Intel: A Hardware Foundation for Government Cybersecurity

The Intel web site has what I think is a new web page, maybe it has existed for a while and I just noticed it. It is a one-page high-level summary of all the curerent security technologies that Intel is emphasizing to government pre-sales marketing use. There are a few product acronyms that I’ve never heard of:

Hardware-Enabled Security Technologies Edge Security Network Security Data Center and Cloud Security

Defending against growing threats to government cybersecurity requires a proactive, end-to-end approach rooted in hardware. This trusted infrastructure lays the foundation to help protect every digital point, from edge to network to cloud. Intel® hardware-enabled security technologies support solutions for data security and privacy.[…]

NYIT Vancouver to build Secure Boot for GoWin Semiconductor SecureFPGA

[ Interesting, a semiconductor vendor teaming with academia to add security features to their product line. And, the list of “Secure Boot” flavors is about to get one entry larger.]

CyberSecurity Students Partner with Gowin Semiconductor to Solve Security Challenge

[…]Cybersecurity students in INCS 870 at New York Tech’s Vancouver campus recently had the unique opportunity to contribute to combatting that threat by working with China-based Gowin Semiconductor, the world’s fastest growing programmable logic company, to solve some security problems on Gowin’s SecureFPGA devices.[…]As part of their graduate capstone project, the students worked with Gowin to develop a Secure Boot for the SecureFPGA system using Gowin’s Broadkey security library. Secure Boot is an industry security standard that ensures that any device boots using only software that is digitally signed and verified by the Original Equipment Manufacturer (OEM), a process designed to protect against malicious software being executed in the boot process.[…]According to Grant Jennings, director of international marketing for Gowin Semiconductor, Secure Boot is one of the most common requests the company receives from customers wanting to add security capabilities to their embedded products. […]

USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation


Click to access 20SEC3.pdf

By: Hui Peng, Mathias Paye

We present USBFuzz, a portable, flexible, and modular framework for fuzz testing USB drivers. At its core, USBFuzz uses a software-emulated USB device to provide random device data to drivers (when they perform IO operations). As the emulated USB device works at the device level, porting it to other platforms is straight-forward.[…]USBFuzz is available at

But, that URL is 404. Maybe in the future?

But, they have an another fuzzer project that sounds interesting:

Evil Crow RF: radiofrequency hacking device


[Not  firmware-centric, though some firmware (UEFI, for example) use support multiple wireless network protocols).]

Evil Crow RF is a radiofrequency hacking device for pentest and Red Team operations[…]


See-also: Rolljam:

Anatomy of the RollJam Wireless Car Hack

Hardware Root of Trust — Bios and UEFI

[…This article explains modern and antiquated protections which attempt to prevent attackers who have already achieved root level access from persisting via kernel-mode drivers or firmware implants. […]

9pfsPkg: 9P Client File System for UEFI (Styx)

In the beginning, Bell Labs created “Unix“. Later, then did a follow-up, called “Plan 9“. Later still, Bell Labs (then Lucent) took Plan 9, added some Java-like features and renamed it to “Inferno” (after Dante’s book), then fairly quickly sold it off to Vita Nova.
The Plan 9 file system, “9P“, called “Styx” in Inferno, as in the River from the book, has been implemented in many places. Today, both Plan9 and Inferno OSes continue, and 9P/Styx is implemented in a variety of other OSes, most recently a UEFI version of 9P client.

“9pfsPkg is a Plan 9 file system protocol (9P) client for UEFI. It provides EFI_SIMPLE_FILE_SYSTEM_PROTOCOL interface for network transparent file system operation.”

More info:

Microsoft UEFI requirements for Windows: updated

No idea WHAT has changed, but this Microsoft OEM UEFI guidance document has recently changed:

I wish that this was a Wiki with a History link on it, or in some other way the Microsoft writers would provide some indication of WHAT has changed in the latest release. Important technical documents should include revision history, like a decent technical document. Because the document is HTTP-centric should not let technical writers from providing this.’s Changes feature hangs for this URL, for me:

Besides locally caching and diff’ing the two versions of the HTML document, if there is any other online option to track changes in online HTML documents like this, please leave a Comment on this blog post. Thanks.

Relative Research on UEFI and BIOS

Authors: K R M Parameswar, S Devendra, Dr. P Swarnalatha

New computers use UEFI rather than the standard BIOS. Both UEFI and BIOS are low-level that begins while booting the PC before booting the OS. UEFI provides higher graphics and mouse cursors. Also, UEFI termed as popular solution as it has ability to use bigger hard disks and provides more secure features, faster boot times etc. UEFI provides mouse pointer option which is not available in BIOS. UEFI termed as best replacement for the standard BIOS on PCs. There’s no real way to change from BIOS to UEFI on a current laptop. We’d like to search for new equipment that underpins and incorporates UEFI, as most new PCs do. In design part, UEFI again beats the LEGACY mode. This was obvious because UEFI was built years after DOS and thus had a better technological advancement in that field. Most UEFI usage give BIOS impersonating as such we will get a kick out of the chance to present and boot old working systems that expect BIOS rather than UEFI, along these way they’re backward great “This new specification shows many limitations of BIOS and also limits the disk partition size and therefore the amount of time BIOS takes to complete the tasks”.

