BitLocker Header

 

Soon after research was released that BitLocker drives could be decrypted using SSD hardware encryption flaws, Microsoft  released a support bulletin describing how to protect BitLocker from 1394 & Thunderbolt DMA attacks.

 

1394 and Thunderbolt devices are capable of Direct Memory Access, or DMA, which unless restricted, allows these devices to read and write to the entire system memory of the computer without utilizing the computer's processor. 

 

When a BitLocker protected device is unlocked, the encryption key is stored in the computer's memory. Attackers can then plug a specially crafted 1394 or Thunderbolt device into an BitLocker protected computer's external port so that it can search the memory for the encryption key and steal it. 

 

In the newly released support document, Microsoft outlines various ways that Windows 10 users can protect themselves from these types of attacks. This includes utilizing the Kernel DMA Protection feature built into Windows 10 1803 if available. For those whose hardware does not support this feature, Microsoft has provided other methods that can be used to mitigate DMA attacks.

 

"For Windows version 1803 and later versions, if your platform supports the new Kernel DMA Protection feature, we recommend that you leverage that feature to mitigate Thunderbolt DMA attacks," stated Microsoft's support document. "For earlier versions of Windows or platforms that lack the new Kernel DMA Protection feature, if your organization allows for TPM-only protectors or supports computers in sleep mode, the following is one DMA mitigation option."

Windows 10 1803 Kernel DMA Protection 

With the release of Windows 10 build 1803, Microsoft added a new feature called Kernel DMA Protection that blocks Thunderbolt 3 connected devices from performing system wide Direct Memory Access unless certain conditions are met.

 

When a Thunderbolt 3 device is plugged into a computer that utilizes Kernel DMA Protection, the Windows feature will check if the device's driver supports memory isolation, such as DMA-remapping. DMA-remapping is when a region of isolated memory is assigned to the device to be used to communicate with the operating system. This prevents the DMA-capable device from accessing other regions of memory and to steal the data contained in them.

 

If a device's driver supports memory isolation, Windows will allow the device to start and perform DMA to their isolated regions of memory. For devices whose drivers do not support memory isolation, Windows will block their DMA access until the user logs into the system or unlocks their screen.

Flow chart of Kernel DMA Protection when a device is inserted
Flow chart of Kernel DMA Protection when a device is inserted (Source: Microsoft)

For devices that do not support DMA-remapping at all, Windows will block them from starting if they are plugged in before the user has logged into Windows or if the screen is locked.  Once the users logs in or unlocks the screen, Windows will start the driver and allow the device to have DMA access.

 

Kernel DMA Protection is only available with Windows 10 Build 1803 and newer versions and requires new UEFI firmware. Windows users can learn more about how to check if their computer's support Kernel DMA Protection here.

Mitigation for devices that do not support Kernel DMA Protection

If your computer does not support Kernel DMA Protection or is an older version of Windows, Microsoft states that you can disable the SBP-2 1394 driver and the 1394 and Thunderbolt controllers in Windows.

 

If you do not use Thunderbolt or 1394 devices, then disabling these controllers will have no effect on the operation of the computer. On the other hand, for those who do use these types of devices, disabling the controller will prevent you from using devices that are plugged into the disabled ports.

 

If the hardware does not follow current Windows Engineering Guidance, though, the device may still be able to use DMA on the 1394 or Thunderbolt ports before Windows can take control and disable them. This could allow these types of devices to have access to system memory for a brief period of time during boot up.

 

"If your hardware deviates from current Windows Engineering Guidance, it may enable DMA on these ports after you start the computer and before Windows takes control of the hardware. This opens your system to compromise, and this condition is not mitigated by this workaround. "

 

The exact Plug and Play device IDs needed to disable these controllers can be found in the support document with further information on how to disable them.

 

For those who want to read more about how to secure BitLocker, Microsoft recommends the following articles:

 

BitLocker vulnerable to SSD hardware encryption vulnerabilities

 

BitLocker has been receiving quite a bit of attention this week due to the recently released research on flaws in SSD hardware encryption. This is because BitLocker will default to using hardware encryption if installed on SSD drives that support it and can be bypassed using the same flaws.

 

Due to this, it is recommended that you disable the use of hardware encryption with BitLocker and force it to use software encryption instead. Hardware encryption can be disabled by setting the "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Configure use of hardware-based encryption for operating system drives" group policy to disabled.

 

This same policy is also available for removable and fixed data drives.

 

It should be noted that in order for this to work, BitLocker needs to be disabled on the drives so that they are decrypted, the policies enabled, and then encrypted again using software encryption.

 

Source