Black Hat Briefings, Usa 2007 [audio] Presentations From The Security Conference.

Macs use an ultra-modern industry standard technology called EFI to handle booting. Sadly, Windows XP, and even Vista, are stuck in the 1980s with old-fashioned BIOS. But with Boot Camp, the Mac can operate smoothly in both centuries." - Quote taken from http://www.apple.com/macosx/bootcamp/ The Extensible Firmware Interface (EFI) has long been touted as the replacement for the traditional BIOS and was chosen by Apple as the pre-boot environment for Intel-based Macs. This presentation explores the security implications of EFI on firmware-based rootkits. We start by discussing the limitations of the traditional BIOS and the growing need for an extensible pre-boot environment. We also cover the key components of the EFI Framework and take a look at the fundamental design decisions affecting EFI and their consequences. Next we consider the entry points that an EFI system exposes - just how an attacker may set about getting their code into the EFI environment - taking the Apple Macbook as our reference i