WooKey project: building trusted USB devices and IoTs

The WooKey project aims at prototyping a secure and trusted USB mass storage device featuring user data encryption and strong user authentication, with fully open source and open hardware foundations. The Wookey is a custom STM32 based USB thumb drive with mass storage capabilities designed for user data encryption and protection, with a full-fledged set of in-depth security defenses[…].



Improving security of the FreeBSD boot process

Found the paper online, but have not found the video online (from either AsiaBSDCon or BSDCan) yet…

The talk describes recent security additions in the FreeBSD boot process. It will describe describe UEFI Secure Boot support in the FreeBSD loader and kernel. The loader is now able to parse UEFI databases of keys and certificates which are used to verify a signed FreeBSD kernel binary, using BearSSL as the cryptographic backend. FreeBSD veriexec capability is employed to verify various userland binaries and conguration files – it was extended with the ability to use UEFI trust anchors as a base for veriexec manifest verification Additionally, TPM 2.0 devices are now supported in FreeBSD. They are most often referred to in the context of a measured boot, i.e. secure measurements and attestation of all images in the boot chain. The basic features of TPM will be described, as well as some caveats and shortcomings which may have contributed to its limited adoption. The presentation will include practical TPM use case, such as hardening Strongswan IPSec tunnels by performing IKE-related cryptographic operations within the TPM, using private keys which never leave the device.



Cisco Secure Boot Hardware Tampering Vulnerability (CVE-2019-1649, cisco-sa-20190513-secureboot)

First Published: 2019 May 13 17:30 GMT
Last Updated: 2019 May 16 20:00 GMT
Workarounds: No workarounds available

A vulnerability in the logic that handles access control to one of the hardware components in Cisco’s proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. This advisory will be updated as additional information becomes available. Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.


A bit more on MDS












Microsoft Attack Surface Analyzer 2.0: for Windows/Mac/Linux



[…]Attack Surface Analyzer 2.0 now runs on Windows, Linux, and macOS and is available as an open source project on GitHub. Attack Surface Analyzer 2.0 can help you identify potential security risks introduced by changes to an operating system’s security configuration by identifying changes in key areas, including: File System, User Accounts, System Services, Network Ports (listeners), System Certificate Stores, Windows Registry[…]

The Hacker’s hardware Toolkit

“The best hacker’s gadgets for Red Team pentesters and security researchers.”


FishMinder: Redfish Event Receiver

A new Redfish tool:

This project provides a daemon that can be used to retrieve events from a Redfish Event Service. The DMTF Redfish standard defines a service that a client can post subscription requests to. Such request would outline what type of events the client is interested in. In the Fishminder project we only subscribe to events of the type Alert. The client would also need to tell the Event Service where to send the events. The Event Service sends events to the clients through a RESTful POST operation. Therefore the Fishminder daemon is hosting a REST server that can accept such events and places them in a Sqlite database (the table name is “events”).


Alt text

Uefi-Ext2-Reader: UEFI file system driver for Linux Ext2

There’s another Linux ext2 file system for UEFI being worked on:

Uefi-Ext2-Reader: This is a project for System Software subject for my study in Gdansk University of Technology. UEFI supports only Windows FAT file system. I implemented a protocol that allows to read files from Linux Ext2 partition in UEFI. I used VisualUEFI (https://github.com/ionescu007/VisualUefi.git) for compiling process.


Intel® FSP External Architecture Specification v2.1 Has Been Released

Nate DeSimone announced the availability of the FSP 2.1 spec.

We are pleased to announce that the FSP External Architecture Specification v2.1 has been posted to https://www.intel.com/fsp!

AmberLakeFspBinPkg has been released on https://github.com/IntelFsp/FSP, which provides the first implementation of FSP 2.1. This FSP is backward compatible with Kaby Lake, so there should be a good amount of existing hardware available for those who are interested in trying FSP 2.1. Looking forward, our upcoming Ice Lake and Comet Lake platforms will have FSP 2.1 binaries once they are released.

