Uncategorized

coreboot to join Software Freedom Conservancy

Martin Roth made a post on the coreboot blog about the project joining the Software Freedom Conservancy. I hope this means the project will get more funding.

The coreboot project applied to join the Software Freedom Conservancy[0] and has been approved for membership by their board.  There is still some work to be done in hammering out the governance details, but we hope to have everything completed by April. Joining the SFC as coreboot’s fiscal sponsor \will allow us to go forward with fundraising, and that all donations to the coreboot project from the United States will be tax-deductible.  Up to this point, coreboot hasn’t had any official way to accept donations or payments.  This has meant that the project was mainly supported financially by members of the coreboot leadership, which has put some limitations on what we were able to do. Another of the things that joining the SFC means is that we will be formalizing and fully documenting the coreboot leadership structure.  This is one of the Conservancy’s requirements, and something that they will help the project with. The Conservancy offers a number of other services[1]to its members. We encourage everyone to take a look at the SFC, and to consider joining as individual supporters[2].

[0] https://sfconservancy.org/
[1] https://sfconservancy.org/projects/services/
[2] https://sfconservancy.org/supporter/

https://sfconservancy.org/donate/
https://sfconservancy.org/sponsors/

Full post:
http://blogs.coreboot.org/blog/2017/02/22/coreboot-is-joining-the-software-freedom-conservancy/

Standard
Uncategorized

Functional Encryption using Intel SGX

 

{\sc{Iron}}: Functional Encryption using Intel SGX
Ben A Fisch, Dhinakaran Vinayagamurthy, Dan Boneh, Sergey Gorbunov
Functional encryption (FE) is an extremely powerful cryptographic mechanism that lets an authorized entity compute on encrypted data, and learn the results in the clear. However, all current cryptographic instantiations for general FE are too impractical to be implemented. We build {\sc{Iron}}, a practical and usable FE system using Intel’s recent Software Guard Extensions (SGX). We show that {\sc{Iron}} can be applied to complex functionalities, and even for simple functions, outperforms the best known cryptographic schemes. We argue security by modeling FE in the context of hardware elements, and prove that {\sc{Iron}} satisfies the security model.

http://eprint.iacr.org/2016/1071

 

Standard
Uncategorized

Microsoft updates Secure Boot and ACPI requirements

These Microsoft pages have recently (last month) been updated. No changelog, so unclear what has changed. 😦

 

https://msdn.microsoft.com/en-us/windows/hardware/drivers/bringup/secure-boot-and-device-encryption-overview

https://msdn.microsoft.com/en-us/windows/hardware/commercialize/design/device-experiences/acpi-firmware-implementation-requirements

https://msdn.microsoft.com/en-us/windows/hardware/drivers/bringup/firmware-requirements-for-d3cold

 

Standard
Uncategorized

OSR on debugging bad Windows drivers

OSR has a nice blog post that shows how to debug bad drivers. OSR is a smart group of Windows-centric driver consultants, check out their NT Insider newsletter if you’re into NT. And their NTdev mailing list.

[…]The bugcheck makes much more sense now. Someone’s stack expansion callback was called at DISPATCH_LEVEL (Arg2 == 2) and returned at PASSIVE_LEVEL (Arg1 == 0). That’s against the rules, thus you get a system crash. Personally I would call this a bug in KeExpandKernelStackAndCalloutEx seeing as how it is generating an IRQL_UNEXPECTED_VALUE using invalid (unexpected?) arguments. At a minimum the documentation is currently wrong though and I have filed a bug to try to get that addressed.

https://www.osr.com/blog/2017/02/17/unexpected-case-bugcheck-irql_unexpected_value-c8/

http://www.osronline.com/showthread.cfm?link=281770

https://www.osr.com/developers-blog/

http://www.osronline.com/showlists.cfm?list=ntdev

http://www.osronline.com/index.cfm

Hmm, it looks like OSRonline.com is becoming ‘legacy’. If there’s not a future home for some of the tools listed there, you might want to grab a set of tools while you still can. The tools are somewhat like SysInternals-style of tools.

 

Standard
Uncategorized

Apple rejects Supermicro due to bad firmware

https://arstechnica.com/information-technology/2017/02/apple-axed-supermicro-servers-from-datacenters-because-of-bad-firmware-update/

http://appleinsider.com/articles/17/02/23/server-firmware-security-incident-in-2016-forced-apple-to-sever-ties-with-vendor-super-micro

https://www.macrumors.com/2017/02/23/apple-ends-relationship-with-super-micro/

Hurray for a vendor for checking the security of the hardware, and rejecting it for not being secure. If you are a big enough vendor, demand the output of CHIPSEC’s security tests and FWTS’s test results, before you buy it.  If CHIPSEC is failing, do not buy it. This is the only way some OEMs will learn to build secure systems. Unfortunately, no end user consumer has this ability. Large enterprises do, and I wish more would be doing it, and demanding the results be public. OEMs which build secure systems should be proactively showing their test results, so that savvy customers will realize this huge market advantage over competitors.

I wonder what kind of incident this was, firmware malware or something else???

Standard