Improved fwupd in the works: includes platform firmware security report

Exciting new feature in the works, related to: “fwupdmgr security –force”

NCC Group: Zephyr and MCUboot Security Assessment


there is more research behind the above twitter comment:


Research Report – Zephyr and MCUboot Security Assessment


More info:


Box: Intelligent Faraday Cage: acquires/patches/deploys firmware images

Secure and User-Friendly Over-the-Air Firmware Distribution in a Portable Faraday Cage
Martin Striegel, Florian Jakobsmeier, Yacov Matveev, Johann Heyszl, Georg Sigl

Setting up a large-scale wireless sensor network is challenging, as firmware must be distributed and trust between sensor nodes and a backend needs to be established. To perform this task efficiently, we propose an approach named Box, which utilizes an intelligent Faraday cage (FC). The FC acquires firmware images and secret keys from a backend, patches the firmware with the keys and deploys those customized images over the air to sensor nodes placed in the FC. Electromagnetic shielding protects this exchange against passive attackers. […]

CppCon 2018: Morris Hafner: UEFI Applications With Modern C++

The UEFI Forum’s Tianocore implementation is written in C, with a bit of assembly language. The U-Boot EFI implementation is in C. Most operating systems are written in C (although I hear that the current Windows kernel has been (or is being) rewritten from C to C++). There are a few C++/UEFI projects on Github, including a few C++-friendly versions of the UEFI Forum’s C-centric core header files. And I just noticed there was a talk at CppCon18 on this topic, video and slides below.

PS: To someone with a bit of spare time, who has an interest in UEFI and C++: please port Nmap to UEFI. Thanks!


Intel ATR Training: Security of BIOS/UEFI System Firmware from Attacker and Defender Perspectives

Re: and

A few years ago, Intel had a group called Advanced Threat Research (ATR), and they created some great training material for Intel BIOS/UEFI security. This training material was used in expensive multi-day pre-conference training by led by Intel and others.

A few Intel reorgs later, and with many of the people moved on (mostly to Eclypsium), and for reasons I am not sure, the training material was taken down, for reason(s) I am not aware of. There’s a comment in the above blog post where someone had a copy of the content, but that Google Drive URL is now 404.

Anyway, I notice there’s at least two current source of this training, if you have not studied this stuff before it is worth reading.

Don’t presume these files will be there in the future, cache a copy locally.

KRDP: Kernel Rootkit Detection and Prevention

Non-Volatile Kernel Root kit Detection and Prevention in Cloud Computing
R.Geetha Ramani, S Suresh Kumar

The field of web has turned into a basic part in everyday life. Security in the web has dependably been a significant issue. Malware is utilized to rupture into the objective framework. There are various kinds of malwares, for example, infection, worms, rootkits, trojan pony, ransomware, etc. Each malware has its own way to deal with influence the objective framework in various ways, in this manner making hurt the framework. The rootkit may be in some arbitrary records, which when opened can change or erase the substance or information in the objective framework. Likewise, by opening the rootkit contaminated record may debase the framework execution. Hence, in this paper, a Kernel Rootkit Detection and Prevention (KRDP) framework is proposed an avert the records. The avoidance system in this paper utilizes a calculation to forestall the opening of the rootkit influenced record as portrayed. By and large, the framework comprises of a free antivirus programming which is restricted to certain functionalities. The proposed model beats the functionalities by utilizing a calculation, in this way identifying the rootkits first and afterward cautioning the client to react to the rootkit tainted record. In this way, keeping the client from opening the rootkit contaminated record. Inevitably, in the wake of expelling the tainted document from the framework will give an improvement in the general framework execution.

supermicro_ipmi_handler: Python library for accessing SuperMicro IPMI

The IPMI is a set of computer interface specifications for an autonomous computer subsystem that provides management and monitoring capabilities independently of the host system’s CPU, firmware (BIOS or UEFI) and operating system. The python-ipmi library provides API for using IPMI protocol within the python environment.[…]


This isn’t the first SuperMicro IPMI Python project. There are others, for example:

OuterHaven-UEFI_exploitation_and_detection: Windows PowerShell CHIPSEC UEFI exploitation project

A new UEFI exploit project. CHIPSEC-, Windows-, and Powershell-dependent. Includes a verbose PDF.

“A standalone python script leveraging ntdll for UEFI variable enumeration. This uses elements from the “chipsec” toolkit for formatting when extracting NVRAM buffer from the ntdll library function and underlying runtime service.”