by a TPM internal private key
– public verification key imported into CA
manual enrollment by a RA registration authority?
autoenrollment into defined device with attestation
Windows Hello for Business
UEFI, SecureBoot, DeviceGuard, TPM a WHB
What?
Convenience PIN
– store password on the disk, protected with a simpler PIN
Windows Hello
– store password on the disk, protected with a thumbprint or
anything payed within Office365
Windows Hello for Business
– smart card logon mapped from anything
Multiple-multifactor-biometric authentication
maps to Kerberos PKINIT smart-card logon credentials
stored locally
– in TPM or in software
better then fingerprint-readers, ...
AD user, AAD user, ...
– shadow account in Active Directory
Requires Device Registration with ADFS
Enabled with Group Policy
Virtual MachineHardware
Nice to have UEFI
– GPT disks– NVRAM variable locking
SecureBoot– signed boot components– requires UEFI
DeviceGuard– isolated credential storage (secure kernel)– requires SecureBoot
TPM– stores BitLocker keys– provides virtual smart cards– provides WHB
UEFI
Secure Boot
Device Guard
TPM WHB
Ing. Ondřej Ševeček | GOPAS a.s.
MCSM:Directory | MVP:Security | CISA | CISM | CEH | CHFI
[email protected] | www.sevecek.com
relevantní kurzy:
GOC163 (Moderní bezpečnost), GOC169 (ISO 27001),
GOC165 (CISM), GOC163 (GDPR a ZaKB)
UEFI, SecureBoot, DeviceGuard, TPM a WHB
GOLD PARTNER: Hlavní partner: Hlavní odborný partner: