Arm just released an implementation of their ASL specification. language.

This is not the tool they use internally, but a cleanroom implementation created while writing a specification of the language. Consists of lexer/parser/typechecker/interpreter.https://t.co/YUu8xPashh

— Alastair Reid (@alastair_d_reid) August 29, 2019

Copyright Arm Limited (c) 2017-2019
Version 0.0 alpha

https://github.com/ARM-software/asl-interpreter

ACRN™ Hypervisor 1.2 is here! https://t.co/Q7PhOrCQwF
✅ OVMF boot loader to launch Clearlinux, VxWorks or Windows
✅Secure boot support
✅Support for Kata containers
✅Windows as a Guest
✅USB host (xHCI) mediator
✅Virtualized Always Running Timer

— Project ACRN (@projectACRN) August 29, 2019

This release includes:

• Support for OVMF as virtual boot loader for Service VM to launch Clearlinux, VxWorks or Windows. Secure boot is also supported
• Support for Kata containers.
• Windows as a Guest (WaaG): USB host (xHCI) mediator
• Virtualization support for Always Running Timer (ART)
  

https://projectacrn.org/acrn-project-releases-version-1-2/

[…]The script also has the ability to remove firmware locks / clear NVRAM and to Clear ME Regions[…]

https://github.com/sadponyguerillaboy/Python-Apple-EFI-Patcher

[…]In this paper, we discuss an attack that borrows concepts from the evil maid. We assume exploitation can be used to infect a bootloader on a system running macOS remotely to install code to steal the user’s password. We explore the ability to create a communication channel between the bootloader and the operating system to remotely steal the password for a disk protected by FileVault 2. On a macOS system, this attack has additional implications due to “password forwarding” technology, in which a user’s account password also serves as the FileVault password, enabling an additional attack surface through privilege escalation.[…]

https://onlinelibrary.wiley.com/doi/full/10.1002/eng2.12032

https://github.com/Bareflank/standalone_cxx

TEE-reversing – a curated list of public TEE resources for learning how to reverse-engineer and achieve trusted code execution on ARM devices#MobileSecurity #AndroidSecurity by @enovella_https://t.co/2ExgH11nfJ

— Mobile Security (@mobilesecurity_) August 23, 2019

https://github.com/enovella/TEE-reversing

UEFI OVMF symbol load script for GDB: GDB extension to automate loading of debug symbols for OVMF image. Also works for custom drivers and applications, as long as symlinks to .efi and .debug files are present in working directory. Sourcing script from gdb adds new command “efi”.

https://github.com/artem-nefedov/uefi-gdb

Bugs like this one, where a command injection exploited locally on the IPMI interface, are super useful to get a foot on the BMC OS https://t.co/VbZBc8hcfB

— Nico Waisman (@nicowaisman) August 23, 2019

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-imc-cmdinject-1634

https://nvd.nist.gov/vuln/detail/CVE-2019-1634

Dropbox contributes RunBMC spec to the Open Compute Project!

Read the announcement here: https://t.co/zgTIWKUAhG

And get more details on their blog: https://t.co/QXxeKCqVRw pic.twitter.com/5DBTTxcAyp

— Open Compute Project (@OpenComputePrj) August 21, 2019

https://www.opencompute.org/documents/ocp-runbmc-daughterboard-card-design-specification-v1-4-1-pdf

https://blogs.dropbox.com/tech/2019/08/runbmc-ocp-hardware-spec-solves-data-center-bmc-pain-points/

https://blog.dropbox.com/topics/technology/dropbox-contributes-runbmc-spec-to-the-open-compute-project0

Hello world, let's welcome https://t.co/BKHZEUSj2q!

— Qiling Framework (@qiling_io) August 22, 2019

Qiling is an advanced binary emulation framework, with the following features:

• Cross platform: Windows, MacOS, Linux, BSD
• Cross architecture: X86, X86_64, Arm, Arm64, Mips
• Multiple file formats: PE, MachO, ELF
• Emulate & sandbox machine code in a isolated enviroment
• Provide high level API to setup & configure the sandbox
• Fine-grain instrumentation: allow hooks at various levels (instruction/basic-block/memory-access/exception/syscall/IO/etc)
• Allow dynamic hotpatch on-the-fly running code, including the loaded library
• True framework in Python, make it easy to build customized security analysis tools on top

https://github.com/qilingframework/qiling

We've finally managed to update our Secure Boot Technical Overview to cover the enhancements from the last couple of years (h/t @NAKsecurity for the excellent initial document). Find this and a whitepaper on secure storage in TrustZone at https://t.co/WmUupKf5uH.

— Alex Dent (@cogentcrypto) August 21, 2019

[…]In 2017, we released our first public whitepaper describing the philosophy and implementation of the Qualcomm Technologies’ Secure Boot solution. Since then, the solution has been improved and we are pleased to make available a new release of the “Secure Boot and Image Authentication” technical overview whitepaper.[…]

https://www.qualcomm.com/news/onq/2019/08/21/secure-boot-and-image-authentication-improvements

https://www.qualcomm.com/documents/secure-boot-and-image-authentication-technical-overview-v20

[…]This tool requires a rom library dump from the ME to use. See https://github.com/ptresearch/IntelTXE-PoC for a means of acquiring one, though that will yield a ROM for a different chipset (BXT). That chipset shares most core ME peripherals with SPT so changing the code will mostly mean tweaking addresses.

