oss-sec mailing list archives
Re: Microsoft Device Firmware Configuration Interface (DFCI) in Linux efivars directory
From: Jacob Bachmeyer <jcb62281 () gmail com>
Date: Sat, 11 May 2024 21:44:17 -0500
Corey Lopez wrote:
I have dual boot Windows 11 Home Edition and Debian based setup on my laptop.
Distributor ID: Kali
Description: Kali GNU/Linux Rolling
Release: 2024.1
Codename: kali-rolling
After realizing a security breach on my Kali system I discovered /etc/network/interface
had the immutable attribute set while trying to restrict access using chmod. I decided to
investigate other files on my system with the immutable attribute set by running this
command as root:
# find / -type f -exec lsattr {} + 2>/dev/null > immutable-list-find.txt
This led me the directory /sys/firmware/efi/efivars/ where I discovered efi variables
pertaining Microsoft's Device Firmware Configuration Interface (DFCI).
Were the EFI variables marked immutable or did you make a list of every file on the system and notice them on that list?
Microsoft's DFCI enables zero touch remote configuration of UEFI BIOS giving the ability to manage BIOS settings and hardware. The DFCI allows for remote disabling or enabling of cameras, microphones, radios, boot external media, bootstrapping an OS, cpu virtualization, and I/O virtualization. According to Microsoft's github page, the zero touch certificate is shared by all DFCI-enabled systems and does not need to be injected at manufacturing. Microsoft advertises DFCI as a defense mechanism against rootkits, however it seems that it is being used as a UEFI bootkit. According to Microsoft DFCI is not available for Windows 10 or 11 Home Edition. My Acer Aspire 3 15 has Windows 11 Home Edition, and was purchased as a consumer product versus a commercial. This means that not only is there a capability that DFCI can be implemented on a consumer product, but through a Linux based operating system.
I will admit that this seems strange, but it appears that your laptop has firmware support for DFCI even though, by Microsoft's claims, it should not be eligible for that feature.
I will provide the ASCII output of each file that I found on my Kali Linux system from the /sys/firmware/efi/efivars/ directory. I will not provide the entire hexdump output to save space.However, I will provide more if requested after my initial posting.[... snip ASCII columns from hex dump; reformatted below ...]
For a first step, I note that those EFI variables appear to contain XML, and have (using ` sed -e '/^|/{: L;/|$/N;s/|\n|//;t L}' | sed -e '/|$/{N;N;s/\(.\{16\}\)|\n\*\n|/\1\1/}' -e 's/^|\.\.\.\.//' -e 's/\.|\n/\n/' -e 's/\.|$//' | awk '/^<\?xml/ { print | "xml_pp"; close("xml_pp"); next } 1' `) converted that back to readable ASCII, with the XML nicely pretty-printed; attached in full, some possibly interesting details inline below:
File Name: DfciPermissionCurrent-3a9777ea-0d9f-4b65-9ef3-7caa7c41994b ASCII Output: <?xml version="1.0" encoding="utf-8"?> <CurrentPermissionsPacket Default="1" Delegated="128"> <Date>2024-01-30T13:51:08</Date> [...] <LSV>0</LSV> </CurrentPermissionsPacket>
The "Date" field is potentially interesting if you had the laptop at that time, but if the laptop is newer than that date, it and the other dates are likely manufacturing-related timestamps.
File Name: DfciSettingsCurrent-d41c8c24-3f5e-4ef4-8fdd-073e1866cd01 ASCII Output: <?xml version="1.0" encoding="utf-8"?> <CurrentSettingsPacket> <Date>2024-01-30T13:51:34</Date>
The dates are close together; did you have that laptop prior to January 30th, 2024?
<Settings>
[...]
<SettingCurrent>
<Id>Device.Password.Password</Id>
<Value>No System Password</Value>
</SettingCurrent>
I could not pass up this apparent detail that it seems Microsoft may be putting passwords in plaintext again, unless that field merely reports a status.
<SettingCurrent>
<Id>Dfci.RecoveryUrl.String</Id>
<Value/>
</SettingCurrent>
This and several following fields all have no value whatsoever, while others seem to me to have neutral values; this looks like DFCI is present but unconfigured.
[...]
</Settings>
<LSV>0</LSV>
</CurrentSettingsPacket>
File Name: UEFISettingsCurrent-d41c8c24-3f5e-4ef4-8fdd-073e1866cd01
ASCII Output:
<?xml version="1.0" encoding="utf-8"?>
<CurrentSettingsPacket>
<Date>2024-01-30T13:51:34</Date>
<Settings>
[... snip apparent duplicate settings ...]
