13. @CSICyberSEED
It’s turtles all the way down!
A well-known scientist (some say it was Bertrand Russel) once gave a public lecture on
astronomy. He described how the earth orbits around the sun and how the sun, in turn, orbits
around the center of a vast collection of stars called our galaxy. At the end of the lecture, a little
old lady at the back of the room got up and said:
"What you have told us is rubbish. The world is really a flat
plate supported on the back of a giant tortoise."
The scientist gave a superior smile before replying,
"What is the tortoise standing on?"
"You're very clever, young man, very clever," said the old lady.
"But it's turtles all the way down!"
— Hawking, A Brief History of Time
15. @CSICyberSEED
But why stop there?
System Management Mode
Dual-monitor mode Hypervisor
SMM
VM
No nested hypervisor in SMM
The real root hypervisor with
reference implementation
available!
Only OEM access on most hw
16. @CSICyberSEED
There is more!
SMM Hypervisor
SMM
VM
Intel Management
Engine
No reference implementation
No documentation
Only Intel has access
17. @CSICyberSEED
The bottom line
• Adding layers doesn’t solve the problem
• Only increases the cost of breaking through
• Building cross-layer tools is hard
• That’s the whole point
• Barrier erodes with time
18. @CSICyberSEED
What’s the catch?
• Keeping lower layers as small as possible
• More code = more attack surface
• Users should have the ability to inspect these layers
• Lower the layer the fewer folks have insight/access
• Isn’t that the perfect setup for DRM?
• It may be about security - but not necessarily yours!