Aurora: Providing Trusted System Services for Enclaves On an Untrusted System

February 23, 2018 ~ hucktech ~ Leave a comment

Aurora: Providing Trusted System Services for Enclaves On an Untrusted System
Hongliang Liang, Mingyu Li, Qiong Zhang, Yue Yu, Lin Jiang, Yixiu Chen
(Submitted on 10 Feb 2018)

Intel SGX provisions shielded executions for security-sensitive computation, but lacks support for trusted system services (TSS), such as clock, network and filesystem. This makes \textit{enclaves} vulnerable to Iago attacks~\cite{DBLP:conf/asplos/CheckowayS13} in the face of a powerful malicious system. To mitigate this problem, we present Aurora, a novel architecture that provides TSSes via a secure channel between enclaves and devices on top of an untrusted system, and implement two types of TSSes, i.e. clock and end-to-end network. We evaluate our solution by porting SQLite and OpenSSL into Aurora, experimental results show that SQLite benefits from a \textit{microsecond} accuracy trusted clock and OpenSSL gains end-to-end secure network with about 1ms overhead.

https://arxiv.org/abs/1802.03530

efi and uefi_app: Rust bindings and sample UEFI Rust app

February 23, 2018 ~ hucktech ~ Leave a comment

efi_app: A sample UEFI application written in Rust.

https://github.com/gurry/efi_app

Ergonomic Rust bindings to the UEFI environment for writing UEFI applications.

https://github.com/gurry/efi

uefi-rs: Rust wrapper for UEFI

February 23, 2018February 23, 2018 ~ hucktech ~ Leave a comment

This library allows you to write UEFI applications in Rust.

UEFI is the successor to the BIOS. It provides an early boot environment for OS loaders and other low-level applications.

The objective of this library is to provide safe and performant wrappers for UEFI interfaces, and allow developers to write idiomatic Rust code.

https://github.com/GabrielMajeri/uefi-rs

EFIClone: macOS scripts to clone the EFI System partition

February 23, 2018 ~ hucktech ~ Leave a comment

macOS Shell Scripts to clone the EFI partition automatically from either Carbon Copy Cloner or SuperDuper! when run on a Hackintosh

https://github.com/wombat94/EFIClone

HP including expected PCR0 values in firmware releases

February 22, 2018 ~ hucktech ~ 1 Comment

Oh wow HP are now providing expected PCR0 values for some of their firmware releases: https://t.co/6WDbiud6WM

— Matthew Garrett (@mjg59@nondeterministic.computer) (@mjg59) February 22, 2018

PCR0 (TPM 1.2, TXT disabled) = 3864B052A7A5E8D0D68C6B525CE7C264042FFD9C (SHA1)
PCR0 (TPM 1.2, TXT enabled) = A53040199863DE972A57CDCCBA5A1D595B8D622F (SHA1)
PCR0 (TPM 2.0 SHA256, TXT disabled) = 8F6FD3E49706E7EFDAFD56FB55FB8E02FC9766BE482C07D80D8AB2081CF5B196 (SHA256)
PCR0 (TPM 2.0 SHA256, TXT enabled) = B0D9EC8871DABC7D931A6EB0783CDFB3DAA2422F8999301CC4954D1FD2879E77 (SHA256)

https://support.hp.com/soar-attachment/567/col59842-wk-199952-1-wk-199952-1_sp82736_releasedoc.html

Google introduces Android Enterprise Recommended program

February 22, 2018 ~ hucktech ~ Leave a comment

#AndroidEnterprise Recommended makes it easy to find the best devices and services for your business. Learn more: https://t.co/XrYaEfZBDC pic.twitter.com/tFrsK1yfgy

— Android (@Android) February 21, 2018

Google introduces the Android Enterprise Recommended program to certify smartphones for business use https://t.co/JtdCjPrvX8 pic.twitter.com/NBb7uYOI3u