Rewrote most of my ME emulator code to allow targeting different chipsets by introducing a configuration system. I also switched from static MMIO decoding to bus emulation. This rewrite is now as functional as the orig. release, and is at https://t.co/89apL9ii8N

— @peterbjornx@hsnl.social (Peter Bosch) (@peterbjornx) August 22, 2019

https://github.com/peterbjornx/meloader

P. Sperl and K. Böttinger, “Side-Channel Aware Fuzzing” […approach to extract feedback for fuzzing on embedded devices using information the power consumption leaks… Our results show that the power side-channel carries information relevant for fuzzing…]https://t.co/WDmYiUG296

— Arrigo Triulzi (@cynicalsecurity) August 15, 2019

[…]In this paper we present and evaluate a new approach to extract feedback for fuzzing on embedded devices using information the power consumption leaks. Side-channel aware fuzzing is a threefold process that is initiated by sending an input to a target device and measuring its power consumption. First, we extract features from the power traces of the target device using machine learning algorithms. Subsequently, we use the features to reconstruct the code structure of the analyzed firmware. In the final step we calculate a score for the input, which is proportional to the code coverage. We carry out our proof of concept by fuzzing synthetic software and a light-weight AES implementation running on an ARM Cortex-M4 microcontroller. Our results show that the power side-channel carries information relevant for fuzzing.

https://arxiv.org/abs/1908.05012

I wrote a blog post "Breaking Through Another Side: Bypassing Firmware Security Boundaries". It's a first part of the series based on our #BHUSA research with Alexandre Gazet.

HW/FW Security != Summary of all Security Boundarieshttps://t.co/5x0d5DJnfK

— Alex Matrosov (@matrosov) August 18, 2019

This blog post is the first in the series about my joint Black Hat research “Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller” (slides) with Alexandre Gazet presented last week in Vegas. This REsearch took literally 5 months of our spare time to dig into Embedded Controller security and Intel BIOS Guard technology implementation in Lenovo Thinkpad BIOS.[…]

View at Medium.com

Pop!_OS's new firmware management integration keeps more of your devices up to date, thanks to system76 and LVFS support. Update to see the new feature, and read the details here: https://t.co/SlsG45KRmh pic.twitter.com/R9Bjn0gz2e

— System76 (@system76) August 17, 2019

System76 is one Linux distro/OEM that rolled it’s own firmware update mechanism, instead of supporting fwupd. Now they have a new tool that integrates the two solutions:

One of the remaining issues with firmware management on Linux is the lack of options for graphical frontends to firmware management services like fwupd and system76-firmware. For fwupd, the only solutions available were to distribute either GNOME Software, or KDE Discover; which is not viable for Linux distributions which have their own application centers, or frontends to package managers. For system76-firmware, an official GTK application exists, but it only supports updating System76 firmware, when it would be more ideal if it could support updating firmware from both services. fwupd is a system service which connects to LVFS to check for firmware updates to a wide variety of hardware from multiple vendors. system76-firmware is our own system service which connects to System76 to check for firmware updates for System76 hardware. To solve this problem, we’ve been working on the Firmware Manager project, which we will be shipping to all Pop!_OS users, and System76 hardware customers on any other distribution. It supports checking and updating firmware from the fwupd and system76-firmware services, is Wayland-compatible, and provides both a GTK application and library. […]

https://blog.system76.com/post/187072707563/the-new-firmware-manager-updating-firmware-across

https://github.com/pop-os/firmware-manager

August 14, 2019 09:17 by Paul Roberts

A survey of more than 6,000 firmware images spanning more than a decade finds no improvement in firmware security and lax security standards for the software running connected devices by Linksys, Netgear and other major vendors.[…]

Huge Survey of Firmware Finds No Security Gains in 15 Years

See-also:
https://cyber-itl.org/2018/12/07/a-look-at-home-routers-and-linux-mips.html

Still working on Volume II of Android Internals. Haven’t forgotten y’all. And there’s updates on EFI file format, etc in the update to Volume I that I am preparing… […]

The imgtool utility is another one of the tools I’m including in my book, this time to accompany the chapter about the Boot process. I deal a lot with the internal format of images there, and realized I needed a quick extractor. This became more important when I started to deal with the L preview, and Google Glass system images I used for research. Included in V1.0 changes:
“[…]

• Full support for EFI firmware files, SCAP, MacEFI images, etc – so now you can extract QCOM xbl/abl further!
• ..And Apple’s (yep, Apple’s) T2 EFI images, Firmware.scap,etc:
  […]”

http://newandroidbook.com/tools/imgtool.html#V10

Re: https://firmwaresecurity.com/2018/06/25/wifi-hid-injector-an-usb-rubberducky-badusb-on-steroids/

USBSamurai — A Remotely Controlled Malicious USB HID Injecting Cable for less than 10$ https://t.co/8dtdrBd03g

— Nicolas Krassas (@Dinosn) August 17, 2019

USBSamurai — A Remotely Controlled Malicious USB HID Injecting Cable for less than 10$

https://securityaffairs.co/wordpress/89978/hacking/usbsamurai-usb-hid.html

https://github.com/whid-injector/WHID (aka http://whid.ninja/ )

And here is a more detailed blog post on our homebrewed security static analysis tool, Zoncolan: https://t.co/SbGVhBiQMT

— collin (@libber) August 15, 2019

https://engineering.fb.com/security/zoncolan/

https://www.wired.com/story/facebook-zoncolan-static-analysis-tool/?verso=true

Hmm, have not found source code, please leave URL in Comment if you do:
https://github.com/facebookresearch?utf8=%E2%9C%93&q=Zoncolan&type=&language=