The Intel web site has what I think is a new web page, maybe it has existed for a while and I just noticed it. It is a one-page high-level summary of all the curerent security technologies that Intel is emphasizing to government pre-sales marketing use. There are a few product acronyms that I’ve never heard of:
Hardware-Enabled Security Technologies Edge Security Network Security Data Center and Cloud Security
Defending against growing threats to government cybersecurity requires a proactive, end-to-end approach rooted in hardware. This trusted infrastructure lays the foundation to help protect every digital point, from edge to network to cloud. Intel® hardware-enabled security technologies support solutions for data security and privacy.[…]
Vincent Zimmer of Intel has a new blog post, it’s been a while since his last one. His posts usually provide insight on UEFI and related Intel security technologies (eg, FSP), so they’re worth reading.
[ Interesting, a semiconductor vendor teaming with academia to add security features to their product line. And, the list of “Secure Boot” flavors is about to get one entry larger.]
CyberSecurity Students Partner with Gowin Semiconductor to Solve Security Challenge
[…]Cybersecurity students in INCS 870 at New York Tech’s Vancouver campus recently had the unique opportunity to contribute to combatting that threat by working with China-based Gowin Semiconductor, the world’s fastest growing programmable logic company, to solve some security problems on Gowin’s SecureFPGA devices.[…]As part of their graduate capstone project, the students worked with Gowin to develop a Secure Boot for the SecureFPGA system using Gowin’s Broadkey security library. Secure Boot is an industry security standard that ensures that any device boots using only software that is digitally signed and verified by the Original Equipment Manufacturer (OEM), a process designed to protect against malicious software being executed in the boot process.[…]According to Grant Jennings, director of international marketing for Gowin Semiconductor, Secure Boot is one of the most common requests the company receives from customers wanting to add security capabilities to their embedded products. […]
We present USBFuzz, a portable, flexible, and modular framework for fuzz testing USB drivers. At its core, USBFuzz uses a software-emulated USB device to provide random device data to drivers (when they perform IO operations). As the emulated USB device works at the device level, porting it to other platforms is straight-forward.[…]USBFuzz is available at https://github.com/HexHive/USBFuzz
But, that URL is 404. Maybe in the future?
But, they have an another fuzzer project that sounds interesting:
[…This article explains modern and antiquated protections which attempt to prevent attackers who have already achieved root level access from persisting via kernel-mode drivers or firmware implants. […]
In the beginning, Bell Labs created “Unix“. Later, then did a follow-up, called “Plan 9“. Later still, Bell Labs (then Lucent) took Plan 9, added some Java-like features and renamed it to “Inferno” (after Dante’s book), then fairly quickly sold it off to Vita Nova.
The Plan 9 file system, “9P“, called “Styx” in Inferno, as in the River from the book, has been implemented in many places. Today, both Plan9 and Inferno OSes continue, and 9P/Styx is implemented in a variety of other OSes, most recently a UEFI version of 9P client.
“9pfsPkg is a Plan 9 file system protocol (9P) client for UEFI. It provides EFI_SIMPLE_FILE_SYSTEM_PROTOCOL interface for network transparent file system operation.”
I wish that this was a Wiki with a History link on it, or in some other way the Microsoft writers would provide some indication of WHAT has changed in the latest release. Important technical documents should include revision history, like a decent technical document. Because the document is HTTP-centric should not let technical writers from providing this.
Archive.org’s Changes feature hangs for this URL, for me:
Besides locally caching and diff’ing the two versions of the HTML document, if there is any other online option to track changes in online HTML documents like this, please leave a Comment on this blog post. Thanks.
Authors: K R M Parameswar, S Devendra, Dr. P Swarnalatha
New computers use UEFI rather than the standard BIOS. Both UEFI and BIOS are low-level that begins while booting the PC before booting the OS. UEFI provides higher graphics and mouse cursors. Also, UEFI termed as popular solution as it has ability to use bigger hard disks and provides more secure features, faster boot times etc. UEFI provides mouse pointer option which is not available in BIOS. UEFI termed as best replacement for the standard BIOS on PCs. There’s no real way to change from BIOS to UEFI on a current laptop. We’d like to search for new equipment that underpins and incorporates UEFI, as most new PCs do. In design part, UEFI again beats the LEGACY mode. This was obvious because UEFI was built years after DOS and thus had a better technological advancement in that field. Most UEFI usage give BIOS impersonating as such we will get a kick out of the chance to present and boot old working systems that expect BIOS rather than UEFI, along these way they’re backward great “This new specification shows many limitations of BIOS and also limits the disk partition size and therefore the amount of time BIOS takes to complete the tasks”.