— XDA (@xdadevelopers) February 21, 2018

https://www.android.com/enterprise/recommended/requirements/

https://www.android.com/enterprise/recommended/

https://androidenterprisepartners.withgoogle.com/#!/results/browse-all/2

REcon Brussels 2018 slides uploaded

February 22, 2018 ~ hucktech ~ Leave a comment

REcon BRX 2018 Slides are here !!https://t.co/qprK07Ivug

— REcon Brussels (@reconbrx) February 12, 2018

Starcraft: Emulating a buffer overflow for fun and profit – Elias Bachaalany
Subverting your server through its BMC: the HPE iLO4 case – Alexandre Gazet, Joffrey Czarny, Fabien Perigaud
Breaking state-of-the-art binary code obfuscation – Tim Blazytko, Moritz Contag
Decompiler internals: microcode – Ilfak Guilfanov
Mess with the best, die like the rest (mode) – Volodymyr Pikhur
Hacking Toshiba Laptops – Michał Kowalczyk, Serge Bazanski
Dissecting QNX – Ali Abbasi, Jos Wetzels
Robin Hood vs Cisco ASA AnyConnect – Cedric Halbronn
Linux Vulnerabilities, Windows Exploits: Escalating Privileges with WSL – Saar Amar
DIY ARM Debugger for Wi-Fi Chips- Matthias Schulz
Reversing IoT: Xiaomi ecosystem – Dennis Giese, Daniel Wegemer
Visiting The Snake Nest – Matthieu Faou, Jean-Ian Boutin
Reverse Engineering Windows Defender’s JavaScript Engine – Alexei Bulazel

https://recon.cx/2018/brussels/slides/

Upcoming Intel SGX Features Explained: Improved Virtualization, Configuration Management, and Key Sharing

February 22, 2018 ~ hucktech ~ Leave a comment

I explain recently announced SGX features (EPC oversubscription and Key separation & sharing) in my latest blog https://t.co/Kni4Cmc8mT

— Jethro Beekman (@JethroGB) February 22, 2018

https://t.co/m52bi79wYg
In our blog: In an update to the Intel Software Developer’s Manual (SDM), Intel detailed upcoming changes to the Intel® SGX instruction set. #intel #sgx #intelsgx #fortanix #RuntimeEncryption

— Fortanix (@fortanix) February 22, 2018

Upcoming Intel® SGX Features Explained: Improved Virtualization, Configuration Management, and Key Sharing
Jethro Beekman
February 22nd, 2018
In an update to the Intel Software Developer’s Manual (SDM), Intel detailed upcoming changes to the Intel® SGX instruction set. The new features improve Enclave Page Cache management in virtualized environments and allow the addition of additional information to sealing key derivation and attestation reports. The improvements allow for better multi-tenancy with EPC oversubscription and easier configuration and software update management. I will go into detail on each of these in this post.[…]

https://www.fortanix.com/blog/2018/02/upcoming-intel-sgx-features-explained/

Criminal use of code signing certificates

February 22, 2018 ~ hucktech ~ Leave a comment

Code signing certificates are available on the dark market https://t.co/oO3GwKeqI2 #cybercrime #windows #malware

— x0rz (@x0rz) February 22, 2018

The Use of Counterfeit Code Signing Certificates Is on the Rise
Andrei Barysevich
February 22, 2018

In 2017, security researchers around the world started seeing a sudden increase in code signing certificates being used as a layered obfuscation technique for malicious payload distribution campaigns. Recorded Future’s Insikt Group investigated the criminal underground and identified vendors currently offering both code signing certificates and domain name registration with accompanying SSL certificates. Contrary to a common belief that the security certificates circulating in the criminal underground are stolen from legitimate owners prior to being used in nefarious campaigns, we confirmed with a high degree of certainty that the certificates are created for a specific buyer per request only and are registered using stolen corporate identities, making traditional network security appliances less effective.

https://www.recordedfuture.com/code-signing-certificates/

Product List

MacAdmins Podcast: Episode 70: Secure Boot

February 21, 2018 ~ hucktech ~ Leave a comment

Had a great time talking to @tperfitt from @twocanoessoft if for no other reason than learning how the company got its name. Also, some Active Directory history at Apple. https://t.co/d7NHwXTm05

— Pepijn Bruienne 🐶🌲🧀💴 (@bruienne) February 21, 2018

Synopsis: Tim Perfitt joins the pod to talk about SecureBoot, the iMac Pro, the future of securing everything, and the history of BootRunner and other products at Twocanoes.

