BIOS Invasion

With the advent of System On Chip (SoC), chip referring to North Bridge has merged to CPU and South Bridge has been replaced by Platform Control Hub (PCH) architecture. The PCH provides an interface to LPC bus that is connected to boot ROM. For LPC Interface PCI register address map corresponding to offset of DC h a register BIOS_CNTL is located. Bits 0 and 1 of this register define and control how to write to boot ROM.
According to Corey Kallenberg of The MITRE Corporation:
"When the BIOS_CNTL.BIOSWE bit is set to 1, the BIOS is made writable. Also contained with the BIOS_CNTL register is the BIOS_CNTL.s("BIOS Lock Enable"). When BIOS_CNTL.BLE is set to 1, attempts to write enable the BIOS by setting BIOS_CNTL.BIOSWE to 1 will immediately generate a System Management Interrupt (SMI). It is the job of this SMI to determine whether or not it is permissible to write enable to the BIOS, and if not, immediately set BIOS_CNTL.BIOSWE back to 0; the end result being that the BIOS is not writable."
But the time span between 'BIOSWE' been set and reset can be used by an attacker to overwrite the code in boot ROM.
** Image courtesy Intel Datasheet.
Rate this article: 
Average: 2.3 (3 votes)
Article category: