Found the paper online, but have not found the video online (from either AsiaBSDCon or BSDCan) yet…
The talk describes recent security additions in the FreeBSD boot process. It will describe describe UEFI Secure Boot support in the FreeBSD loader and kernel. The loader is now able to parse UEFI databases of keys and certificates which are used to verify a signed FreeBSD kernel binary, using BearSSL as the cryptographic backend. FreeBSD veriexec capability is employed to verify various userland binaries and conguration files – it was extended with the ability to use UEFI trust anchors as a base for veriexec manifest verification Additionally, TPM 2.0 devices are now supported in FreeBSD. They are most often referred to in the context of a measured boot, i.e. secure measurements and attestation of all images in the boot chain. The basic features of TPM will be described, as well as some caveats and shortcomings which may have contributed to its limited adoption. The presentation will include practical TPM use case, such as hardening Strongswan IPSec tunnels by performing IKE-related cryptographic operations within the TPM, using private keys which never leave the device.
A new C-based library for interacting with Huawei BMC via Redfish:
First Published: 2019 May 13 17:30 GMT
Last Updated: 2019 May 16 20:00 GMT
Workarounds: No workarounds available
A vulnerability in the logic that handles access control to one of the hardware components in Cisco’s proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. This advisory will be updated as additional information becomes available. Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability.
I believe the author, Lorenzo Gaggini, works at Dell:
dell_hw_health is a python script / nagios check using Redfish API to get system hardware health
This repository contains selection of Redfish recordings that can be served by the Redfish mock servers.
Hopefully they take patches; if so, please consider submitting info for Redfish-capable machines you have access to, it appears fairly easy to generate the necessary data. Right now, beyond the mockups, there’s one entry for a Lenovo system.
[…]Attack Surface Analyzer 2.0 now runs on Windows, Linux, and macOS and is available as an open source project on GitHub. Attack Surface Analyzer 2.0 can help you identify potential security risks introduced by changes to an operating system’s security configuration by identifying changes in key areas, including: File System, User Accounts, System Services, Network Ports (listeners), System Certificate Stores, Windows Registry[…]
“The best hacker’s gadgets for Red Team pentesters and security researchers.”
A new Redfish tool:
This project provides a daemon that can be used to retrieve events from a Redfish Event Service. The DMTF Redfish standard defines a service that a client can post subscription requests to. Such request would outline what type of events the client is interested in. In the Fishminder project we only subscribe to events of the type Alert. The client would also need to tell the Event Service where to send the events. The Event Service sends events to the clients through a RESTful POST operation. Therefore the Fishminder daemon is hosting a REST server that can accept such events and places them in a Sqlite database (the table name is “events”).
There’s another Linux ext2 file system for UEFI being worked on:
Uefi-Ext2-Reader: This is a project for System Software subject for my study in Gdansk University of Technology. UEFI supports only Windows FAT file system. I implemented a protocol that allows to read files from Linux Ext2 partition in UEFI. I used VisualUEFI (https://github.com/ionescu007/VisualUefi.git) for compiling process.
Nate DeSimone announced the availability of the FSP 2.1 spec.
We are pleased to announce that the FSP External Architecture Specification v2.1 has been posted to https://www.intel.com/fsp!
AmberLakeFspBinPkg has been released on https://github.com/IntelFsp/FSP, which provides the first implementation of FSP 2.1. This FSP is backward compatible with Kaby Lake, so there should be a good amount of existing hardware available for those who are interested in trying FSP 2.1. Looking forward, our upcoming Ice Lake and Comet Lake platforms will have FSP 2.1 binaries once they are released.
MinPlatform and FSP 2.1 provide a complete and native UEFI firmware implementation and together they are Intel’s preferred method of implementing open source UEFI firmware today. We will be pushing patches to the mailing list that add FSP 2.1 dispatch mode support to KabyLakeOpenBoardPkg in edk2-platforms soon!
For more info, see the full post on the edk2.groups.io mailing list archives.
Here are the new ACPI entries for 2019 (so far):
1) Amazon Corporation, AMZN, 02/06/2019, https://www.amazon.com/
2) ASEM S.p.A., ASEM, 04/29/2019, http://www.asem.it/
3) Guizhou Huaxintong Semiconductor Technology Co., Ltd, HXTS, 01/18/2019, http://www.hxt-semitech.com/
New ACPI entries for 2018:
1) Ampere Computing, AMPC, 03/29/2018, https://amperecomputing.com/
2) COMHEAR, INC., CMHR, 08/02/2018, https://www.comhear.com/
3) DMIST RESEARCH LTD, DMST, 07/09/2018, http://www.dmist.com/
4) G2touch Co., LTD, GTCH, 12/04/2018, http://www.g2touch.co.kr/
5) IDEMIA, IDEM, 06/26/2018, https://www.idemia.com/
6) Sensel, Inc., SNSL, 08/20/2018, https://sensel.com/
7) Vishay Intertechnology, Inc., VSHY, 07/09/2018, https://www.vishay.com/
By Minh Tran | May 14, 2019
A FortiGuard Labs How-To Guide for Cybersecurity Threat Researchers
Unified Extensible Firmware Interface (UEFI) is a specification that defines an interface between platform firmware and an OS. In a nutshell, UEFI replaces the BIOS in previous systems. Since UEFI is required for Secure Boot (ever since the Windows 8 operating system released in 2012), virtually all modern PCs come with UEFI firmware. Naturally, with the growing popularity of UEFI systems, and the fact that UEFI firmwares have even higher privilege than the OS/ hypervisor, adversaries are starting to focus on exploiting this new attack surface. This is evidenced by the UEFI rootkit found recently from the Sednit group.Consequently, there is a pressing need for security researchers to be able to handle this novel threat. In this blog post, we will show you how.
The MDS stuff will get all the press, but there are UEFI, ME, AMT and other advisories…
Intel® Driver & Support Assistant Advisory
Intel® NUC Advisory
Intel® i915 Graphics for Linux Advisory
Intel Unite® Client for Android* Advisory
Intel® Quartus® Software Advisory
Intel® SCS Discovery Utility and Intel® ACU Wizard Advisory
Microarchitectural Data Sampling Advisory
Intel Unite® Client Advisory
2019.1 QSR UEFI Advisory
Intel® Graphics Driver for Windows* 2019.1 QSR Advisory
Intel® CSME, Intel® SPS, Intel® TXE, Intel® DAL, and Intel® AMT 2019.1 QSR Advisory
EFITools for CentOS
EFI Tools is a set of applications to manage UEFI Secure Boot under Linux.
This is the first post of a series about developing type-1 hypervisors, also known as native or bare-metal hypervisors. It introduces to Intel’s VMX technology, describes interactions between a virtual machine and a hypervisor as well as gives some insight on the control structures required. This post should give some theoretical knowledge base required for the next ones, in which we will implement a basic hypervisor using Bareflank. It assumes that you have some knowledge about IA-32 architecture. There will be more than 5 terms actually, but the most important are those in headers. The following posts will assume that the reader knows what they are for and what is their scope.
DMTF has a new Redfish tool on their Github site, Redfish-TackleBox.
Redfish Tacklebox contains a set of Python utilities to perform common management operations with a Redfish service. The utilities can be used as part of larger management applications, or be used as standalone command line tools.