Intel works with Microsoft, and OEM Partners to implement hardware-based capabilities to increase security for the business PC fleet
There is growing importance of firmware security in the community. It is now becoming better understood and there are proactive efforts to find firmware vulnerabilities. Example data point is in 2017, one or more firmware vulnerability was been discovered almost daily, according to the NIST National Vulnerabilities Database. The number has grown from 400+ in 2017 to 475+ in 2018 to 680+ in 2019. The numbers are indication not only of the increased interest in this area from the security community, but also the proactive diligence by manufacturers (for example Intel Security First Pledge) and vendors to detect vulnerabilities and provide patches in a timely fashion.
Microsoft's Virtualization Based Security (VBS), a key feature of the Windows 10 OS, isolates a secure region of memory from the normal OS. This virtual secure mode (VSM) can host security solutions that increase protection from OS vulnerabilities and prevent malicious exploits. This model significantly improves software and OS security and moves the focus for the attackers to look at the firmware stack for vulnerabilities, resulting in the need for defense in depth to achieve IT security for today's businesses.
Microsoft has invested in virtualization for security on clients - again "driving hackers further down the stack," according to Dave Weston, director of enterprise and OS Security, Microsoft. "If they can't break in through the front door, they go around back to an unlocked window upstairs. Our secured-core PC initiative will provide crucial capabilities to help thwart attackers and build trustworthiness on the platform as a whole.
To add a new tool to combat threats targeted at the firmware, Microsoft has been working with various partners, including OEMs, on an initiative to design Secured-core PCs. The aim is to provide the OS a reliable way of determining the system is in a trustworthy state - without depending on firmware. The initiative revamps the boot-up sequence for Windows PCs using Dynamic Root of Trust for Measurement (DRTM). The revamped sequence detects incorrect or malicious hardware configuration by the firmware, which could allow an attacker to bypass specific controls designed to verify the integrity of the boot process, including code integrity and credential verification.
PC manufacturers together with processor and chipset providers like Intel and leading BIOS vendors provide other critical pieces. Intel, for example, has worked closely with partners to raise the bar for security, especially to protect against hardware and firmware attacks. Such solutions are critical to ensure that OS security itself can be securely established through Secure Boot and Intel® Trusted Execution Technology (TXT) - a part of the Intel vPro® platform.
The PC ecosystem has not only embraced the collaboration but also innovated to go above and beyond. The year-over-year improvements are unique to the ecosystem and help IT enterprise customers combat the increasing number of sophisticated cyberattacks. Over the last 30+ years, ecosystem innovation driven by OEMs has provided an unmatched suite of solutions to improve security for enterprise class systems.
For example, HP Sure Click provides secure application containment, which removes operating system and third-party application code from the attack surface. "HP is in a unique position to tie HP Sure Click support directly to security enforcement built into hardware," said Ian Pratt, Global Head of Commercial Security, HP Inc. "HP Sure Click is closing the door on most of the common attack vectors in widespread use today. This will naturally force the attacker to look elsewhere. Some of the areas to look for vulnerabilities as a logical next step for attackers include firmware and hardware."
"Security is fundamental to everything that we do," said Nima Baiati, global director and GM, Cybersecurity Solutions, Intelligent Devices Group, Lenovo. "Our security-by-design approach begins the moment we envision a new platform. We are continually evaluating the threat landscape and building secure endpoint solutions. Technologies like our ThinkShield® Engine enable BIOS self-healing to add a critical level of protection at the hardware level and help mitigate against firmware attacks."
"As we enter the next data decade, a modern approach to security is essential - one that intelligently and seamlessly builds security into infrastructure, platforms and devices to protect data everywhere it exists," said Brooke Huling, vice president, commercial software, Dell. "While above-OS security remains crucial, it is just as critical to protect below-OS attack surfaces as threats have morphed to now focus on the firmware and BIOS. Dell Technologies has invested heavily to ensure we can provide the most secure endpoint solutions above and below the OS. From SafeBIOS to our SafeGuard and Response, our customers are able to protect their ecosystems while working securely and confidently without interruption."
Firmware Attacks Awareness
Firmware attacks remain stubbornly hard to detect and to clean off an endpoint. Antivirus applications that run at the OS level can't access the firmware directly. And whether you reboot your system, reinstall the OS or replace the hard drive, the malware can persist.
Ongoing research has identified more than a dozen firmware threats including the LoJax and Hacking Team rootkits, the DarkMatter and Sonic Screwdriver Mac implants and the Thunderstrike and S3 boot script vulnerabilities. In some cases, these threats underlie actual attacks. In late 2018, for example, security researchers discovered that the Russian hacking group Fancy Bear, aka Strontium, had used the LoJax rootkit as part of a campaign against high-profile targets in Central and Eastern Europe, according to Business Wire.
Risk management for firmware attacks must consider the potentially devastating impacts. Although the likelihood of a firmware attack is unknown, the need for security to reduce vulnerability is clear.
