Attacking And - Defending Bios

: Using Graphics aperture Direct Memory Access (DMA), attackers can sometimes bypass memory protections to perform live analysis of SMM code that should otherwise be isolated. Defending the Root of Trust

: Defenders use scripts and hardware registers (like the BIOS_CNTL register) to ensure BIOS hardware write-protection is enabled, preventing unauthorized flashing. Attacking and Defending BIOS

: Modern systems use Intel Boot Guard or AMD Hardware-Validated Boot to verify the digital signature of the BIOS before execution. Secure Boot then extends this verification to the OS loader. : Using Graphics aperture Direct Memory Access (DMA),

: Non-volatile storage (NVRAM) variables can sometimes be manipulated to bypass passwords or alter the Secure Boot policy. Tools like UEFI Tool and Universal-IFR-Extractor are used to reverse-engineer these modules and identify sensitive offsets. Secure Boot then extends this verification to the OS loader

: When a system "wakes up" from sleep (S3 state), it relies on a boot script to restore hardware configurations. Researchers have demonstrated that if these scripts are stored in unprotected memory (ACPI NVS), an attacker with OS-level access can modify them to execute arbitrary code before the OS kernel even re-initializes.

: Reducing the attack surface is critical. Platforms like DECAF perform "dynamic surgery" on UEFI binaries to remove unnecessary code without affecting performance, effectively hardening the firmware.