https://archive.fosdem.org/2017/schedule/event/abusing_chromium_ec/
Month: September 2017
William reviews ru.efi/ru.exe
Microsoft Azure seeks senior UEFI engineer
Senior UEFI / FW Development Engineer – CSI / Azure – Cloud Server Infrastructure
The Azure Cloud Server Infrastructure development team (CSI) is seeking a talented FW development engineer with UEFI based BIOS/FW development experience. Candidate will be a member of the MSFT Azure CSI/UEFI FW team and will be responsible for design and development of UEFI FW solutions for MSFT Cloud Platforms. The Senior BIOS/Firmware Developer candidate must have relevant industry experience in the development of UEFI firmware solutions. Candidate must demonstrate skills and experiences from early planning/concept architecture, platform bring-up, UEFI FW features development, board manufacturing support and field issues debug/servicing support.[…]
Ecosystem momentum positions Microsoft’s Project Olympus as de facto open compute standard
TCG announces DICE Architecture
Trusted Computing Group has released the Device Identifier Composition Engine (DICE) Architecture for securing resource-constrained devices that make up the Internet of Things. The DICE Architecture provides critical security and privacy benefits to IoT and embedded systems where traditional Trusted Platform Modules (TPM) may be impractical, while also enabling support for those devices with a TPM for additional security benefits. Security capabilities this new approach enables include strong device identity, attestation of device firmware and security policy, and safe deployment and verification of software updates, which often are a source of malware and other attacks. The DICE Architecture, with its hardware root of trust for measurement, breaks up the boot process into layers, and creates unique secrets and a measure of integrity for each layer. This means if malware is present, the device is automatically re-keyed and secrets are protected. […]
Android 8.0 and Project Treble
https://source.android.com/devices/architecture/kernel/modular-kernels#core-kernel-requirements
“The Android 8.0 release includes Project Treble, a major re-architect of the Android OS framework designed to make it easier, faster, and less costly for manufacturers to update devices to a new version of Android. Treble is for all new devices launching with Android 8.0 and beyond (the new architecture is already running on the Developer Preview for Pixel phones).[…]”
UEFI-CheckScript: PowerShell script for SCCM/WinPE
“This Windows PowerShell script can be used in an SCCM task sequence to see if WinPE was booted in UEFI or BIOS mode.”
UefiToolsPkg: making UEFI more useful to system hackers
Andrei Warkentin has created UefiToolsPkg, readme excerpt below:
This is a Tiano Core (edk2) package with various goodies. The goal was to make the UEFI environment much more useful to system hackers. It may be a reduced environment, but there’s no need for it to remain a crippled one. People make the analogy of UEFI being the 21st century equivalent of DOS, yet DOS was a vastly more useful environment than UEFI is today. Hopefully, one day this will grow into a veritable distribution of software to be productive even without a “real OS” around. Contains: Useful utilities for developers and admins,Ported UNIX tools, Useful libraries for developers, Development tools for Windows/Linux, Other tools around the Web.
FdtDump: dump system device tree to storage
AcpiDump: dump system ACPI tables to storage
AcpiLoader: load system ACPI tables from storage
ShellPlatVars: set UEFI Shell variables based on platform configuration
MemResv: create new memory map entries
RangeIsMapped: validates ranges in the memory map
GopTool: Check and manipulate EFI_GRAPHICS_OUTPUT_PROTOCOL instances
tinycc: port of TinyCC to UEFI
There’s at least one other UEFI ‘distribution’ project on Github, mostly non-usable, I forget the name at the moment. If I had some spare time, I’ve been wanting to do something like this, still looking to find the spare time… 😦 The next logical step is to include FPMurphy’s UEFI Utilities:
Linux IoT and secure firmware updates
Identifying secure firmware update mechanisms for embedded Linux devices and open source options
September 15, 2017
Alex Gonzalez
[…]With regards to embedded devices, the firmware update mechanism must be not only secure, but also reliable in that it either succeeds in the update or fails to a recoverable state. In no way should the software update brick a device, and it should be able to happen unattended. Most updates must also preserve the previous device state, although on some occasions recovering a device could involve resetting to a default state.[…]
IDA Pro 7.0 released
NIST releases SP 800-125A 2nd ed, hypervisor security
NIST Releases the Second Public Draft of Special Publication (SP) 800-125A,” Security Recommendations for Hypervisor Deployment” is now available for public comment, deadline for feedback is October 6th.
The NIST web site is changing on September 18 2017. Some links will change, below are pre- and post-Sep 18 URLs:
https://beta.csrc.nist.gov/publications/detail/sp/800-125A/draft
https://csrc.nist.gov/publications/detail/sp/800-125A/draft
Microsoft Azure introduces confidential computing
[…]With Azure confidential computing, we’re developing a platform that enable developers to take advantage of different TEEs without having to change their code. Initially we support two TEEs, Virtual Secure Mode and Intel SGX. Virtual Secure Mode (VSM) is a software-based TEE that’s implemented by Hyper-V in Windows 10 and Windows Server 2016. Hyper-V prevents administrator code running on the computer or server, as well as local administrators and cloud service administrators from viewing the contents of the VSM enclave or modifying its execution. We’re also offering hardware-based Intel SGX TEE with the first SGX-capable servers in the public cloud. Customers that want their trust model to not include Azure or Microsoft at all can leverage SGX TEEs. We’re working with Intel and other hardware and software partners to develop additional TEEs and will support them as they become available.[…]
Patroklos on microcode reversing
Patroklos (argp) Argyroudis has a new document on microcode reversing:
“Paper notes: Reverse engineering x86 processor microcode
14 Sep 2017”
PCILeech presentation uploaded
Ulf has a new presentation on PCIe attacks online!
