Uncategorized

October 7-9, Berlin: coreboot.berlin event!

On the coreboot-announce list, Peter Stuge just announced the coreboot.berlin event happening NEXT WEEKEND, October 7-9:

SHORT NOTICE: coreboot.berlin next weekend, Oct. 7-9
Hello all, I’m happy to *finally* have the information and registration page online:
https://coreboot.berlin/
Yes, it’s very late, but I hope that we will still be a good number of people meeting up next weekend. Quick feedback helps me make sure that everyone will get food. If you are interested in attending, but unable to register at the Community Registration Fee cost then please get in touch with me, so that we can try to work something out. Thank you very much, and hope to see you in Berlin on the 7:th!

https://www.coreboot.org/pipermail/coreboot-announce/2016-September/000023.html

https://coreboot.berlin/

Standard
Uncategorized

More info on Microsoft BIOS to UEFI feature

Earlier I saw some brief information about some “BIOS to UEFI” feature that Microsoft was adding to some product of theirs, but had no idea what it was about. Here is a bit more information on the System Center feature:

Microsoft working on a “BIOS to UEFI feature” ?

“Improvements for BIOS to UEFI conversion

You can now customize an operating system deployment task sequence with a new variable, TSUEFIDrive, so that the Restart Computer step will prepare a FAT32 partition on the hard drive for transition to UEFI. The following procedure provides an example of how you can create task sequence steps to prepare the hard drive for the BIOS to UEFI conversion.

https://technet.microsoft.com/library/mt772349(TechNet.10).aspx#Improvements-for-BIOS-to-UEFI-conversion

Standard
Uncategorized

Linaro Connect

ARM’s Linaro Connect is happening. Click on their web page for live streaming.
In addition to all of the ARM topics, Brian Richardson, an Intel evangelist will be speaking about UEFI at this event.🙂

 

Linaro Connect LAS16

Standard
Uncategorized

new CHIPSEC test for Xen XSA-188

Proof-of-concept module for Xen XSA-188 (https://xenbits.xen.org/xsa/advisory-188.html)
CVE-2016-7154: “use after free in FIFO event channel code”
Discovered by Mikhail Gorobets
This module triggers host crash on vulnerable Xen 4.4
Usage:
“chipsec_main.py -m tools.vmm.xen.xsa188“

https://github.com/chipsec/chipsec/blob/master/source/tool/chipsec/modules/tools/vmm/xen/xsa188.py

Standard
Uncategorized

Anders Fogh on finding covert channels in SMT

Covert Shotgun: Automatically finding SMT covert channels:
In my last blog post I found two covert channels in my Broadwell CPU. This blog post will again be about covert channels. For those unfamiliar a covert channel is a side channel where the attacker has an implant in the victim context and uses his channel to “smuggle information” in and out of the victim context across existing security boundaries. In this blog post I’ll explore how we can automate finding SMT covert channels. SMT is intel speak for hyper threading. Before I proceed I should note that one of the two covert channels I found in my last blog passed, the one based on the RdSeed instruction, appears also to have been found by others. You can read about it in D. Evtyushkin & D. Ponomarev [1]. They will be presenting their work on this channel at CCS. Unlike myself they develop the channel fully and discuss mitigations. So if you find this channel interesting their paper is well worth a read.  […]

Covert Shotgun

Standard
Uncategorized

Analysis of MSI’s NTIOlib

MSI ntiolib.sys/winio.sys local privilege escalation:
So, it seems that not only ASUS drivers allows unprivileged reading and writing to physical memory. Just a few months ago I was looking at the drivers that are loaded on my machine, and I found small MSI driver called NTIOLib_X64.sys. Out of curiosity I’ve looked at it in IDA and it turned out that it has almost the same functionality as the ASMMAP/ASMMAP64 ASUS drivers. I’ve tried to contact MSI through various different channels, but I haven’t really get past their customer support, so I’m not sure if anyone from the development team is aware of this design flaw. After almost 4 months I decided to publish my findings here. […]

MSI ntiolib.sys/winio.sys local privilege escalation

Standard