efi-roller is a simple script to help sign EFI images. It creates the needed keys and helps you keep track of what to sign.
https://github.com/Foxboron/efi-roller
Author: hucktech
SCAT: (Signaling Collection and Analysis Tool): parses Qualcomm and Samsung baseband messages
SCAT: Signaling Collection and Analysis Tool
This application parses diagnostic messages of Qualcomm and Samsung baseband through USB, and generates a stream of GSMTAP packet containing cellular control plane messages.
MFTEntryCarver: Carve files for MFT entries (eg. blkls output or memory dumps)
MFTEntryCarver: Carve files for MFT entries (eg. blkls output or memory dumps). Recovers filenames (long & short), timestamps ($STD & $FN) and data if resident. It will also parse half broken entries as long as at least one $FN entry is ok. There is a more detailed description of how and why I wrote that and how you can use it on my blog (https://www.cyberfox.blog/carving-mft-mftentrycarver-py/). I’m not really a developer but just an DFIR guy. So please excuse the spaghetti code.
Awesome UEFI
There’s awesome-firmware-security, and a uefi.tech, and a few other sites that have links to UEFI/firmware technologies. Now there is a new site, Awesome UEFI:
https://github.com/dwendt/awesome-uefi
See-also:
ZeroNights: Turning your BMC into a revolving door
LibreTrend’s LibreBox
[…]All the hardware has been selected to be the most powerful and blob-free as possible[…]Intel® Management Engine Neutralized[…]Powered by coreboot[…]
DEF CON 26 IoT Village videos uploaded
Meeting C++ 2017 slides/videos uploaded
[There’s only a few security-centric talks, search for “reliable” and “safer”…]
https://meetingcpp.com/mcpp/slides/
MinnowBoard Max/Turbot firmware 1.00 released
SUPPORTED (NEW) FEATURES AND CHANGES IN RELEASE:
1. The 64bit BIOS is now functional with Linux and Windows 8.1 Embedded/Windows 10.
2. The 32bit BIOS is now functional with Windows 8.1 Embedded/Windows 10.
3. Supports booting from "SD card", "USB drive" and "SATA".
4. Supports S3 resume for Linux, Windows 8.1 Embedded and Windows 10.
5. Supports S4 resume for Windows 8.1 Embedded and Windows 10.
6. Supports 64bit image GCC build (32bit image GCC build is not supported).
7. Update EDK II core from UDK2015 release to UDK2017.
8. Signed Capsule Update is supported.
9. Supports HTTP and HTTPS boot.
10. Add board UUID support.
11. Fixed the issue that USB device may not be detected at system power-on.
12. Main changes in this release
1) Add microcode M0130679906 for D1 stepping.
2) Produce SMBIOS type 1.
3) Changed manufacture name.
4) Fixed some open bugs. Please visit the following link for details.
https://wiki.yoctoproject.org/wiki/Minnow_Bug_Triage
https://firmware.intel.com/projects/minnowboard-max
https://firmware.intel.com/sites/default/files/minnowboard_max-rel_1_00-releasenotes.txt
LinuxFlaw: collection of hundreds of Linux vulnerabilities
https://github.com/VulnReproduction/LinuxFlaw
https://www.usenix.org/conference/usenixsecurity18/presentation/mu
As the above Twitter thread shows, see-also:
CHIPSEC v1.3.6 released
New or Updated Modules:
Updated memconfig to only check registers that are defined by the platform
Updated common.bios_smi to check controls not registers
Added me_mfg_mode module
Added support for LoJax detection
Updated common.spi_lock test support
Added sgx_check module and register definitions
Updates to DCI support in debugenabled module
New or Updated Functionality:
Added ability for is_supported to signal a module is not applicable
Added 300 Series PCH support
Added support for building Windows driver with VS2017
Added fixed I/O bar support
Updated XML and JSON log rewrite
Updated logger to use python logging support
Added JEDEC ID command
Added DAL helper support
Added 8th Generation Core Processor support
Updated UEFI variable fuzzing code
Added C600 and C610 configuration
Added C620 PCH configuration
Updated ACPI table parsing support
Updated UEFI system table support
Added Denverton (DNV) support
Added result delta functionality
Added ability to override PCH from detected version
See release notes for list of Fixes.