https://github.com/ufrisk/presentations
Click to access SEC-T-0x0Anniversary-Ulf-Frisk-Evil-Devices-and-Direct-Memory-Attacks.pdf
UEFI driver dev presentation
Elvis Teixeira has a presentation on UEFI driver development, slides are available here:
https://github.com/elvismt/presentations
Armis BlueBorne: Bluetooth vulnerabilities
These vulnerabilities were publicly disclosed by Ben Seri and Gregory Vishnepolsky of Armis. Armis acknowledges Alon Livne for the Linux RCE (CVE-2017-1000251) exploit.
https://www.kb.cert.org/vuls/id/240311
https://www.us-cert.gov/ncas/current-activity/2017/09/12/BlueBorne-Bluetooth-Vulnerabilities
https://www.armis.com/blueborne/
This is why I don’t use bluetooth. 🙂
MCExtractor 1.7.0 released
Lord Noteworthy on CPU internals
Lord Noteworthy has a new github project with information about VMM technology:
European coreboot conference 2017: Call for Papers
Note the request for SECURITY talks!
We are particularly interested in advances in the application of technology in a particular discipline primarily around coreboot, hardware, firmware, and security. As a result, the conference will be structured around the following topics:
– Free and Open Source hardware and firmware.
– Attacks against current hardware and firmware, like side and covert channel attacks.
– Firmware and hardware reverse engineering.
– coreboot payloads, extensions, and features.
– Advances of coreboot and UEFI on the market.
– Applications of free and open source hardware/firmware in practice.
– State-of-the-art security in embedded devices.
Conference talks, lightning talks, and workshops will be video taped and published afterwards. If a recording is not desired by a speaker or workshop instructor, no recordings will be made (notification in advance of the talk / workshop requested)[…]
Qualcomm seeks server firmware engineer
The position requires systemic understanding of server firmware, software, and hardware, and the ability to solve issues across a broad range of technologies. Job duties include: Customer support, including: – Support design and bringup of server systems implementing Qualcomms Centriq server processors – Debug and resolution of customer hardware, firmware, and software issues – Analyze and replicate reported customer-reported problems in Qualcomm labs, for root cause analysis, working in conjunction with software, firmware, and chip design teams – Support customer BIOS / firmware bring-up and customization – Provide performance optimization support for system software – Support server platform validation, performance analysis, and power measurement tools – Delivery of customer training – Creation and support of customer-facing documentation – Create and edit documentation such as device specifications, data sheets, and user manuals – Write application notes and reference code – Creation of training materials.
Detailed knowledge of server processor architecture and system-level features including:
– CPU and system-level caches
– High performance DDR memory systems
– Server system SoC and system-level interfaces, including coherent system interconnects, PCIe, SATA, USB, Ethernet
– Memory management units
– Interrupt controllers and hardware timers
– Power management features
– System clocks and their management
– CPU and system performance monitor hardware
– Debug and trace hardware
– Security features
– System management controller hardware, firmware, and software
– Understanding of system-level programming UEFI, system initialization firmware, etc.
– C programming, preferably for embedded systems or drivers (ARM preferred)
– Familiarity with JTAG based debug tools and environments (Lauterbach Trace-32 preferred)
– Experience using hardware performance monitors for system debug and optimization
– Experience using a configuration management system, e.g. CVS, ClearCase, Git
– Experience using a defect tracking system, e.g. ClearQuest, Bugzilla, JIRA
– Excellent system debugging skills
– Knowledge of multi-agent coherent systems
– Knowledge of power management features, including voltage/frequency scaling and sleep modes
– Experience with ARM RVDS, ARM Development Studio, and GNU tools
– Experience with documentation applications such as Microsoft Word and Excel
– Working knowledge of digital oscilloscopes, logic analyzers, etc.
https://jobs.qualcomm.com/public/jobDetails.xhtml?requisitionId=1958654&src=indeed
U-Boot v2017.09 released
Tom Rini has announced the v2017.09 release of U-Boot. And it clarifies status of VU166743/CVE-2017-3225/CVE-2017-3226, excerpt below:
I’ve released v2017.09 and it’s now live on git and FTP and ACD (along with PGP sig file). There’s a few things I need to headline in this release. First and foremost is https://www.kb.cert.org/vuls/id/166743 (aka CVE-2017-3225 and CVE-2017-3226). If you’re using CONFIG_ENV_AES in your project, you have security implications to worry about and decide the correct path forward in. With respect to the community, I marked it as deprecated for this release, and I plan to remove it for the next release unless someone with relevant background steps up and wants to rewrite the code in question (and make sure the rest of the environment code isn’t going to lead to other issues similar to CVE-2017-3226). Both of the issues in question here could be fixed but the worry is about it being the “tip of the iceberg” in the area. […]
Full announcement:
https://lists.denx.de/pipermail/u-boot/2017-September/305340.html
Firmware Security 
You must be logged in to post a comment.