We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
Delving Deep into Reverse Engineering of UEFI Firmwares via Human Interface Infrastructure.
- Authors
Chen, Siyi; Tan, Yu-An; Qiu, Kefan; Zhang, Zheng; Li, Yuanzhang; Zhang, Quanxin
- Abstract
The Unified Extensible Firmware Interface (UEFI) provides a specification of the software interface between an OS and its underlying platform firmware. UEFI UI is an interactive interface that allows users to configure and manage UEFI settings, which is closely related to HII (Human Interface Infrastructure). In practice, HII provides a mechanism that allows developers to create UI elements with HII-related protocols. In this paper, we provide a comprehensive analysis of the UEFI combined with a case study. We proposed a protocol-centered static analysis method to obtain UEFI's password policy, using HII-related protocols to find password implementation. Existing static analyses are ineffective in detecting such password policy in stripped UEFI firmware images. By reverse-engineering the IFR (Internal Forms Representation) in HII, we located where much sensitive information is stored. Lastly, we studied hardware port configurations, using Secure Boot as a case in point. We analyzed how UEFI uses the HII protocol to set relevant information in the UEFI UI. This paper is the first to offer a reverse-engineering systematic analysis of exploring UEFI via HII, providing valuable insights into its structure and potential enhancements for firmware security.
- Subjects
REVERSE engineering; HUMAN beings
- Publication
Electronics (2079-9292), 2023, Vol 12, Issue 22, p4601
- ISSN
2079-9292
- Publication type
Article
- DOI
10.3390/electronics12224601