When we switch on a computer, it goes through a series of steps before it is able to load the operating system. In this post we will see how a typical x86 processor boots. This is a very complex and involved process. We will only present a basic overall structure. Also what path is actually taken by the processor to reach a state where it can load an OS, is dependent on boot firmware. We will follow example of coreboot, an open source boot firmware.[…]
Author: hucktech
ALi5THT – DOS ACPI Throttle utility for ALi Aladdin V motherboards
ALi Aladdin V ACPI Throttle Utility V0.10
ALi5THT is a computer slowdown utility. It uses the Motherboard southbridge ACPI functions to introduce wait states, and being hardware based does not run in The background. This package allows one to use ACPI throttling on ALi Aladdin V motherboards.[…]
Facebook seeks Silicon Security Architect
Facebook Reality Labs, or FRL, focuses on delivering Facebook’s vision through Augmented Reality (AR). Compute power requirements of Augmented Reality require custom silicon. Facebook Silicon team is driving the state of the art forward with breakthrough work in computer vision, machine learning, mixed reality, graphics, displays, sensors, and new ways to map the human body. Our chips will enable AR devices where our real and virtual world will mix and match throughout the day. We believe the only way to achieve our goals is to look at the entire stack, from transistor, through architecture, to firmware, and algorithms. We are looking for a Security Architect who will work with a world-class group of researchers and engineers.[…]
* Drive a silicon security architecture that includes functions from secure boot, to encryption, to protection to device authentication.
[…]
https://www.facebook.com/careers/jobs/289123918543829/?ref=a8lA00000004CJ6IAM
2 new Tianocore/EDK2 security advisories
Tianocore Security Advisories has 2 new UEFI vulnerabilities:
https://edk2-docs.gitbooks.io/security-advisory/content/
30. EDK II Authenticated Variable Bypass
Logic error in MdeModulePkg in EDK II firmware may allow authenticated user to potentially bypass configuration access controls and escalate privileges via local access.
https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-authenticated-variable-bypass.html
31. EDK II TianoCompress Bounds Checking Issues: Multiple privilege escalation vulnerabilities in TianoCompress and UEFICompress decompression algorithm may allow authenticated user to potentially manipulate stack and heap buffers via local access.
Microsoft Project Mu: adaptation of TianoCore’s EDK2
https://github.com/Microsoft/mu_plus
https://github.com/Microsoft/mu_basecore
6 repos: https://github.com/topics/projectmu
https://microsoft.github.io/mu/faq/
https://microsoft.github.io/mu/
Project Mu is a modular adaptation of TianoCore’s edk2 tuned for building modern devices using a scalable, maintainable, and reusable pattern. Mu is built around the idea that shipping and maintaining a UEFI product is an ongoing collaboration between numerous partners. For too long the industry has built products using a “forking” model combined with copy/paste/rename and with each new product the maintenance burden grows to such a level that updates are near impossible due to cost and risk.
Project Mu also tries to address the complex business relationships and legal challenges facing partners today. To build most products it often requires both closed-source, proprietary assets as well as open source and industry standard code. The distributed build system and multi-repository design allow product teams to keep code separate and connected to their original source while respecting legal and business boundaries.
Project Mu originated from building modern Windows PCs but its patterns and design allow it to be scaled down or up for whatever the final product’s intent. IoT, Server, PC, or any other form factor should be able to leverage the content.
ME Analyzer v1.70.0 released
ME Analyzer v1.70.0 adds full parsing & unpacking of all Intel CSE ME/TXE/SPS File Systems (MFS/AFS) based on the amazing initial research by @_Dmit. MEA can now show the FS state and log all low-level details. General CSE firmware analysis also improved.
llvm-mctoll: l statically (AOT) translates (or raises) binaries to LLVM IR
https://twitter.com/h0x0d/status/1050574501459546112
https://twitter.com/h0x0d/status/1050575376299122688
This tool statically (AOT) translates (or raises) binaries to LLVM IR.
UEFI Forum: How to become a UEFI Security Superhero
The UEFI Forum has a new infographic that has some information and guidance on security. The information is useful for a new audience, and most people are new to firmware security.
