![]() The one I started to look at was LenovoSetupSecurityDxe since this driver appears to concentrate most of the code which allows to set and remove passwords using the user interface. A few drivers in the firmware were containing reference to strings "passwords". Lenovo ThinkPad firmware proposes several kinds of passwords, initially the one I was interested in was the one protecting the BIOS settings interface. No vulnerability has been identified (yet) in the management of those passwords, but without further ado let's get started. We will start by looking at how the reverse was started and the different kinds of passwords in the firmware, before having a more in depth look at two of them: the Power-On Password and the Bios Passwords. In this blogpost the goal is to explain how I started looking at the Lenovo password. The handling of passwords is specific to each constructor, which means the code explained here is specific to Lenovo and more precisely to a few ThinkPad (this is mostly common to three different ThinkPad versions, so most of this will probably stay the same). ![]() A few publications exist 1 2 3, but I was interested to look at it from a software point of view and was not actually sure it was the same implementation (in practice it is the same). At that time I got curious about how the UEFI passwords, which in particular are used to protect the BIOS interface, are handled. In my last blogpost I spoke about a vulnerability in the System Management Mode (SMM) code of my Lenovo ThinkPad.
0 Comments
Leave a Reply. |