BIOS chronomancy: fixing the core root of trust for measurement.

ABSTRACTIn this paper we look at the implementation of the Core Root of Trust for Measurement (CRTM) from a Dell Latitude E6400 laptop. We describe how the implementation of the CRTM on this system doesn't meet the requirements set forth by either the Trusted Platform Module(TPM)PC client specification or NIST 800-155 guidance. We show how novel tick malware, a 51 byte patch to the CRTM, can replay a forged measurement to the TPM, falsely indicating that the BIOS is pristine. This attack is broadly applicable, because all CRTMs we have seen to date are rooted in mutable firmware. We also show how flea malware can survive attempts to reflash infected firmware with a clean image. To fix the untrustworthy CRTM we ported an open source "TPM-timing-based attestation" implementation from running in the Windows kernel, to running in an OEM's BIOS and SMRAM. This created a new, stronger CRTM that detects tick, flea, and other malware embedded in the BIOS. We call our system "BIOS Chronomancy", and we show that it works in a real vendor BIOS, with all the associated complexity, rather than in a simplified research environment.