This WordPress-based blog embeds an URL to the JPEG.
See-also the home page: https://www.uefi.org/
Ted Reed: Exploring Universal Flash Storage (UFS) Write Protection on the HiKey960
In my previous post I gave an overview of basic “do it yourself” root-of-trust creation through MMC boot region write-protection. I used this on sample HiKey (original) devices to authenticate ARM-Trusted-Firmware code beyond BL2, authenticating the OPTEE OS and U-Boot as BL33. This post explores the same concept on a HiKey960.[…]
Arduino announces Coordinated Vulnerability Disclosure Policy
Microsoft Open Enclave SDK
What is Open Enclave SDK?
Confidential computing is an ongoing effort to protect data throughout its lifecycle at rest, in transit and now in use. With the use of Trust Execution Environments, customers can build applications that protect data from outside access while in use. Open Enclave SDK is an open source SDK targeted at creating a single unified enclaving abstraction for developer to be build Trusted Execution Environment (TEEs) based applications. As TEE technology matures and as different implementations arise, the Open Enclave SDK is committed to supporting an API set that allows developers to build once and deploy on multiple technology platforms, different environments from cloud to hybrid to edge, and for both Linux and Windows.
Protect data in use with the public preview of Azure confidential computing
Android Security: Control Flow Integrity in the Android kernel
by Sami Tolvanen, Staff Software Engineer, Android Security
Android’s security model is enforced by the Linux kernel, which makes it a tempting target for attackers. We have put a lot of effort into hardening the kernel in previous Android releases and in Android 9, we continued this work by focusing on compiler-based security mitigations against code reuse attacks. Google’s Pixel 3 will be the first Android device to ship with LLVM’s forward-edge Control Flow Integrity (CFI) enforcement in the kernel, and we have made CFI support available in Android kernel versions 4.9 and 4.14. This post describes how kernel CFI works and provides solutions to the most common issues developers might run into when enabling the feature.[…]
https://android-developers.googleblog.com/2018/10/control-flow-integrity-in-android-kernel.html
Electronic Design: Security in Manufacturing: Closing the Backdoor in IoT Products
This article explores the potential attacks that can occur in the process of designing, building, and testing IoT systems, as well as methods for preventing these attacks.
by Josh Norem | Oct 09, 2018
6 new security advisories from Intel
Intel® Server Boards Firmware Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00179.html
Intel® RAID Web Server 3 Service Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00171.html
Intel® NUC Bios Updater Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html
Intel® NVMe and Intel® RSTe Driver Pack Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html
Intel® Server Board Firmware Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00138.html
C++Con 2018 closing panel: Spectre, video uploaded
Joe Fitzpatrick: Do I Have a Hardware Implant?
EDK II Test Project
The Tianocore EDKII Test Project has been created on Github. It contains the SCTs.
What makes OS drivers dangerous for BIOS?
IBM on use of NVMe on POWER9 systems
[…]This article details out on the usage of a Non-Volatile Memory Enterprise (NVMe) adapter on POWER9 systems. This article also provides use cases to explains how an NVMe adapter can be effectively used and also lists the benefits.[…]
https://developer.ibm.com/articles/au-aix-virtualization-nvme/
GRSecurity releases Respectre (for Spectre)
[…]Respectre(TM) is a nod to the Spectre speculation attack and signifies that it (re)veals potential Spectre vulnerabilities, (re)spects the original intent of the code, and automatically (re)factors it via a compiler plugin to eliminate speculation-based side channels. All plugin-capable versions of the compiler commonly used to compile Linux are supported, and the plugin itself is architecture-independent. The initial release to grsecurity(R) customers focusing on Spectre v1 supports the ARMv7, AArch64, PPC64, x86, and x86_64 architectures. Special care was taken in designing the plugin to ensure both low impact to compilation time as well as negligible impact to runtime performance (measured as 0.3% in a kernel-focused stress test). The plugin incorporates advanced static analysis far beyond the level of any existing tools for any OS, and is the 4th largest plugin of the 14 available in the grsecurity(R) kernel patches. Work is already underway to enhance the static analysis of the plugin even further and add coverage for other similar Spectre types.[…]
Firmware Security 
You must be logged in to post a comment.