logo
allArticlesConferencesPresentations

Behind the Scenes of Intel Security and Manageability Engine

Conference:  BlackHat USA 2019

2019-08-07

Summary

The presentation discusses the architecture and security features of the CSM II system, including pre and post-manufacturing abilities, secure firmware updates, and the microkernel architecture.
  • CSM II system has pre and post-manufacturing abilities to configure features such as manageability and anti-roll back
  • Secure firmware updates ensure version control and integrity protection
  • Microkernel architecture ensures proper isolation between critical security features and manageability
  • Auditing and mitigation measures are in place to prevent vulnerabilities
The presentation mentions that previous research found vulnerabilities in the high privilege component of the bring up process, leading to a reduction in its privileges to prevent unauthorized access to critical security features.

Abstract

Today low-level firmware vulnerabilities are becoming more a focus than in the past, mainly due to the nature of having highest privilege on the system and due to the advanced security protection and mitigation that exist in the host Operating System (OS).Intel has developed a security engine named CSME (Converged Security and Manageability Engine) that provides a key security value to the platform from start to enablement of the “Root of Trust” concept.Continuous improvements have been made to the CSME firmware during the past few years that aim to make it more difficult to exploit common memory corruption issues and reduce complexity/privileges of some of the CSME firmware (FW) modules due to security issues published in previous years. We will describe how Intel CSME FW is mitigating these type of security challenges by applying industry standards mitigation tailored to the FW environment.We will share deep technical detail on how other firmware environments can achieve the same results by applying the same technology and we will share the why of how we apply a feedback fuzzing and queue-management in a generic form, so it could be applied on any given existing fuzzer.Overall, in this presentation we will introduce the following:CSME Hardware, its limitation and security challenges it poses.CSME µKernel OS internals, boot flow, Debugging capabilities.Processes & Key features.CSME customizations support & OEM role in manufacturing.Recovery and update mechanisms.Exploitation mitigations against memory corruptions & defense in depthFuzzers & monitoring technologies.
Materials:
Slides
Tags:

Post a comment

Related work

Breaking Firmware Trust From Pre-EFI: Exploiting Early Boot Phases

Conference:  Black Hat USA 2022
Authors:
2022-08-10

Safeguarding UEFI Ecosystem: Firmware Supply Chain is Hard(coded)

Conference:  BlackHat USA 2021
Authors:
2021-08-05

The Various Shades of Supply Chain: SBOM, N-Days and Zero Trust

Conference:  Black Hat Asia 2023
Authors: Alex Matrosov, Richard Hughes, Kai Michaelis
2023-05-12

Ghost in the Wireless, iwlwifi Edition

Conference:  Black Hat USA 2022
Authors:
2022-08-11

OEM Finder: Hunting Vulnerable OEM IoT Devices at Scale

Conference:  BlackHat EU 2019
Authors:
2019-12-05

efiXplorer: Hunting for UEFI Firmware Vulnerabilities at Scale with Automated Static Analysis

Conference:  BlackHat EU 2020
Authors:
2020-12-09