Alexander Ermolov

Untrusted Roots: exploiting vulnerabilities in Intel ACMs


Targeting better x86 platform security Intel have created a hardware-based firmware protection mechanisms: TXT, BIOS Guard, Boot Guard and SGX. Since there's nothing to trust at the runtime, these protections rely on a hardware boundaries set up in a manufacturing environment. This introduces only two Roots of Trusts - Intel Management Engine ROM and Intel CPU ROM (Microcode). The latter one in turn loads and executes different Intel Authenticated Code Modules (ACMs) - a special signed binaries, each provides a core of implementation and trust for one of the above mentioned technologies. Obviously, a security issue in ACM could lead to compromising the protection technology it supports.


Alexander ErmolovĀ is a firmware security researcher, whose natural habitat is a sea of undocumented technologies. Consumes bugs and architectural flaws.