Some highlights that ‘caught my eye’:
* On sparc64 ldomctl(8) now supports more modern firmware found on SPARC T2+ and T3 machines in particular such as T1000, T5120 and T5240. NVRAM variables can now be set per logical domain.
* ACPI support on OpenBSD/arm64 platforms.
* New acpisurface(4) driver providing ACPI support for Microsoft Surface Book laptops.
* New acpipci(4/arm64) driver providing support for PCI host bridges based on information provided by ACPI.
* Added a sensor for port replicatior status to acpithinkpad(4).Implemented MAP_STACK option for mmap(2). At pagefaults and syscalls the kernel will check that the stack pointer points to MAP_STACK memory, which mitigates against attacks using stack pivots.
* New RETGUARD security mechanism on amd64 and arm64: use per-function random cookies to protect access to function return instructions, making them harder to use in ROP gadgets.
* clang(1) includes a pass that identifies common instructions which may be useful in ROP gadgets and replaces them with safe alternatives on amd64 and i386.
* The Retpoline mitigation against Spectre Variant 2 has been enabled in clang(1) and in assembly files on amd64 and i386.
* Added SpectreRSB mitigation on amd64.
* Added Intel L1 Terminal Fault mitigation on amd64.
* Meltdown mitigation was added to i386.
amd64 now uses eager-FPU switching to prevent FPU state information speculatively leaking across protection boundaries.
* Because Simultaneous MultiThreading (SMT) uses core resources in a shared and unsafe manner, it is now disabled by default. It can be enabled with the new hw.smt sysctl(2) variable.
Server partners expect to be able to deploy new systems directly from the shipping box, with straightforward integration of the operating systems and applications of their choosing. To achieve this, it is necessary for the Arm server ecosystem to define and comply to a minimal set of standards. This is of particular importance for the server and infrastructure market, as unlike the mobile sector, it is not acceptable to have to modify the operating system for every platform. Standards allow compatibility across different products, while enabling the individual partners to innovate and differentiate within these boundaries.[…]
October 17, 2018 4:02 pm
Introducing Component Firmware Update
By Microsoft Devices Team
The Microsoft Devices Team is excited to announce the release of an open-source model for Component Firmware Update for Windows system developers – Component Firmware Update (CFU). With CFU, you can easily deliver firmware updates for through Windows Update by using CFU drivers.[…]
Modern CPUs have speculative execution capabilities, which improves processor performance. Depending on the design and architecture of the CPU, speculative execution can introduce side-channel-attack vulnerabilities.
[Similar to previous post, I included this URL in an early Spectre/Meltdown posting, but was having a hard time finding it.]
This repository provides content for aiding DoD administrators in verifying systems have applied and enabled mitigations for Spectre and Meltdown. The repository is a companion to a forthcoming Information Assurance Advisory Updated Guidance for Spectre and Meltdown Vulnerabilities Affecting Modern Processors. This advisory will be an update to the previously issued advisory Vulnerabilties Affecting Modern Processors.
[Last updated in the Summer. I am pretty sure I included a link to this during the early Spectre/Meltdown posts, but can’t find it, and it is a bit more useful beyond Spectre/Meltdown.]
This draft white paper identifies seventeen technical trust-related issues that may negatively impact the adoption of IoT products and services. The paper offers recommendations for mitigating or reducing the effects of these concerns while also suggesting additional areas of research regarding the subject of “IoT trust.” This document is intended for a general information technology audience, including managers, supervisors, technical staff, and those involved in IoT policy decisions, governance, and procurement. Feedback from reviewers is requested on the seventeen technical concerns that are presented, as well as suggestions for other potential technical concerns that may be missing from the document.
Early code: print!(b”Hello, world!\n“); level
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Verified Boot). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.
