Posts for: #Uefi-Patching

TPM2 AntiLog

#bios-modding  #tcg  #tpm2  #uefi-patching 

TCG logs can be used to verify the boot chain against tampering, and are often used by software to check that the early boot sequence has not been tampered with, and thus that the kernel is (likely) intact.

However because the root of trust is often the SPI flash itself, such a system is vulnerable to patching of the routines that log and extend the TPM2 Platform Configuration Registers (PCRs). This post will discuss a simple patch that prevents logging of UEFI image hashes and extension of the PCRs related the boot sequence.

Read more →

InsecureBoot

#binary-patching  #bios-modding  #permanent-secure-boot-disable  #secure-boot  #secure-boot-bypass  #uefi-patching 

Secure Boot bypass via firmware patching

Background

Running unsigned or stealthily running self-signed EFI modules on a motherboard with properly implemented and enabled Secure Boot is theoretically impossible. Unsigned code gets blocked, and self-signed or hash-enrolled code allows for detection. To circumvent these restrictions, patching the return codes of the signature verification routines allows Secure Boot to remain active while allowing unsigned code execution.

Software can identify unauthorized EFI modules by parsing the firmware’s trusted database (db) and checking for untrusted certificates or hashes, such as self-signed certificates or unknown hashes. If either is found, the software assumes the system has executed non-standard modules during the current boot. These modules could range from those designed to undermine system security to harmless ones, such as a Linux Unified Kernel Image.

Read more →

MSI Modded BIOS Flash

#bios-modding  #secure-flash-rom-verify-fail  #uefi-patching 

Flashing unsigned firmware on MSI motherboards

Flashing an unsigned (modded) firmware image on an MSI board isn’t as simple as using M-Flash on your modified image. M-Flash does signature verification before flashing the image, and as a result, a different method must be used when the signature is changed.

Requirements

Requires at least one of the following:

  • USB BIOS Flashback

  • JTPM/JSPI header

Flash BIOS button

Disclaimer: Flashing modified firmware voids your warranty. Proceed at your own risk.

Read more →