ABSTRACT
At the time of writing this chapter, there is a presentation at the NITB conference in Amsterdam of a live BIOS exploit tool, which will allow command and control of the system on which it will be deployed (see Figure 24.1) (Hack in the Box 2014). Several other issues have also shown supply chain compromises that allowed low-level malicious rmware to be loaded on hard drives and SD cards and the NSA allegedly intercepting shipments to install custom rmware or penetrate SMM (system management mode), hardware and soware; infamously, OEMs having source code leaked with their private keys in the clear (Caudhill 2013). Without knowledge of what the static measurements should be from the OEM through the supply chain, provisioning, and implementing processes, it is no wonder there is a need to secure the hardware and gain visibility all the way up the stack.
