Re: https://firmwaresecurity.com/2018/04/26/cve-2018-6242-shofel2-and-fusee-gelee/
http://nvidia.custhelp.com/app/answers/detail/a_id/4660
Author: hucktech
HP iLO ransomware?
Purism pulls FSP blog post
Re: https://firmwaresecurity.com/2018/04/03/intel-fsp-reverse-engineering-finding-the-real-entry-point/
https://puri.sm/posts/intel-fsp-reverse-engineering-finding-the-real-entry-point/
2018-04-23 update: after receiving a courtesy request from Intel’s Director of Software Infrastructure, we have decided to remove this post’s technical contents while we investigate our options.
CVE-2018-6242: ShofEL2 and Fusée Gelée
OffensiveCon18 – Alex Ionescu – Advancing the State of UEFI Bootkits
DoNotDisturb: Detect Evil Maid Attacks
AMD updates “boot kit” :-)
AMD tech support can lend some a processor to get around a problem, aka a “Boot Kit”. They have recently updated this procedure:
Unable to Boot New Desktop System Configured with AMD 2nd Generation Ryzen™ Desktop Processor, and AMD Socket AM4 Motherboard
Article Number: PA-100
This document provides information on how to resolve a specific boot issue that may be experienced with some 2nd Generation Ryzen Desktop Processors when installed on an AMD Socket AM4 motherboard.[…]
https://support.amd.com/en-us/kb-articles/Pages/2Gen-Ryzen-AM4-System-Bootup.aspx
ShofEL2, a Tegra X1 and Nintendo Switch exploit
Spoofing Cell Networks with a USB to VGA Adapter
A Survey of Techniques for Improving Security of GPUs
Graphics processing unit (GPU), although a powerful performance-booster, also has many security vulnerabilities. Due to these, the GPU can act as a safe-haven for stealthy malware and the weakest `link’ in the security `chain’. In this paper, we present a survey of techniques for analyzing and improving GPU security. We classify the works on key attributes to highlight their similarities and differences. More than informing users and researchers about GPU security techniques, this survey aims to increase their awareness about GPU security vulnerabilities and potential countermeasures.
https://arxiv.org/abs/1804.00114
ShofEL2 responsible disclosure window ends April 25th
Red Hat: automating Secure Boot testing
Re: https://firmwaresecurity.com/2018/04/11/efi-ci-red-hat-teams-build-ci-for-efi-related-tools/
and https://github.com/rhboot/efi-ci
There’s a video of the FOSDEM’18 presentation on this topic:
https://fosdem.org/2018/schedule/event/hwenablement_automating_secure_boot_testing/
Patrick Georgi on UEFI memory mapping
Patrick of Coreboot has a blog post on UEFI!
UEFI memory mapping
Recently I got into UEFI (TianoCore) development. One of UEFI’s properties is that a part of it survives the OS load and remains resident to provide a limited set of firmware services to the OS.[…]
See-also:
https://blogs.coreboot.org/blog/author/patrickgeorgi/
GetSecureBootPolicy.ps1: Partially-completed Secure Boot policy parser
Re: https://firmwaresecurity.com/2018/03/31/geoff-chappell-secure-boot-internals/
https://twitter.com/mattifestation/status/987393518803927042
https://twitter.com/mattifestation/status/987394786029068288
https://github.com/mattifestation/BCD
Click on above URL or remove spaces in below URL (WordPress mangles Github Gist URLs…)
https://gist. github.com/mattifestation /f1e160bc970c8a7b82355d7e5946901b
Given enough machines, you too may find a processor bug
[…]Basically, multi-CPU machines are the norm now. You might have multiple packages on the board, which is to say actual distinct chips in sockets. Each one of those might have have multiple cores on board, and each core might have multiple threads (as in hyperthreading). Odds are, if you really have found a “CPU bug”, it will be limited to that core. How do you verify this? Easy: use something like ‘taskset’.[…]
https://rachelbythebay.com/w/2018/04/18/cpu/
EFI-Clang: build UEFI apps with Clang and LLD
efi-clang: build UEFI applications with the Clang compiler and LLD linker. Of course, you’ll need to have those installed. I tested this with Clang v. 6.0.0. I use Arch Linux, so I installed pacman -S clang lld. […] If you built a similar application using gnu-efi, you’ll notice this executable is substantially smaller. […]
Intrinsic Rowhammer PUFs: Leveraging the Rowhammer Effect for Improved Security
Intrinsic Rowhammer PUFs: Leveraging the Rowhammer Effect for Improved Security
Physically Unclonable Functions (PUFs) have become an important and promising hardware primitive for device fingerprinting, device identification, or key storage. Intrinsic PUFs leverage components already found in existing devices, unlike extrinsic silicon PUFs, which are based on customized circuits that involve modification of hardware. In this work, we present a new type of a memory-based intrinsic PUF, which leverages the Rowhammer effect in DRAM modules – the Rowhammer PUF. Our PUF makes use of bit flips, which occur in DRAM cells due to rapid and repeated access of DRAM rows. Prior research has mainly focused on Rowhammer attacks, where the Rowhammer effect is used to illegitimately alter data stored in memory, e.g., to change page table entries or enable privilege escalation attacks. Meanwhile, this is the first work to use the Rowhammer effect in a positive context – to design a novel PUF. We extensively evaluate the Rowhammer PUF using commercial, off-the-shelf devices, not relying on custom hardware or an FPGA-based setup. The evaluation shows that the Rowhammer PUF holds required properties needed for the envisioned security applications, and could be deployed today.
Chrome OS firmware change may support Verified Boot of Windows?
[…]A recent branch title “firmware-eve-campfire” was discovered in the Chromium gerrit, accompanied by changes referencing “AltOS” and “go/vboot-windows.” That, combined that with the addition of placeholder strings for “Chrome OS” and “AltOS” being added to all languages, suggests that a future Chrome OS device, codenamed “Eve” will have the capability to boot more than one operating system. The commit was found by -nbsp- on Reddit. Obviously, with a name like “vboot-windows,” it is easy to jump to the conclusion that the feature is intended for Microsoft Windows, though little information about this is available. Most of the relevant code is hidden behind the private gerrit for Google employees, making it difficult to ascertain how this works and what it is intended for. According to a post at XDA-developers, it seems possible that this could be used for non-Windows OSes, such as Linux, or whatever Google Fuschia actually is.[…]
Debugging UEFI
This old article has been offline for a while, just got back online:
https://code.bluestop.org/w/tianocore/debugging-with-gdb/
This is a new article:
https://github.com/tianocore/tianocore.github.io/wiki/How-to-debug-OVMF-with-QEMU-using-GDB
This is not new, but is still useful:
https://github.com/tianocore/tianocore.github.io/wiki/Testing-SMM-with-QEMU,-KVM-and-libvirt
Spring UEFI Forum plugfest videos uploading
Looks like some of the videos from the recent plugfest are now online, there’s at least one security video online available:
https://www.youtube.com/channel/UCNB_fDQLXM9lGLu9ODPAnKw
Firmware Security 
You must be logged in to post a comment.