Modern laptops and servers are comprised of dozens, and often up to 100 or more underlying components that are essential to the function of the device. The system and these components all depend on firmware that not only governs how each individual component functions but can also undermine the overall integrity of the system and the security of its data. Threats at this firmware level can provide an attacker with complete control over a victim system, while easily avoiding higher level security that run at the operating system level.
This resource provides an introduction to the extensive firmware attack surface that lies within devices today. While by no means exhaustive, we offer an introduction to some of the major categories of components commonly found in laptops and servers today, along with how they can be used and abused in the context of an attack, along with real-world examples and threats and vulnerabilities.
UEFI, Mac EFI, BIOS, and SMM
Processor and Chipset
PCIe and Thunderbolt Devices
Baseboard Management Controllers
Intel Security & Management Engine
Network Interface Cards
Trusted Platform Module
Bootloaders and Master Boot Record
Network Device Firmware
Other Critical Firmware