MinPlatform and FSP 2.1 provide a complete and native UEFI firmware implementation and together they are Intel’s preferred method of implementing open source UEFI firmware today. We will be pushing patches to the mailing list that add FSP 2.1 dispatch mode support to KabyLakeOpenBoardPkg in edk2-platforms soon!

For more info, see the full post on the edk2.groups.io mailing list archives.


New ACPI tables for 2018 and 2019

Re: https://firmwaresecurity.com/2017/11/21/new-acpi-ids-for-november-nexstgo-and-insyde/ and https://firmwaresecurity.com/2017/05/31/new-acpi-registry-updates-for-2017/

Here are the new ACPI entries for 2019 (so far):
1) Amazon Corporation, AMZN, 02/06/2019, https://www.amazon.com/
2) ASEM S.p.A., ASEM, 04/29/2019,
3) Guizhou Huaxintong Semiconductor Technology Co., Ltd, HXTS, 01/18/2019
, http://www.hxt-semitech.com/

New ACPI entries for 2018:
1) Ampere Computing, AMPC, 03/29/2018, https://amperecomputing.com/
2) COMHEAR, INC., CMHR, 08/02/2018,
3) DMIST RESEARCH LTD, DMST, 07/09/2018,
4) G2touch Co., LTD, GTCH, 12/04/2018,
5) IDEMIA, IDEM, 06/26/2018,
6) Sensel, Inc., SNSL, 08/20/2018,
7) Vishay Intertechnology, Inc., VSHY, 07/09/2018
, https://www.vishay.com/

More info:

Fortinet: How to Cost-Effectively Dynamically Analyze UEFI Malware

By Minh Tran | May 14, 2019

A FortiGuard Labs How-To Guide for Cybersecurity Threat Researchers

Unified Extensible Firmware Interface (UEFI) is a specification that defines an interface between platform firmware and an OS. In a nutshell, UEFI replaces the BIOS in previous systems. Since UEFI is required for Secure Boot (ever since the Windows 8 operating system released in 2012), virtually all modern PCs come with UEFI firmware. Naturally, with the growing popularity of UEFI systems, and the fact that UEFI firmwares have even higher privilege than the OS/ hypervisor, adversaries are starting to focus on exploiting this new attack surface. This is evidenced by the UEFI rootkit found recently from the Sednit group.Consequently, there is a pressing need for security researchers to be able to handle this novel threat. In this blog post, we will show you how.


ZombieLoadAttack.com, CPU.fail, MDSattacks.com…

Busy day for news…





11 new security advisories from Intel today

The MDS stuff will get all the press, but there are UEFI, ME, AMT and other advisories…

Intel® Driver & Support Assistant Advisory

Intel® NUC Advisory

Intel® i915 Graphics for Linux Advisory

Intel Unite® Client for Android* Advisory

Intel® Quartus® Software Advisory

Intel® SCS Discovery Utility and Intel® ACU Wizard Advisory

Microarchitectural Data Sampling Advisory

Intel Unite® Client Advisory

2019.1 QSR UEFI Advisory

Intel® Graphics Driver for Windows* 2019.1 QSR Advisory

Intel® CSME, Intel® SPS, Intel® TXE, Intel® DAL, and Intel® AMT 2019.1 QSR Advisory

HITB Amsterdam 2019: presentation materials online


3mdeb: 5 terms every hypervisor developer should know

This is the first post of a series about developing type-1 hypervisors, also known as native or bare-metal hypervisors. It introduces to Intel’s VMX technology, describes interactions between a virtual machine and a hypervisor as well as gives some insight on the control structures required. This post should give some theoretical knowledge base required for the next ones, in which we will implement a basic hypervisor using Bareflank. It assumes that you have some knowledge about IA-32 architecture. There will be more than 5 terms actually, but the most important are those in headers. The following posts will assume that the reader knows what they are for and what is their scope.