Current Exploit Price (≈) 3.9 $5k-$25k
[…]AWS Security is looking for an experienced Senior Security Engineer, specializing in hardware technologies[…]
— IoT network technologies (Z-Wave, Zigbee, Bluetooth/BLE, WLAN, identity/auth security)
— Hardware security (PCB, JTAG, UART, SPI, ROM, microcode, custom ASIC/FPGA)
— x86 and/or ARM chipset and firmware security (TPM, UEFI, TrustZone, secure boot)
— Local encryption and key management (LUKS, BitLocker, self-encrypting drives, etc)
— PKI and code signing architecture (X.509, EV SSL, certificate pinning, OCSP, CRL, etc)
— hardware cryptography (certificates, attestation, TPM/HSM)
— embedded/IoT solution design and security considerations
The RC of the November release of U-Boot is out. Usually, you basically haev to follow the U-Boot mailing list to track changes, but this announcement was more verbose than normal:
List of changes between -rc1 and -rc2:
– The SPI-NAND changes have fully been integrated now.
– ARM Versatile Express updates
– QEMU support in RiscV
– Rockchip updates
– fixes to rkimage for SPL boot via USB
– fixes to make_fit_atf.py, incl. entry-point calculation and python3 compatibility
– OP-TEE support for ARMv7-based SoCs
– fixes to RGMII/GMII selection on the RK3328
– ARC updates
– CPU and board info prints
– Synopsys IoT development kit support
– Take care of global uninitialized variables.
– Add support for SD-card detection on all ARC boards
– R-Mobile, SoCFPGA updates
– Sandbox SPL/TPL support
– Various DM, Test updates.
– Various general ARM, Meson, TI K2/K3 updates
– OP-TEE AVB support
We’re looking at release on November 12th, 2018.
A Primer on Trustworthy Secure Bootloading*
*exemplified on a RISC-V processor system
Hi, my name is Ilia and I work at MIT’s Computer Science and Artificial Intelligence Lab with Srini Devadas to imagine a world where users of computers worldwide can be safe from one other and from themselves. But who might you be? Here, I will assume you have some familiarity with computer system architecture for the deep dive into our case study of a secure RISC-V processor system. I will otherwise attempt to keep this article as accessible as possible. If you find this text confusing, misleading, or otherwise underwhelming, send me a note! I’d like to improve.
TL;DR: scroll down for an implementation example of a secure bootloader on a typical RISC-V system.[…]
Hmm, this WordPress blog does strange things with Medium.com-based URLs, I’ll include two versions below, one with a SPACE in it, so you can copy the text, the second will be processed by WordPress, may not be visible on some systems (like mine):
This is my latest article on a topic near and dear to my heart: making IDA Pro more modern and, well, better. Those familiar with IDA Pro probably know that feeling: there are glitches in the processor modules that you use, you don’t have the source code, and they are driving you crazy! Unfortunately, not all of the glitches discussed here qualify as bugs, meaning that the developers are unlikely to ever fix them—unless you fix them yourself.[…]
Linaro Community Projects Division announces the Trusted Firmware open project
San Jose – WEBWIRE – Tuesday, October 16, 2018
The Trusted Firmware project promises to provide an important software foundation to further security development for both Cortex-A and Cortex-M/R processors. Linaro Community Projects Division, the division of Linaro managing open source community projects with open governance, today announced that Trusted Firmware is available as a Linaro Community Projects Division open project. Trusted Firmware provides a reference implementation of Secure World software for Armv7, Armv8-A and Armv8-M architectures. It provides SoC developers and OEMs with a reference trusted code base complying with the relevant Arm specifications. This forms the foundations of a Trusted Execution Environment (TEE) on application processors, or the Secure Processing Environment (SPE) on microcontrollers.[…]
OpenBSD is now getting RETGUARD for ARM platforms, not just Intel/AMD64.
Vincent has a new blog post, with some history of UEFI and recent security conference interactions, and includes a snippet of some old EFI code from Ken Reneris!
(I used to work with Ken. He is amazingly proficient coder. When he went on vacation to get married, we replaced his keyboard driver such that the ‘;’ key would replace the ‘:’ key randomly. (Back then drivers weren’t signed and a lot easier to replace.) His response was to rewire the person’s mouse so that it would work upside down/backwards.)