GOLD PARTNER: Hlavní partner: Hlavní odborný partner: UEFI, SecureBoot, DeviceGuard, TPM a WHB (un)related technologies Ing. Ondřej Ševeček GOPAS a.s. MCSM:Directory MVP:Security CISA CISM CEH CHFI ondrej@sevecek.com www.sevecek.com relevantní kurzy: GOC163 (Moderní bezpečnost), GOC169 (ISO 27001), GOC165 (CISM), GOC163 (GDPR a ZaKB)
UEFI Secure Boot Device Guard TPM WHB Hardware Virtual Machine
UEFI UEFI, SecureBoot, DeviceGuard, TPM a WHB
Unified Extensible Firmware Interface newer BIOS :-) backward compatible can be x32/x64 BIOS was 16bit better code and "drivers", bigger RAM two APIs boot services runtime services configurable from OS with a runtime service NVRAM non-volatile RAM config + OS variables accessible through runtime services from OS Hyper-V VM generations generation 1 = BIOS generation 2 = UEFI
UEFI knows its boot devices
UEFI boots from MBR and GPT disks old MBR disks (dumb jump to MBR) max 4 partitions, 2 TB sector 0 = MBR 512 bytes of code to jump into the Active partition boot sector 512+ bytes of code to find bootmgr on the partition (NTFS, FAT,...) GPT disks (understands) sector 1+ = GPT max 127 partitions, 68 000 000 000 TB with 4kB sector disks partition GUIDS and types EFI system partition (ESP) = C12A7328-F81F-11D2-BA4B-00A0C93EC93B no active partition
UEFI knows FAT32 and can read EFI system partition EFI partition FAT32 (up to 32 GB) FASTFAT if supported can boot directly bootxxxxx.efi faster and OS configurable can check digital signatures of boot files removable media CD/DVD, USB flash single UDF/CDFS/FAT32 partition up to 32 GB
Firmware variables and UEFI locks NVRAM non-volatile RAM storage accessible read/write over runtime services API locking changes must be written during boot services phase by a trusted UEFI application RunAsPPL, DeviceGuard
UEFI lock on RunAsPPL
SecureBoot UEFI, SecureBoot, DeviceGuard, TPM a WHB
SecureBoot UEFI only GPT + EFI partition checking signatures of boot components UEFI: boot sector + boot loader OS: winload, kernel, drivers, LSASS,...
SecureBoot enabled on HW (msinfo32)
SecureBoot enabled on VM (msinfo32)
SecureBoot requirements GPT + EFI disk supporting OS 8.1/2012 x64 and newer disabled CSM (compatibility support mode) plus disable any "legacy" options password protected "BIOS" OS vendor public signature verification keys (re)loaded
Enabling secure boot within "BIOS"
SecureBoot protection protects against boot code modifications does not prevent booting "rogue OS" in itself
DeviceGuard UEFI, SecureBoot, DeviceGuard, TPM a WHB
LSASS sensitive memory vulnerability NTLM Process Process Process Process Process LSASS password TGT High-Level OS Attacker
Smart card principle public storage memory PC API calls CryptoCPU Attacker PIN master PIN protected private crypt memory OS firmware ROM
LSASS sensitive memory solution NTLM TGT Process Process Process Process LSASS Secure Kernel Isolate User Mode (IUM) High-Level OS Attacker password Hypervisor vmbus trustlet
Requirements SecureBoot => UEFI ensures that the secure kernel and lsass would load untouched the secure kernel ensures that only the first interface user (lsass) can use it
(Non)Protection long-term memory credential protection does not protect BitLocker AES FVEK yet vulnerabilities can be disabled by Admins with restart remotely (without UEFI lock) can be disabled by Admins with restart attended (with UEFI lock) hardware keyloggers software keyloggers RDP + HTTP basic auth loggers SSO injections memory dumping local management
Disabling DeviceGuard with UEFI lock
TPM UEFI, SecureBoot, DeviceGuard, TPM a WHB
Used by BitLocker to store volume decryptor TPM smart cards Windows Hello for Business
Trusted Platform/Policy Module on-board smart-card or plug-in module if supported by motherboard and BIOS or VM emulated unlocked with multiple entry-key-parts UEFI NVRAM hash boot sector hash boot loader hash,... +PIN possibly owner password for privileged operations clear, export,...
VM emulated TPM vs. hardware based
VM TPM emulation does not require physical TPM on the host data stored encrypted in the VM configuration file encrypted with HgsGuardian either local or remote if configured
TPM ownership always some password present maybe not known to us :-) OS can store owner password None Delegated binary blob only (not easily remembered) newer applications support only Full plain-text password any application support reset ownership password always possible must clear the TPM requires physical presence (BIOS instead of UEFI application)
TPM owner information in registry HKLM\System\CurrentControlSet\Service\TPM\WMI\Admin
TPM state and owner authorization in PowerShell Get-TPM
Clearing TPM without owner password
TPM virtual smart-cards smart-card logon Kerberos PKINIT enterprise PKI + client certificates change PIN with CTRL-ALT-DEL PIN length policy binds user identity to the machine
Provisioning TPM virtual smart card tpmvscmgr.exe create /name "useradlogon" /AdminKey PROMPT /PIN prompt /generate /pinpolicy minlen 4 # AdminKey: 48 hexa-digits (0-9,A-F) # PIN: 8 any-characters by default certutil csplist # Microsoft Smart Card Key Storage Provider certutil scinfo tpmvscmgr destroy /instance root\smartcardreader\0000 # if unknown, use Device Manager for lookup
Looking up virtual smart card device in devmgmt.msc
Attestation AD CS can require hardware attestations for issued certificates certificate request is signed by a TPM internal private key public verification key imported into CA manual enrollment by a RA registration authority? autoenrollment into defined device with attestation
Windows Hello for Business UEFI, SecureBoot, DeviceGuard, TPM a WHB
What? Convenience PIN store password on the disk, protected with a simpler PIN Windows Hello store password on the disk, protected with a thumbprint or anything payed within Office365 Windows Hello for Business smart card logon mapped from anything
Multiple-multifactor-biometric authentication maps to Kerberos PKINIT smart-card logon credentials stored locally in TPM or in software better then fingerprint-readers,... AD user, AAD user,... shadow account in Active Directory
Requires Device Registration with ADFS
Enabled with Group Policy
Nice to have UEFI GPT disks NVRAM variable locking SecureBoot signed boot components requires UEFI DeviceGuard isolated credential storage (secure kernel) requires SecureBoot TPM stores BitLocker keys provides virtual smart cards provides WHB UEFI Secure Boot Device Guard TPM WHB Hardware Virtual Machine
GOLD PARTNER: Hlavní partner: Hlavní odborný partner: UEFI, SecureBoot, DeviceGuard, TPM a WHB Ing. Ondřej Ševeček GOPAS a.s. MCSM:Directory MVP:Security CISA CISM CEH CHFI ondrej@sevecek.com www.sevecek.com relevantní kurzy: GOC163 (Moderní bezpečnost), GOC169 (ISO 27001), GOC165 (CISM), GOC163 (GDPR a ZaKB)