</Settings>
<LSV>0</LSV>
</CurrentSettingsPacket
The date here matches the date on the DfciSettingsCurrent variable.
I did discover loop devices on my system that I could not remove with the losetup command. I had to manually remove them with the rm -f command from the /dev/disks directory.
Using rm does not remove the devices at all: they are still present in the kernel, and you only removed the nodes from the filesystem.
Also, I ran the lsof command, which helped me discover the type of file systems that were being used. This prompted me to use apt purge to remove Gnome Virtual File System from my laptop.# lsof /dev/loop* I received this in response: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs can't stat() fuse.portal file system /run/user/1000/doc
Others have explained this weirdness; it is actually normal functionality, except possibly for loop devices having been in use. Just to make sure, you did run lsof *before* using rm, right?
This should be enough to give others places to look to determine if they have been infected, however I will be more than happy to provide more if needed.
See if the mystery loop devices come back after a reboot, and if so, use losetup to determine what files they are attached to; that information is needed to distinguish between normal operation and a possible persistent compromise. Also, I vaguely remember that attempting to detach a loop device that is not attached can also report an error. They may not actually be in use after all.
-- Jacob
File Name: DfciDeviceIdentifier-4123a1a9-6f50-4b58-9c3d-56fc24c6c89e
ASCII output:
<?xml version="1.0" encoding="utf-8"?>
<UEFIDeviceIdentifierPacket>
<Identifiers>
<Identifier>
<Id>Manufacturer</Id>
<Value>Acer</Value>
</Identifier>
<Identifier>
<Id>Product Name</Id>
<Value>Aspire A315-44P</Value>
</Identifier>
<Identifier>
<Id>Serial Number</Id>
<Value>NXKSJAA0044050439E3400</Value>
</Identifier>
</Identifiers>
<DfciVersion>2</DfciVersion>
</UEFIDeviceIdentifierPacket>
File Name: DfciIdentityCurrent-de6a8726-05df-43ce-b600-92bd5d286cfd
(NOTE: something that stood out to me is the
Zero Touch ID: 0989C5F7EA3379388F79990875B23E031A5DA554)
ASCII Output:
<?xml version="1.0" encoding="utf-8"?>
<UEFIIdentityCurrentPacket>
<Certificates>
<Certificate>
<Id>User</Id>
<Value>Cert not installed</Value>
</Certificate>
<Certificate>
<Id>User1</Id>
<Value>Cert not installed</Value>
</Certificate>
<Certificate>
<Id>User2</Id>
<Value>Cert not installed</Value>
</Certificate>
<Certificate>
<Id>Owner</Id>
<Value>Cert not installed</Value>
</Certificate>
<Certificate>
<Id>ZeroTouch</Id>
<Value>0989C5F7EA3379388F79990875B23E031A5DA554</Value>
</Certificate>
</Certificates>
</UEFIIdentityCurrentPacket>
File Name: DfciPermissionCurrent-3a9777ea-0d9f-4b65-9ef3-7caa7c41994b
ASCII Output:
<?xml version="1.0" encoding="utf-8"?>
<CurrentPermissionsPacket Default="1" Delegated="128">
<Date>2024-01-30T13:51:08</Date>
<Permissions>
<PermissionCurrent>
<Id>Dfci.OwnerKey.Enum</Id>
<PMask>9</PMask>
<DMask>128</DMask>
</PermissionCurrent>
<PermissionCurrent>
<Id>Dfci.ZtdKey.Enum</Id>
<PMask>1</PMask>
</PermissionCurrent>
<PermissionCurrent>
<Id>Dfci.ZtdUnenroll.Enable</Id>
<PMask>0</PMask>
</PermissionCurrent>
<PermissionCurrent>
<Id>Dfci.Ztd.Recovery.Enable</Id>
<PMask>0</PMask>
</PermissionCurrent>
</Permissions>
<LSV>0</LSV>
</CurrentPermissionsPacket>
File Name: DfciSettingsCurrent-d41c8c24-3f5e-4ef4-8fdd-073e1866cd01
ASCII Output:
<?xml version="1.0" encoding="utf-8"?>
<CurrentSettingsPacket>
<Date>2024-01-30T13:51:34</Date>
<Settings>
<SettingCurrent>
<Id>Device.BootOrderLock.Enable</Id>
<Value>Disabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Device.USBBoot.Enable</Id>
<Value>Enabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.BootOnboardNetwork.Enable</Id>
<Value>Disabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Device.Password.Password</Id>
<Value>No System Password</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.RecoveryUrl.String</Id>
<Value/>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.RecoveryBootstrapUrl.String</Id>
<Value/>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.HttpsCert.Binary</Id>
<Value/>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.RegistrationId.String</Id>
<Value/>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.TenantId.String</Id>
<Value/>
