Image of Android Wireless Application Development
Image of Modern Operating Systems (3rd Edition)
Image of Beginning Google Maps API 3
Image of Operating System Concepts

UEFI Utility to Read TPM 1.2 PCRs

A Trusted Platform Module (TPM) supports many security functions including a number of special registers called Platform Configuration Registers (PCRs) which can hold data in a shielded location in a manner that prevents tampering or spoofing. A PCR is a 20-byte register. which incidentally is the length of a SHA-1 (Secure Hash Algorithm) hash. Most modern TPMs have 24 or even more PCRs; older ones have 16 PCRs. The TPM 1.2 specification, developed by the Trusted Computing Group (TCG) only requires 16 PCRs. Typically PCRs are used to store measurements. Measurements can be of code, data structures, configuration, information, or

UEFI-based Windows 10 Platform - Failure to Boot Due to Missing or Corrupt BCD

I was prompted to write this post as a result of Windows 10 Professional recently attempting to do a silent update while I was waiting in an airport which I unknowingly interrupted when I powered down my UEFI-based laptop prior to boarding the plane. When I later powered on the laptop, it failed to boot and simply displayed the following message: A Boot Configuration Data (BCD) store (there can be more than one) contains boot configuration parameters which control how the operating system is started in Windows 10. First introduced in Windows Vista, these parameters were previously stored in the

Accessing TPM Functionality From UEFI Shell - Part 1

A Trusted Platform Module (TPM) is, traditionally, a hardware device (chip) designed to enable commodity computing platforms (think laptop or personal computer) to achieve greater levels of security than non-TPM equipped platform. There are over 600 million installed TPMs, mostly in high-end laptops made by Lenovo, HP, Dell, Toshiba and others. TPMs are manufactured by many chip producers including Atmel, STMicroelectronics and Toshiba. Via it’s Trusted Execution Technology (TXT), Intel now incorporates TPM functionality in many of its current processors. TPM technology is specified by the Trusted Computing Group (TCG), an industry consortium that includes Intel, Microsoft, AMD, IBM, HP,

UEFI Shell Utility to Display TPM TrEE Capabilities

With the drive towards hardening platform firmware, for example Microsoft’s Secure Boot initiative, I have decided to explore what forensic artifacts concerning TCG Trusted Platform Module (TPM) can be retrieved from the UEFI shell command line. The EFI Trusted Execution Environment (TrEE) protocol implements a subset of the TPM 2.0 library specification. Microsoft pushed the TrEE protocol due to the delay in finalizing the TCG EFI Protocol Specification Family “2.0”. As of the date of this post, this TCG specification is currently at the public review stage. This post provides the source code for a small UEFI shell utility that

List UEFI Secure Boot Certificate Contents

Now that consumer versions of Windows 8 have been released and UEFI Secure Boot-enabled systems are becoming more common, how can a user (or a developer) see what keys have been installed on their system to control what applications they can boot on their system? This post explains how to list out the contents of such keys from the UEFI Shell command line. Why UEFI Secure Boot? The answer is simple – because there are an increasing number of real-world exploits where fraudulently modified early boot code has introduced vulnerabilities into an operating system. It has lead to calls for