A Tour Beyond BIOS - Memory Protection in UEFI BIOS

DRAFT [12/15/2020 07:19:57]

Revision 1.0

Executive Summary

Introduction

Data execution protection (DEP) is intended to prevent an application or service from executing code from a non-executable memory region. This helps prevent certain exploits that store code via a buffer overflow. [WindowsHeap] shows 4 of 7 exploitation techniques that can be mitigated by DEP and ASLR (Address Space Layout Randomization). [DEP] also shows 14 of 19 exploits from popular exploit kits that fail with DEP enabled. Besides Windows, the Unix/Linux community also has similar non-executable protection [PaX].

In the white paper [MemMap], we discussed DEP and the limitation of enabling DEP in UEFI firmware. In [SecurityEnhancement], we only discussed the DEP for protecting the stack and setting the not-present page for detecting NULL address accesses and as the guard page. In this document we will have a more comprehensive discussion of the DEP adoption in the current UEFI firmware to harden the pre-boot phase.

A Tour Beyond BIOS - Memory Protection in UEFI BIOS DRAFT [12/15/2020 07:19:57] Revision 1.0

Executive Summary

Introduction

A Tour Beyond BIOS - Memory Protection in UEFI BIOS DRAFT [12/15/2020 07:19:57] Revision 1.0

A Tour Beyond BIOS - Memory Protection in UEFI BIOS

DRAFT [12/15/2020 07:19:57]

Revision 1.0

A Tour Beyond BIOS - Memory Protection in UEFI BIOS

DRAFT [12/15/2020 07:19:57]

Revision 1.0