UEFI & CHIPSEC Development for Security Researchers
June 23, 2019 @ 9:00 am – 5:00 pm
The Unified Extensible Firmware Interface (UEFI) plays a critical role in ensuring platform security. However, there seems to be a steep learning curve for developers and researchers to implement firmware functionality. This course intends to be a resource for firmware enthusiasts to ease into developing interesting platform functionality as well as to provide them with the tools necessary to test the state of a platform and the firmware running on it.
The class is a hands-on course focused on coding, compiling, and testing platform firmware. The course material and labs are based around two projects: the open source implementation of UEFI (TianoCore) and CHIPSEC, a widely deployed open source platform security framework. The UEFI development section covers everything from the basics of the UEFI build environment, basic Hello World examples, and UEFI shell apps all the way to UEFI driver development and System Management Mode (SMM) functionality. Students don’t necessarily need to be firmware experts, but could benefit from the material even if they have firmware research experience.
The CHIPSEC development section will focus on the creation of verification modules that check for the proper hardware configuration of a platform, provide the ability to blacklist known vulnerable code, perform forensics, craft POC’s for vulnerabilities, and even stress test different firmware features. The class is ideal for firmware security researchers looking for a deeper dive into platform configuration and stress testing.
- Firmware developers
- Validation engineers
- Penetration testers
- Security researchers
- A basic understanding of UEFI firmware.
- C and Python programming experience.
- Familiarity with VMware/VirtualBox
- Basics of firmware security
Hardware and Software Requirements: Students are responsible for providing their own systems with the ability to run a VM that will be provided during the event. VirtualBox is preferred. The system should have at least 10 GB available space.
- Introduction – Primer material and cheat sheets
- Building TianoCore – Build chain setup and walkthrough
- UEFI Development
- UEFI shell application
- UEFI library – reusable functionality
- DXE driver development – including protocols to be consumed by drivers
- System Management Mode (SMM) – Spec and development
- UEFI Development guidance
- UEFI security feature walkthrough
- TianoCore contribution guidelines, Do’s/Don’ts, Tips & Tricks
- CHIPSEC architecture overview
- CHIPSEC Development
- Developing a CHIPSEC module/test
- SMI handler fuzzing
- CHIPSEC platform inspection
- Driver blacklisting
- Fuzzing UEFI interfaces with AFL, OVMF, and QEMU
- System setup and test harness implementation
- Result interpretation
- Tying fuzzing results to CHIPSEC PoC
- Q&A/wrap up
Maggie Jauregui is a security researcher for Intel’s Platform Armoring and Resiliency (PAR) team. PAR team supports Intel UEFI Bug Bounty, contributes to and maintains the CHIPSEC tool, and is part of the larger organization that delivers TianoCore within Intel. Maggie is focused on hardware and firmware security and has presented at conferences such as DEF CON, CanSecWest, DerbyCon, BSidesPDX, OSFC, and UEFI Plugfest.
Training Terms & Conditions
- Training requires a minimum of 10 participants and no more than 25 per classroom.
- Training session confirmation will be sent June 1st 2019.
- Cancellation and refunds will not be available once session has been confirmed.
- Questions? [email protected]
- Full terms can be found at https://bsidestlv.com/trainingterms/