Author: hucktech

Lai (Lux ACPI Implementation): AML for Lux, a Unix-like OS

~ hucktech ~ Leave a comment

Lux is a new Unix-like operating written for the PC, aiming for high performance with minimal requirements. Lai, the Lux ACPI Implementation, is an implementation of ACPI’s Machine Language (AML) written for use with lux, but with portability in mind. As such, lai is portable and OS-independent. It depends on a few OS-specific functions, and so a small layer is written for each OS lai is to be used with, and this requires no changes to the core code of lai.

https://github.com/omarrx024/lux
https://omarrx024.github.io/

https://github.com/omarrx024/lai
https://omarrx024.github.io/docs/lai.html

Microsoft Azure Sphere

~ hucktech ~ Leave a comment

https://www.microsoft.com/en-us/azure-sphere/
https://www.microsoft.com/en-us/azure-sphere/about/
https://ms-device-contact.com/

Introducing Microsoft Azure Sphere: Secure and power the intelligent edge


https://www.microsoft.com/en-us/azure-sphere/details/
https://www.mediatek.com/products/azureSphere/mt3620

A diagram that shows the MCU architecture. It includes sections for: Microsoft Pluton Security Subsystem, flash, Connectivity, application processor, SRAM, real-time processor, and firewalls.

seL ported to RISC-V

~ hucktech ~ Leave a comment

seL, in addition to Intel and ARM, now supports RISC-V!

https://github.com/seL4/seL4/tree/master/include/arch/riscv/arch
https://sel4.systems/pipermail/devel/2018-April/001928.html
https://docs.sel4.systems/Hardware/RISCV
https://sel4.systems/About/seL4/
https://riscv.org/

 

PS: seL is not the only OS porting to RISC-V, here’s the Debian port:
https://groups.google.com/a/groups.riscv.org/forum/#!topic/sw-dev/u4VcUtB9r94

PS: RISC-V is getting active, and has had lots of newsworthy events that I’ve not covered:
https://riscv.org/news/

An Introduction to Counterfeit ICs: Counterfeiting, Detection and Avoidance Methods

~ hucktech ~ Leave a comment

An Introduction to Counterfeit ICs: Counterfeiting, Detection and Avoidance Methods
Yahya Tawil
23rd December 2017

 

An Introduction to Counterfeit ICs: Counterfeiting, Detection and Avoidance Methods

Click to access SIA%20Anti-Counterfeiting%20Whitepaper.pdf

http://www.bunniestudios.com/blog/?page_id=1022

What You Don’t Know about Firmware Might Get You ∅wn3d

~ hucktech ~ Leave a comment

Brian Richardson of Intel has an article on firmware security. It even mentions CHIPSEC and NIST 147!

http://eecatalog.com/intel/2018/04/09/what-you-dont-know-about-firmware-might-get-you-own3d/#.WtZPvUZ6xU0.twitter

 

 

 

Intel Security Essentials: A Built-in Foundation with Security at the Core

~ hucktech ~ Leave a comment

Intel Threat Detection Technology (TDT) announced at RSA. Includes GPU-powered antivirus code.

https://newsroom.intel.com/editorials/securing-digital-world-intel-announces-silicon-level-security-technologies-industry-adoption-rsa-2018/

https://software.intel.com/en-us/blogs/2018/04/16/intel-security-essentials-a-built-in-foundation-with-security-at-the-core

https://www.intel.com/content/www/us/en/security/hardware/hardware-security-overview.html

https://www.engadget.com/2018/04/17/intel-malware-scanner-gpu-processor-cpu-speed/

https://arstechnica.com/gadgets/2018/04/intel-microsoft-to-use-gpu-to-scan-memory-for-malware/

https://twitter.com/diodesign/status/986099399104212993

Intel Security Essentials

 

more on INTEL-sa-00087

~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/04/03/intel-sa-00087-unsafe-opcodes-exposed-in-intel-spi-based-products/

Lenovo has an advisory now:

https://support.lenovo.com/us/en/solutions/LEN-16445

Could an Intel chip flaw put your whole computer at risk?

INTEL-SA-00110: BIOS SW SMI Call-Out EoP

~ hucktech ~ Leave a comment

Intel® NUC BIOS SW SMI Call-Out

Intel ID: INTEL-SA-00110
Product family: Intel® NUC Kits
Impact of vulnerability: Elevation of Privilege
Severity rating: Important
Original release: Apr 17, 2018
Last revised: Apr 17, 2018
Summary:

This update will improve the security of system firmware for the below listed Intel NUC models. Intel has identified a potential vulnerability in Intel NUC kits with insufficient input validation in system firmware that potentially allows a local attacker to elevate privileges to System Management Mode (SMM). Intel highly recommends that users update to the latest firmware version (see table above).

Intel would like to thank Embedi for reporting this issue and working with us on coordinated disclosure.

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00110&languageid=en-fr

 

copperheadOS: Samsung missing security features needed for Android Verified Boot

~ hucktech ~ Leave a comment

Tweets from CopperheadOS, a security-centric Android-based distribution, are a good source of Android security news, since they’re stretching the boundaries of the open source android release.

postmarketOS: liberating bootloaders and cellular modem firmware of MediaTek phones

~ hucktech ~ Leave a comment

Liberating Bootloaders and Cellular Modem Firmware of MediaTek Phones

As a community project, and one that encourages contributors to work on what they like, we have attracted people with a broad range of interests and skill levels. Recently a small hacking group #postmarketOS-lowlevel has emerged, and its masterminds @McBitter and @unrznbl are eager to introduce you to the madness that awaits when digging deeper and deeper in the embedded hardware and software stack. But before we get started, please keep in mind that these are moon shots. So while there is some little progress, it’s mostly about letting fellow hackers know what we’ve tried and what we’re up to, in the hopes of attracting more interested talent to our cause. After all, our philosophy is to keep the community informed and engaged during the development phase! For those new to postmarketOS, we are a group of developers, hackers, and hobbyists who have come together with a common goal of giving a ten year life cycle to mobile phones. This is accomplished by using a simple and sustainable architecture borrowed from typical Linux distributions, instead of using Android’s build system. The project is at an early stage and isn’t useful for most people at this point. Check out the newly-updated front page for more information, the previous blog post for recent achievements, and the closed pull requests to be informed about what’s going on up to the current minute. Let’s dive in!

https://postmarketos.org/blog/2018/04/14/lowlevel/

https://github.com/postmarketOS/
https://wiki.postmarketos.org/wiki/Devices

 

PreOS Security creates awesome-firmware-security

~ hucktech ~ Leave a comment

https://github.com/PreOS-Security/awesome-firmware-security/blob/master/README.md

This is the initial version of the awesome-firmware-security list! I’ve been putting this off for a while (since day 2 of this blog), luckily Paul did most of the work to release this. Thanks, Paul!

If this initial release smells like a Glossary for an ebook, there’s a reason for that: we have an upcoming ebook, and this initial release of this list was meant to act as More Info and Glossary for the ebook. 🙂

This is scoped to platform security, for security researchers, DFIR, Blue Team, SysAdmins, etc. Currently it is focused mostly on Platform Firmware (eg, UEFI). It needs help from others that’re focusing on IoT/embedded/mobile device ‘firmware’.

I’ll have a second list for firmware development-centric topics in near future.

There’s MANY things to add. Please submit a patch with more details, I’m hoping this is a community effort, not just Paul and I adding entries to this list. PLEASE HELP!