BSides Lisbon: Steve Lord: Reverse Engineering Microcontroller Firmware
https://twitter.com/stevelord/status/1065306403441713153
[…]In this talk I’ll show you how to go from knowing nothing about a microcontroller, to dumping the firmware and reversing the contents. Then I’ll talk a little bit about approaches to exploring the attack surface and some things I’ve learned along the way. […] This talk will only be given at BSides Lisbon and will not be recorded. If you want to see it, you have to come here 🙂
VUSec: ECCploit: ECC Memory Vulnerable to Rowhammer Attacks After All
Where many people thought that high-end servers were safe from the (unpatchable) Rowhammer bitflip vulnerability in memory chips, new research from VUSec, the security group at Vrije Universiteit Amsterdam, shows that this is not the case. Since prominent security researchers and companies have suggested that ECC provides pretty good protection [1,2,3], and exploitable bitflips on ECC memory are seen by many as the “unholy grail” for Rowhammer attacks, the new attack to reliably flip bits that completely bypass ECC protection is a major step forward in Rowhammer research.[…]
https://www.vusec.net/projects/eccploit/
cs.vu.nl/~lcr220/ecc/ecc-rh-paper-eccploit-press-preprint.pdf
U-Boot v2018.11 released
Tom Rini of Konsulko announced the latest release of U-Boot, including a bit of info about the two recent CVEs:
[…]I’m going to mention here as well that both CVE-2018-18439 and CVE-2018-18440 exist and are issues. As a community we’re still working on more robust fixes to them, but I want to thank Simon Goldschmidt for taking the lead on coming up with code changes for them. In the immediate term (and for older releases) note that the filesystem-based attack can be mitigated by passing a maximum size to the load command.[…]
https://lists.denx.de/pipermail/u-boot/2018-November/347424.html
Wolfgang Denk of DENX has some stats about the release at:
https://lists.denx.de/pipermail/u-boot/2018-November/347506.html
FWTS 18.11.00 is released
* ACPICA: Update to version 20181031
* olog:olog.json: Update OPAL skiboot errors to check on olog scan
* acpi: button: check fixed hardware & control method power buttons
* kernelscan: add -k option to specify klog json filename
* README: update package dependency notes for RHEL
* acpica: fix linker issues when building with ACPI disabled
* src/lib: add module probing helper functions
* lib: fwts_efi_module: use the new module loading helper functions
* lib/fwts_cpu: use new use the new module loading helper functions
* snapcraft: update confinement and plugs
* lib: fwts_coreboot_cbmem: don’t use void * pointer arithmetic
* lib: fwts_coreboot_cbmem: shift UL values rather than signed int values
* lib: fwts_log: shift UL values rather than signed int values
* acpi: syntaxcheck: rename syntaxcheck_table to syntaxcheck_single_table
* dmicheck: fix Maximum Capacity checking range
* mcfg: fix MMIO config space checking
* madt: fix the Local APIC NMI processor UID checking
* auto-packager: mkpackage.sh: add disco
https://launchpad.net/ubuntu/+source/fwts
http://fwts.ubuntu.com/release/fwts-V18.11.00.tar.gz
https://launchpad.net/~firmware-testing-team/+archive/ubuntu/ppa-fwts-stable
https://wiki.ubuntu.com/FirmwareTestSuite/ReleaseNotes/18.11.00
Duo Security on Apple T2 chip
William on UEFI Tetris games
https://www.basicinputoutput.com/2018/11/the-great-tetris-renaissance-in-bios.html
see-also: the games tag of this blog.
CVE-2017-1000112: Linux Kernel Runtime Guard (LKRG) bypass
https://www.openwall.com/lists/lkrg-users/2018/11/16/2
This is a proof-of-concept local root exploit for the vulnerability in the UFO Linux kernel implementation CVE-2017-1000112.
https://www.openwall.com/lists/oss-security/2017/08/13/1
https://github.com/milabs/kernel-exploits/tree/master/CVE-2017-1000112
hardware-effects: Demonstration of various hardware effects in C++
This repository demonstrates various hardware effects that can degrade application performance in surprising ways and that may be very hard to explain without knowledge of the low-level CPU and OS architecture. For each effect I try to create a proof of concept program that is as small as possible so that it can be understood easily.
Those effects obviously depend heavily on your CPU microarchitecture and model, so the demonstration programs may not showcase the slowdown on your CPU, but I try to make them as general as I can. That said, the examples are targeting x86-x64 processors (Intel and AMD) and may not make sense on other CPU architectures. I try to make them compatible with Windows, but they are mainly tested on Linux.
Currently the following effects are demonstrated:
bandwidth saturation
branch misprediction
branch target misprediction
cache aliasing
cache/memory hierarchy bandwidth
data dependencies
denormal floating point numbers
false sharing
hardware prefetching
memory-bound program
non-temporal stores
software prefetching
write combining
tpm2-tcti-uefi: TCTI module for use with TSS2 libraries in UEFI environment
TCTI module for use with TSS2 libraries in UEFI environment
This is an implementation of a TCTI module for use with the TCG TPM2 Software Stack (TSS2) in the UEFI environment. This library is built as a static archive libtss2-tcti-uefi.a suitable for linking with UEFI applications.
Firmware Security 
You must be logged in to post a comment.