Your Hosts:
Tom Bridge, Partner at Technolutionary LLC [@tbridge]
Pepijn Bruienne, R&D Engineer at Duo Security [@bruienne], Proprietor of EnterpriseMac.Bruienne.com
Charles Edge, Director of Marketplace at Jamf, [@cedge318]

Guests: Tim Perfitt, Founder of Twocanoes Software

Episode 70: Tim Perfitt, Twocanoes Software

show notes:

SecureBoot & the 2017 iMac Pro

US-CERT: Update D on Meltdown/Spectre

February 21, 2018 ~ hucktech ~ Leave a comment

ICS-CERT issued updated alert ICS-ALERT-18-011-01D Meltdown and Spectre Vulnerabilities to the ICS-CERT web site – https://t.co/Jrk79XEuV2

— ICS-CERT (@ICSCERT) February 20, 2018

Alert (ICS-ALERT-18-011-01D)
Meltdown and Spectre Vulnerabilities (Update D)
Original release date: January 11, 2018 | Last revised: February 20, 2018

https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01D

Trusting bare-metal/on-premises cloud firmware

February 21, 2018February 21, 2018 ~ hucktech ~ Leave a comment

I’ve been learning a bit about ‘the Cloud’. In addition to the normal virtualized solutions, there is also ‘bare-metal cloud’, where the customer gets full access to the hardware. The ‘on-premises cloud’ is similar, vendor puts the hardware on yout site. If you are the first client to use that hardware, you’re probably in good shape. However, the 2nd and subsequent customers need to trust the cloud vendor is verifying that previous customers didn’t infect the firmware with bootkits.

If I was an attacker, I would have sold grey-market (used) hardware, with infected firmware on ebay/craigslist to future targets. Now, I’d change tactics and rent as much bare-metal/on-premises cloud hardware as I could, infect it with rootkits, return it to the cloud vendor, and wait for future users of this hardware to phone home. Seems like a better investment for an attacker, multiple targets per infected device.

Before your company relies on a bare-metal/on-prem solution, ask the cloud vendor to clarify the steps they perform to ensure the firmware is not infected with bootkits.

https://en.wikipedia.org/wiki/Bare-metal_server

https://en.wikipedia.org/wiki/On-premises_software

new ChromeOS TPM security feature

February 21, 2018 ~ hucktech ~ Leave a comment

https://www.androidpolice.com/2018/02/18/google-releases-optional-security-update-chromebooks-wipes-local-data/

https://www.techrepublic.com/article/chromebook-update-boosts-security-but-wipes-all-data-in-the-process/

TPM Update For Chrome OS: Why And How

https://www.chromium.org/chromium-os/tpm_firmware_update

https://productforums.google.com/forum/#!topic/chromebook-central/eo2HZeDVjr8

https://www.infineon.com/cms/en/product/promopages/tpm-update/

Intel updates Intel-SA-00086 and 00088 advisory documents

February 21, 2018 ~ hucktech ~ Leave a comment

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr

ARM’s Kigen OS for cellular IoT security

February 21, 2018February 21, 2018 ~ hucktech ~ Leave a comment

https://www.arm.com/products/iot-solutions/kigen-sim-solutions

https://www.arm.com/news/2018/02/arm-delivers-integrated-sim-identity-to-secure-next-wave-of-cellular-iot-devices

Kigen Graphic 2

https://www.forbes.com/sites/patrickmoorhead/2018/02/21/arm-introduces-new-kigen-technologies-to-improve-iot-security

https://www.pcper.com/news/General-Tech/ARM-Introduces-Kigen-OS-Cellular-IoT

Intel announces firmware updates for multiple processors (and Retpoline document)

February 20, 2018 ~ hucktech ~ Leave a comment

Latest Intel Security News: Updated Firmware Available for 6th, 7th and 8th Generation Intel Core Processors, Intel Xeon Scalable Processors and More https://t.co/aZicmHhgki pic.twitter.com/CcqOUD2wHh

— Intel News (@intelnews) February 20, 2018

February 20, 2018

Latest Intel Security News: Updated Firmware Available for 6th, 7th and 8th Generation Intel Core Processors, Intel Xeon Scalable Processors and More

