Linaro works with Riscure to secure the TEE ecosystem

Linaro Ltd, the open source collaborative engineering organization developing software for the Arm® ecosystem, today announced together with Riscure their collaboration enabling developers to deliver secure and robust TEE-based solutions. Under the terms of this partnership, Riscure, the globally recognized expert in embedded security research, will contribute to OP-TEE security with regular code review and fuzzing campaigns. OP-TEE is an open source project maintained by the Trusted Firmware project. Both projects are hosted by Linaro and work to provide security for Arm-based solutions. Riscure has created an open-source fuzzing tool specifically designed for OP-TEE.[…]

SVD-Loader for Ghidra: Simplifying bare-metal ARM reverse engineering

Nighthawk: Transparent System Introspection from Ring -3

[…]In this paper, we propose an introspection framework called Nighthawk that transparently checks system integrity at runtime. Nighthawk leverages the Intel Management Engine (IME), a co-processor that runs in isolation from the main CPU. By using the IME, our approach has a minimal TCB and incurs negligible overhead on the host system on a suite of indicative benchmarks. We use Nighthawk to check the integrity of the system software and firmware of a host system at runtime. The experimental results show that Nighthawk can detect real-world attacks against the OS, hypervisors, and System Management Mode while mitigating several classes of evasive attacks.[…]

Multiboot-Toolkit: create a multiboot device which works in UEFI or BIOS.

This looks interesting: a boot disk that does a few things. But I’m not sure what this fully does. Little documentation, most of the binaries are provided without source and come pre-zipped. (Be careful with binary-only releases, they might contain malware…) Windows-centric. But it includes multiple bootloaders, dozens of scripts and executables…

The source code (Github site) appears to be new, but there are 2 blog posts >1year old on the topic:

UEFI-QEMU-Communicator: Talk with UEFI running in QEMU through named pipes

The script can run any arbitrary command and retrieve its exit code, wait for boot and skip the 5-second prompt (and optionally skip startup.nsh), or send reset/shutdown commands. Code written in (almost) pure BASH with no subprocesses spawned. Only print function calls ‘sed’ once.

PS: The author also wrote UEFI-GDB.

INTEL-SA-00290: Intel® Data Direct I/O Technology (Intel® DDIO) and Remote Direct Memory Access (RDMA): VUSec’s NetCAT

From the VUSec site:

NetCAT shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform). With NetCAT, we show this threat extends to untrusted clients over the network, which can now leak sensitive data such as keystrokes in a SSH session from remote servers with no local access. The root cause of the vulnerability is a recent Intel feature called DDIO, which grants network devices and other peripherals access to the CPU cache. Originally, intended as a performance optimization in fast networks, we show DDIO has severe security implications, exposing servers in local untrusted networks to remote side-channel attacks.

Intel agrees this is a significant vulnerability, having awarded NetCAT a bounty and recommending users to “limit direct access from untrusted networks when DDIO & RDMA are enabled“. This essentially means that in untrusted network environments DDIO and/or RDMA should be disabled to provide security. To the best of our knowledge, this is the first time a major hardware vendor like Intel cautions against using a CPU feature in untrusted local networks.

VuSec info:

Roadmap to TPM documentation from UEFI POV

William Leara, a UEFI firmware engineer, has a new blog post giving a roadmap to the TCG’s TPM specs:

A Roadmap to TCG’s TPM Documentation: The Trusted Platform Module (TPM) found in most computers today is a device governed by the specifications of the Trusted Computing Group (TCG). Truly grokking how a TPM operates is a daunting task: the specification for the TPM, called the TPM Library Specification, currently comes in four parts, totaling 2237 pages. (!) However, even those 2237 pages aren’t the whole story. This article provides a roadmap to the various specifications that define the TPM, in order to provide the reader with a comprehensive picture of what documentation is available, and what must be studied to acquire TPM mastery.[…]

KLEE-Native, a fork of KLEE that operates on binary program snapshots by lifting machine code to LLVM bitcode

Binary symbolic execution with KLEE-Native

by Sai Vegasena, New York University, and Peter Goodman, Senior Security Engineer

KLEE is a symbolic execution tool that intelligently produces high-coverage test cases by emulating LLVM bitcode in a custom runtime environment. Yet, unlike simpler fuzzers, it’s not a go-to tool for automated bug discovery. Despite constant improvements by the academic community, KLEE remains difficult for bug hunters to adopt. We’re working to bridge this gap! My internship project focused on KLEE-Native, a fork of KLEE that operates on binary program snapshots by lifting machine code to LLVM bitcode. […]

Purism: Announcing the PureBoot Bundle: Tamper-evident Firmware from the Factory

We have been promoting the benefits of our PureBoot tamper-evident firmware with a Librem Key for some time, but until now our laptops have shipped with standard coreboot firmware, that didn’t include tamper-evident features. To get tamper-evident features, you had to reflash your Librem laptop with PureBoot firmware after the fact, using our standard firmware update process. One of the biggest challenges for most people using PureBoot was the initial setup process–but many people might find installing an OS challenging too. The best way to solve this challenge is for us to do the setup for you–and that’s what we are happy to announce today.[…]

Samsung Trusted Boot and TrustZone Integrity Management Explained

When you boot up any device, that jump rom a powered-down processor to a device running trusted software requires hardware support. The old Basic Input/Output System (BIOS) of over 30 years ago didn’t provide any protections — it could barely get an operating system loaded. Since then, system vendors have been trying to build more security into the boot process. Industry-standard approaches such as Unified Extensible Firmware Interface (UEFI) have set the groundwork and created best practices. Today, smartphones need that same protection. The Android community has specified some starting points, but device vendors, such as Samsung, have built on those to bring smartphone security to “enterprise-ready” levels. The end goal is to make sure the smartphone is running trusted software. Two components helping ensure that are secure booting with Samsung Trusted Boot and kernel integrity checking through TrustZone-based Integrity Management Architecture (TIMA).[…]


I got a super nice project, and for that I needed to learn how the SMM really works. Again I started dipping my toes in this ocean of knowledge and I hope I don’t get too excited and drown myself before even getting started 😉 For the people who are not sure if they want to read all this: In SMM, it is possible to modify SMM saved execution context. SMM also sets its own IDT, it is initialized by the BIOS (DXE) and tons of cool stuff. Normally, CS base address is system-management RAM (SMRAM) base address and SMM code is copied to SMRAM in UEFI initialization and SMRAM is locked right after for security reasons. […]

Google SafeSide: A project to understand and mitigate software-observable side-channels

SafeSide is a project to understand and mitigate software-observable side-channels: information leaks between software domains caused by implementation details outside the software abstraction. Unlike other side-channel attacks — e.g. measuring power use or electromagnetic emissions — software-observable side-channels don’t require physical access or proximity. Our early focus is on transient execution attacks and leaks from software cryptography implementations.

ARM ASL Interpreter: Example implementation of Arm’s Architecture Specification Language (ASL)

Copyright Arm Limited (c) 2017-2019
Version 0.0 alpha

Project ACRN 1.2 released

This release includes:

  • Support for OVMF as virtual boot loader for Service VM to launch Clearlinux, VxWorks or Windows. Secure boot is also supported
  • Support for Kata containers.
  • Windows as a Guest (WaaG): USB host (xHCI) mediator
  • Virtualization support for Always Running Timer (ART)