Previously, we discovered a number of vulnerabilities in UEFI based
firmware including software vulnerabilities in SMI handlers that could
lead to SMM code execution, attacks on hypervisors like Xen, Hyper-V and
bypassing modern security protections in Windows 10 such as Virtual
Secure Mode with Credential and Device Guard. These issues led to
changes in the way OS communicates with SMM on UEFI based systems and
new Windows SMM Security Mitigations ACPI Table (WSMT).This research describes an entirely new class of vulnerabilities
affecting SMI handlers on systems with Coreboot and UEFI based firmware.
These issues are caused by incorrect trust assumptions between the
firmware and underlying hardware which makes them applicable to any type
of system firmware. We will describe impact and various mitigation
techniques. We will also release a module for open source CHIPSEC
framework to automatically detect this type of issues on a running system.