Over the past several weeks, we’ve been developing and validating updated microcode solutions to protect Intel customers against the security exploits disclosed by Google Project Zero. This effort has included extensive testing by customers and industry partners to ensure the updated versions are ready for production. On behalf of all of Intel, I thank each and every one of our customers and partners for their hard work and partnership throughout this process. Based on these efforts, we have now released production microcode updates to our OEM customers and partners for Kaby Lake- and Coffee Lake-based platforms, plus additional Skylake-based platforms. This represents our 6th, 7th and 8th Generation Intel® Core™ product lines as well as our latest Intel® Core™ X-series processor family. It also includes our recently announced Intel® Xeon® Scalable and Intel® Xeon® D processors for data center systems. The new microcode will be made available in most cases through OEM firmware updates. I continue to encourage people to always keep their systems up-to-date. There is also a comprehensive schedule and current status for planned microcode updates available online.[…]

https://newsroom.intel.com/news/latest-intel-security-news-updated-firmware-available/

[…]We are mindful of the fact that, in some cases, there are multiple mitigation techniques available that may provide protection against these exploits. This includes “Retpoline,” a Google-developed mitigation technique for Variant 2. For those interested in more information on Retpoline and how it works, we recently published a new white paper. Google has also posted information about Retpoline.[…]

https://support.google.com/faqs/answer/7625886

Click to access Retpoline-A-Branch-Target-Injection-Mitigation.pdf

Coping with Spectre and Meltdown: What sysadmins are doing

February 19, 2018 ~ hucktech ~ Leave a comment

Spectre and Meltdown sure screwed up the To-Do lists for sysadmins. Here’s a snapshot of how they’re coping with the unexpected workload, by @estherschindler https://t.co/z44UR3e1IR

— Esther Schindler (@estherschindler) February 19, 2018

Esther Schindler has a new article on Spectre and Meltdown for SysAdmins:

Coping with Spectre and Meltdown: What sysadmins are doing

The recent security vulnerabilities dumped a bunch of to-do items on system administrators’ desks. Feel like you’re alone? Here’s what other sysadmins have done so far, as well as their current plans and long-term strategy, not to mention how to communicate progress to management.

https://www.hpe.com/us/en/insights/articles/coping-with-spectre-and-meltdown-what-sysadmins-are-doing-1802.html

https://groups.google.com/a/lopsa.org/forum/#!topic/discuss/OSk4U32ShGs

Nintendo’s new KDE Linux tablet :-)

February 19, 2018 ~ hucktech ~ 1 Comment

Re: https://firmwaresecurity.com/2018/01/16/dumping-the-playstation4-kernel/

https://twitter.com/fail0verflow/status/964954316892119040

🐧🐧🐧🐧 #switch pic.twitter.com/4iTjTk9D59

— fail0verflow (@fail0verflow) February 6, 2018

https://liliputing.com/2018/02/fail0verflow-turns-a-nintendo-switch-into-a-full-fledged-linux-pc.html

https://www.theverge.com/circuitbreaker/2018/2/19/17029916/nintendo-switch-hack-linux-fail0verflow

https://www.forbes.com/sites/jasonevangelho/2018/02/09/hackers-are-running-linux-on-the-switch-and-claim-nintendo-cant-patch-it/#73bc32eb512c

https://www.nintendo.com/switch/

I have never once considered purchasing a Nintendo Switch …until now. 🙂

dkmsscripts: scripts to help with DKMS and UEFI boot keysigning

February 19, 2018 ~ hucktech ~ Leave a comment

Collection of scripts and readme’s to help with DKMS and UEFI boot keysigning. Everythign in here is for RHEL derivs for now. Pathing is slightly different on Debian based. This assumes you have a /root/dkms/ directory with keys and scripts in it.

https://github.com/Spikeophant/dkmsscripts

UEFImarkEbcEdition: UEFI Byte Code (EBC) benchmark utility

February 19, 2018 ~ hucktech ~ 1 Comment

System information, benchmark utility for UEFI. Use EFI Byte Code (EBC). EBC instructions coded as FASM macro. SOURCE directory contains FASM source, plus EBC application build service utilites for DOS(TASM) and Win32(FASM). EXECUTABLE directory contains UEFI EBC application. For UEFI, cross platform (x64, IA32, +).

https://github.com/manusov/UEFImarkEbcEdition