Exciting new feature in the works, related to: “fwupdmgr security –force”
Want to know what I’ve been working on in secret? It'll be announced in the next few weeks, but is ready for alpha testing. First step is to install Fedora 32 on bare metal (not in a VM) and then update fwupd from this COPR: https://t.co/KYeNVJTRCK#fwupd#lvfs#Fedora
Then run “fwupdmgr security –force” and follow the instructions. It will show you a report of your platform security from a firmware point of view. You might be horrified. If you have different hardware available that would be useful too.
there is more research behind the above twitter comment:
My coworker Ilya and I just published a paper that covering the results of our vulnerability research of the Zephyr RTOS and MCUboot bootloader. 26 vulns spanning memory safety to exploit mitigation weaknesses. Read here https://t.co/pIZFhIipxz
Secure and User-Friendly Over-the-Air Firmware Distribution in a Portable Faraday Cage Martin Striegel, Florian Jakobsmeier, Yacov Matveev, Johann Heyszl, Georg Sigl
Setting up a large-scale wireless sensor network is challenging, as firmware must be distributed and trust between sensor nodes and a backend needs to be established. To perform this task efficiently, we propose an approach named Box, which utilizes an intelligent Faraday cage (FC). The FC acquires firmware images and secret keys from a backend, patches the firmware with the keys and deploys those customized images over the air to sensor nodes placed in the FC. Electromagnetic shielding protects this exchange against passive attackers. […]
The UEFI Forum’s Tianocore implementation is written in C, with a bit of assembly language. The U-Boot EFI implementation is in C. Most operating systems are written in C (although I hear that the current Windows kernel has been (or is being) rewritten from C to C++). There are a few C++/UEFI projects on Github, including a few C++-friendly versions of the UEFI Forum’s C-centric core header files. And I just noticed there was a talk at CppCon18 on this topic, video and slides below.
A few years ago, Intel had a group called Advanced Threat Research (ATR), and they created some great training material for Intel BIOS/UEFI security. This training material was used in expensive multi-day pre-conference training by led by Intel and others.
A few Intel reorgs later, and with many of the people moved on (mostly to Eclypsium), and for reasons I am not sure, the training material was taken down, for reason(s) I am not aware of. There’s a comment in the above blog post where someone had a copy of the content, but that Google Drive URL is now 404.
Anyway, I notice there’s at least two current source of this training, if you have not studied this stuff before it is worth reading.
Don’t presume these files will be there in the future, cache a copy locally.
Non-Volatile Kernel Root kit Detection and Prevention in Cloud Computing R.Geetha Ramani, S Suresh Kumar
The field of web has turned into a basic part in everyday life. Security in the web has dependably been a significant issue. Malware is utilized to rupture into the objective framework. There are various kinds of malwares, for example, infection, worms, rootkits, trojan pony, ransomware, etc. Each malware has its own way to deal with influence the objective framework in various ways, in this manner making hurt the framework. The rootkit may be in some arbitrary records, which when opened can change or erase the substance or information in the objective framework. Likewise, by opening the rootkit contaminated record may debase the framework execution. Hence, in this paper, a Kernel Rootkit Detection and Prevention (KRDP) framework is proposed an avert the records. The avoidance system in this paper utilizes a calculation to forestall the opening of the rootkit influenced record as portrayed. By and large, the framework comprises of a free antivirus programming which is restricted to certain functionalities. The proposed model beats the functionalities by utilizing a calculation, in this way identifying the rootkits first and afterward cautioning the client to react to the rootkit tainted record. In this way, keeping the client from opening the rootkit contaminated record. Inevitably, in the wake of expelling the tainted document from the framework will give an improvement in the general framework execution.
The IPMI is a set of computer interface specifications for an autonomous computer subsystem that provides management and monitoring capabilities independently of the host system’s CPU, firmware (BIOS or UEFI) and operating system. The python-ipmi library provides API for using IPMI protocol within the python environment.[…]
A new UEFI exploit project. CHIPSEC-, Windows-, and Powershell-dependent. Includes a verbose PDF.
“A standalone python script leveraging ntdll for UEFI variable enumeration. This uses elements from the “chipsec” toolkit for formatting when extracting NVRAM buffer from the ntdll library function and underlying runtime service.”