</SettingCurrent>
<SettingCurrent>
<Id>MDM.FriendlyName.String</Id>
<Value/>
</SettingCurrent>
<SettingCurrent>
<Id>MDM.TenantName.String</Id>
<Value/>
</SettingCurrent>
<SettingCurrent>
<Id>Device.CpuAndIoVirtualization.Enable</Id>
<Value>Enabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci3.OnboardWpbt.Enable</Id>
<Value>Enabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci3.AssetTag.String</Id>
<Value/>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.OnboardAudio.Enable</Id>
<Value>Enabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.OnboardRadios.Enable</Id>
<Value>Enabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Device.IRCamera.Enable</Id>
<Value>Disabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Device.FrontCamera.Enable</Id>
<Value>Disabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Device.RearCamera.Enable</Id>
<Value>Disabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci3.ProcessorSMT.Enable</Id>
<Value>Disabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.CpuAndIoVirtualization.Enable</Id>
<Value>Disabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.BootExternalMedia.Enable</Id>
<Value>Enabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.OnboardCameras.Enable</Id>
<Value>Unknown</Value>
</SettingCurrent>
</Settings>
<LSV>0</LSV>
</CurrentSettingsPacket>
File Name: UEFISettingsCurrent-d41c8c24-3f5e-4ef4-8fdd-073e1866cd01
ASCII Output:
<?xml version="1.0" encoding="utf-8"?>
<CurrentSettingsPacket>
<Date>2024-01-30T13:51:34</Date>
<Settings>
<SettingCurrent>
<Id>Device.BootOrderLock.Enable</Id>
<Value>Disabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Device.USBBoot.Enable</Id>
<Value>Enabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.BootOnboardNetwork.Enable</Id>
<Value>Disabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Device.Password.Password</Id>
<Value>No System Password</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.RecoveryUrl.String</Id>
<Value/>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.RecoveryBootstrapUrl.String</Id>
<Value/>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.HttpsCert.Binary</Id>
<Value/>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.RegistrationId.String</Id>
<Value/>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.TenantId.String</Id>
<Value/>
</SettingCurrent>
<SettingCurrent>
<Id>MDM.FriendlyName.String</Id>
<Value/>
</SettingCurrent>
<SettingCurrent>
<Id>MDM.TenantName.String</Id>
<Value/>
</SettingCurrent>
<SettingCurrent>
<Id>Device.CpuAndIoVirtualization.Enable</Id>
<Value>Enabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci3.OnboardWpbt.Enable</Id>
<Value>Enabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci3.AssetTag.String</Id>
<Value/>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.OnboardAudio.Enable</Id>
<Value>Enabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.OnboardRadios.Enable</Id>
<Value>Enabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Device.IRCamera.Enable</Id>
<Value>Disabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Device.FrontCamera.Enable</Id>
<Value>Disabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Device.RearCamera.Enable</Id>
<Value>Disabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci3.ProcessorSMT.Enable</Id>
<Value>Disabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.CpuAndIoVirtualization.Enable</Id>
<Value>Disabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.BootExternalMedia.Enable</Id>
<Value>Enabled</Value>
</SettingCurrent>
<SettingCurrent>
<Id>Dfci.OnboardCameras.Enable</Id>
<Value>Unknown</Value>
</SettingCurrent>
</Settings>
<LSV>0</LSV>
</CurrentSettingsPacket>
Current thread:
- Microsoft Device Firmware Configuration Interface (DFCI) in Linux efivars directory Corey Lopez (May 11)
- Re: Microsoft Device Firmware Configuration Interface (DFCI) in Linux efivars directory Solar Designer (May 11)
- Re: Microsoft Device Firmware Configuration Interface (DFCI) in Linux efivars directory Jacob Bachmeyer (May 13)
- Re: lsof "can't stat() fuse.${name} filesystem /run/user/1000/${dir}" Simon McVittie (May 11)
- Re: Microsoft Device Firmware Configuration Interface (DFCI) in Linux efivars directory Jacob Bachmeyer (May 13)
- Re: Microsoft Device Firmware Configuration Interface (DFCI) in Linux efivars directory Solar Designer (May 11)