Matthew: if you’re reading this, please consider also supporting Tianocore/EDK2, not just Project Mu, as there is no Tianocore extension for VSCode, so your project would be useful to another community as well.
For other open source IDE support for UEFI, there’s an Eclipse plugin and Visual Studio-based VisualUEFI. For closed-source IDE support, there is Intel ISS and ARM DS-5. Maybe others, I’m not aware of, if you know of one, please leave a Comment.
Linaro Ltd, the open source collaborative engineering organization developing software for the Arm® ecosystem, today announced together with Riscure their collaboration enabling developers to deliver secure and robust TEE-based solutions. Under the terms of this partnership, Riscure, the globally recognized expert in embedded security research, will contribute to OP-TEE security with regular code review and fuzzing campaigns. OP-TEE is an open source project maintained by the Trusted Firmware project. Both projects are hosted by Linaro and work to provide security for Arm-based solutions. Riscure has created an open-source fuzzing tool specifically designed for OP-TEE.[…]
Some simple scripts for usage with a Raspberry Pi Zero as a Lights-Out Management controller for another system, such as a desktop computer or a server. Sends reset signals over GPIO pins, and uses the USB connection for transmitting keyboard signals to control the BIOS or UEFI remotely.
[…]In this paper, we propose an introspection framework called Nighthawk that transparently checks system integrity at runtime. Nighthawk leverages the Intel Management Engine (IME), a co-processor that runs in isolation from the main CPU. By using the IME, our approach has a minimal TCB and incurs negligible overhead on the host system on a suite of indicative benchmarks. We use Nighthawk to check the integrity of the system software and firmware of a host system at runtime. The experimental results show that Nighthawk can detect real-world attacks against the OS, hypervisors, and System Management Mode while mitigating several classes of evasive attacks.[…]
This looks interesting: a boot disk that does a few things. But I’m not sure what this fully does. Little documentation, most of the binaries are provided without source and come pre-zipped. (Be careful with binary-only releases, they might contain malware…) Windows-centric. But it includes multiple bootloaders, dozens of scripts and executables…
The source code (Github site) appears to be new, but there are 2 blog posts >1year old on the topic:
This is a collection of shell functions to build secure Linux-based operating system images. They are highly specific to my setup and probably won’t be useful to anyone else. […] The primary goal here is swappable immutable disk images that are verified by verity, which is itself verified by the kernel’s Secure Boot signature.[…]
The script can run any arbitrary command and retrieve its exit code, wait for boot and skip the 5-second prompt (and optionally skip startup.nsh), or send reset/shutdown commands. Code written in (almost) pure BASH with no subprocesses spawned. Only print function calls ‘sed’ once.
NetCAT shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform). With NetCAT, we show this threat extends to untrusted clients over the network, which can now leak sensitive data such as keystrokes in a SSH session from remote servers with no local access. The root cause of the vulnerability is a recent Intel feature called DDIO, which grants network devices and other peripherals access to the CPU cache. Originally, intended as a performance optimization in fast networks, we show DDIO has severe security implications, exposing servers in local untrusted networks to remote side-channel attacks.
Intel agrees this is a significant vulnerability, having awarded NetCAT a bounty and recommending users to “limit direct access from untrusted networks when DDIO & RDMA are enabled“. This essentially means that in untrusted network environments DDIO and/or RDMA should be disabled to provide security. To the best of our knowledge, this is the first time a major hardware vendor like Intel cautions against using a CPU feature in untrusted local networks.
William Leara, a UEFI firmware engineer, has a new blog post giving a roadmap to the TCG’s TPM specs:
A Roadmap to TCG’s TPM Documentation: The Trusted Platform Module (TPM) found in most computers today is a device governed by the specifications of the Trusted Computing Group (TCG). Truly grokking how a TPM operates is a daunting task: the specification for the TPM, called the TPM Library Specification, currently comes in four parts, totaling 2237 pages. (!) However, even those 2237 pages aren’t the whole story. This article provides a roadmap to the various specifications that define the TPM, in order to provide the reader with a comprehensive picture of what documentation is available, and what must be studied to acquire TPM mastery.[…]
by Sai Vegasena, New York University, and Peter Goodman, Senior Security Engineer
KLEE is a symbolic execution tool that intelligently produces high-coverage test cases by emulating LLVM bitcode in a custom runtime environment. Yet, unlike simpler fuzzers, it’s not a go-to tool for automated bug discovery. Despite constant improvements by the academic community, KLEE remains difficult for bug hunters to adopt. We’re working to bridge this gap! My internship project focused on KLEE-Native, a fork of KLEE that operates on binary program snapshots by lifting machine code to LLVM bitcode. […]