Importance of Firmware Security
The firmware code coordinates hardware and software to boot up a PC, but the software can often run on different types of firmware. In addition to the main system code, PCs use separate firmware to govern each of the dozens of underlying components, from network cards to management controllers.
The PC industry's standard solution to securely start the OS, known as Secure Boot, is implemented in firmware and supported by major operating system vendors. The solution requires firmware to check the OS signature and each piece of OS software on bootup before passing execution control to that code.
Malicious attacks targeting firmware can undermine mechanisms like Secure Boot and other security functionality implemented by the hypervisor or OS. That makes it tough to identify when a system has been compromised. To best harden attack surfaces, security technologies must be rooted in hardware. For example, hardware-rooted solutions verify firmware integrity even before the first line of firmware code has executed. This verification prevents the machine from booting in a compromised state. With the changes in the threat landscape, responsibility for protection from attacks falls to the CPU and hardware manufacturers.
Being able to measure that the device booted securely is another critical piece of this additional layer of protection from firmware compromise that gives admins added confidence that their endpoints are safe. That's why Microsoft implemented Trusted Platform Module 2.0 (TPM) as one of the device requirements for Secured-core PCs. By using the Trusted Platform Module 2.0 (TPM) to measure the components that are used during the secure launch process, we help customers enable zero trust networks using System Guard runtime attestation. Conditional access policies can be implemented based on the reports provided by the System Guard attestation client running in the isolated VBS environment.
HP Sure Start is an example of a hardware rooted solution which verifies the integrity of the BIOS and other firmware before the CPU starts execution, thereby preventing the machine from booting in a compromised state. HP Sure Start will also recover BIOS and other firmware from a dedicated, and physically isolated storage device on the system board. "HP Sure Start has evolved to be the most comprehensive firmware security and resiliency solution in the industry, which has become a necessity in light of the evolving threat landscape in which attackers increasingly aim lower in the stack" said Ian Pratt, Global Head of Commercial Security, HP Inc.
Lenovo ThinkShield includes hardware-based security capabilities such as, self-healing BIOS, match-on-chip biometrics and hardware-based secure wipe capabilities. Protection and remediation below the OS are a critical component of security. Our self-healing BIOS technology means that, at boot, the BIOS is being examined and compared - securely to a trusted, golden image on hardware said Nima Baiati, global director and GM, Cybersecurity Solutions, Intelligent Devices Group, Lenovo.
Revamped boot-up hardens systems
Let's first look first at the Static Root of Trust for Measurement (SRTM). SRTM starts at reset and measures the early boot BIOS components to ensure no unauthorized firmware or software, launches before the Windows bootloader. While this is valuable, there are challenges as thousands of PC models with various BIOS versions result in a vast number of SRTM measurements at bootup. There are numerous efforts in the community, to ensure that there is careful measurement and attestation of the underlying components. Additionally, OEMs are providing year-over-year innovations to provide better BIOS and firmware security to have a strong platform foundation.
To allow for defense in depth, secured-core PCs use chips like Intel® Core™ vPro® processors with built-in Dynamic Root of Trust (DRTM). The Intel vPro platform has evolved through system hardening processes to deliver hardware-based security features for modern businesses. This capability provides a mechanism that lets the OS verify the core logic/CPU hardware security configuration and state. The mechanism is consistent across all platforms regardless of specific firmware running on that platform. Shortly after the STRM passes execution control to the OS, DRTM is used to confirm the system is in a trusted state. DRTM does that by taking control of all CPUs and forcing them down a well-known and measured code path. The launch code is no longer related to a specific hardware configuration, limiting the number of measurements required. This provides another layer of protection against firmware attacks that is completely compatible with and complementary to the SRTM approach.
Establishing trust gains efficiency
In the context of DRTM, the goal is to have a smaller trusted computing base, which is critical to establishing and maintaining its security - and part of the defense in depth. The smaller TCB allows a simpler design for the measured launch environment (MLE) that proves the software is set up as intended. Via measured launch and protected execution, Intel® TXT ensures the OS had a clean start. This is a built-in security feature of the Intel vPro® platform.
Partnership provides out-of-the-box platform and data protection
A modern PC platform should help businesses increase productivity and decrease the costs of fighting cyberthreats with a security approach that combines software and hardware to protect assets, data and infrastructure. New devices powered by the Intel vPro platform include built-in foundational hardware and firmware security capabilities that help ensure your OS runs on legitimate hardware. They provide hardware-to-software security visibility for a more complete security solution. For industries that are frequently the target of attacks - such as government, financial services and healthcare - the PC with a strong "below the OS" foundation adds an additional layer of much-needed security right out of the box.
To learn more about the Intel vPro platform visit intel.com/vPro and a complete list of Secured-Core PCs here.
Acknowledgements: Many thanks to all above mentioned partner teams for excellent feedback and advice for this article. Thanks also to Kirk Brannock, Principal Engineer at Intel, for technical content and help.
