SmmPack: Obfuscation for SMM Modules with TPM Sealed Key

arXiv:2405.04355v1 Announce Type: new
Abstract: System Management Mode (SMM) is the highest-privileged operating mode of x86 and x86-64 processors. Through SMM exploitation, attackers can tamper with the Unified Extensible Firmware Interface (UEFI) firmware, disabling the security mechanisms implemented by the operating system and hypervisor. Vulnerabilities enabling SMM code execution are often reported as Common Vulnerabilities and Exposures (CVEs); however, no security mechanisms currently exist to prevent attackers from analyzing those vulnerabilities. To increase the cost of vulnerability analysis of SMM …

arxiv attackers can code code execution cs.cr exploitation firmware hypervisor interface key management mode modules obfuscation operating system privileged processors security system system management tpm uefi vulnerabilities x86