Defense in Depth Against Exploits on 11th Gen Intel® Core™ Processors
May 28, 2021
Firmware is the new frontier for platform security. It is safe to say that if your firmware is compromised, then your platform is compromised. The firmware sets up and maintains the platform’s hardware security capabilities and hands off control to the operating system securely.
In this paper, we look at a few ways you can use Insyde Software’s UEFI firmware and the Intel® System Resource Defense feature of the Intel Runtime BIOS Protection found in the 11th Gen Intel® Core™ Processor (codename Tiger Lake) when the firmware has been compromised. Either an attacker’s unauthorized code is executing in the firmware or authorized code in the firmware is executing badly under the attacker’s control. How can the user or IT administrator limit the damage and respond?
First, we’ll look at two types of firmware attacks that are a serious threat to computing platforms today. Second, we’ll look at how the defense-in-depth strategy deals with these attacks. Third, we’ll show how 11th Gen Intel Core Processors and Insyde’s InsydeH2O firmware are uniquely equipped to help end-users and IT administrators thwart these attacks.