1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
# HP Sure Start
According to the [HP Sure Start Technical Whitepaper], HP Sure Start is a chipset
and processor independent firmware intrusion detection and automatic repair system.
It is implemented in HP notebooks since 2013, and desktops since 2015.
This document talks about some mechanism of HP Sure Start on some machines, and
the method to bypass it.
## Laptops with SMSC MEC1322 embedded controller
Haswell EliteBook and ProBook 600 series use SMSC MEC1322 as their embedded controller.
The EC firmware implements HP Sure Start. A Haswell EliteBook has two flash chips.
According to the strings in the EC firmware, the 16MB flash chip that stores the
BIOS firmware is called the *system flash*, and the 2MB flash chip that stores part
of the system flash content is called the *private flash*.
The private flash is connected to the EC, and is not accessible by the OS.
It contains the following:
- HP Sure Start policy header (starting with the string "POLI")
- A copy of the Intel Flash Descriptor
- A copy of the GbE firmware
- Machine Unique Data (MUD)
- Hashes of the IFD, GbE firmware and MUD, the hash algorithm is unknown
- A copy of the bootblock, UEFI PEI stage, and microcode
If the IFD of the system flash does not match the hash in the private flash, for example,
modifying the IFD with ``ifdtool -u`` or ``me_cleaner -S``, the EC will recover the IFD.
If the content of the private flash is lost. The EC firmware will still copy the IFD,
bootblock and PEI to the private flash. However, the IFD is not protected after that.
HP Sure Start also verifies the bootblock and PEI without using the private flash.
EC firmware reads the PEI from an absolute address of the system flash chip, which is
hardcoded in the EC firmware. It looks like this verification is done with a digital
signature. If the PEI volume is modified, EC firmware will recover it using the copy
in the private flash. If the private flash has no valid copies of the PEI volume, and
the PEI volume is modified, the machine will refuse to boot with the CapsLock LED blinking.
## Bypassing HP Sure Start
First search the mainboard for the flash chips. If there are two flash chips, then the
smaller one may be the private flash.
For Intel boards, try to modify the IFD with ``ifdtool -u``, power on and shut down
the machine, then read the flash again. If the IFD is not modified, it is likely to
be recovered from the private flash. Find the private flash and erase it, then the IFD
can be modified.
To bypass the bootblock and PEI verification, we can modify the IFD to make the
BIOS region not overlap with the protected region. Since the EC firmware is usually
located at the high address of the flash chip (and in the protected region),
we can leave it untouched, and do not need to extract the EC firmware to put it in
the coreboot image.
[HP Sure Start Technical Whitepaper]: http://h10032.www1.hp.com/ctg/Manual/c05163901
|
