https://www.arm.com/products/iot-solutions/kigen-sim-solutions
https://www.arm.com/products/iot-solutions/kigen-sim-solutions
https://www.pcper.com/news/General-Tech/ARM-Introduces-Kigen-OS-Cellular-IoT
Author: hucktech
Intel announces firmware updates for multiple processors (and Retpoline document)
February 20, 2018
Latest Intel Security News: Updated Firmware Available for 6th, 7th and 8th Generation Intel Core Processors, Intel Xeon Scalable Processors and More
Over the past several weeks, we’ve been developing and validating updated microcode solutions to protect Intel customers against the security exploits disclosed by Google Project Zero. This effort has included extensive testing by customers and industry partners to ensure the updated versions are ready for production. On behalf of all of Intel, I thank each and every one of our customers and partners for their hard work and partnership throughout this process. Based on these efforts, we have now released production microcode updates to our OEM customers and partners for Kaby Lake- and Coffee Lake-based platforms, plus additional Skylake-based platforms. This represents our 6th, 7th and 8th Generation Intel® Core™ product lines as well as our latest Intel® Core™ X-series processor family. It also includes our recently announced Intel® Xeon® Scalable and Intel® Xeon® D processors for data center systems. The new microcode will be made available in most cases through OEM firmware updates. I continue to encourage people to always keep their systems up-to-date. There is also a comprehensive schedule and current status for planned microcode updates available online.[…]
https://newsroom.intel.com/news/latest-intel-security-news-updated-firmware-available/
[…]We are mindful of the fact that, in some cases, there are multiple mitigation techniques available that may provide protection against these exploits. This includes “Retpoline,” a Google-developed mitigation technique for Variant 2. For those interested in more information on Retpoline and how it works, we recently published a new white paper. Google has also posted information about Retpoline.[…]
https://support.google.com/faqs/answer/7625886
Click to access Retpoline-A-Branch-Target-Injection-Mitigation.pdf
Coping with Spectre and Meltdown: What sysadmins are doing
Esther Schindler has a new article on Spectre and Meltdown for SysAdmins:
Coping with Spectre and Meltdown: What sysadmins are doing
The recent security vulnerabilities dumped a bunch of to-do items on system administrators’ desks. Feel like you’re alone? Here’s what other sysadmins have done so far, as well as their current plans and long-term strategy, not to mention how to communicate progress to management.
https://www.hpe.com/us/en/insights/articles/coping-with-spectre-and-meltdown-what-sysadmins-are-doing-1802.html
https://groups.google.com/a/lopsa.org/forum/#!topic/discuss/OSk4U32ShGs
Nintendo’s new KDE Linux tablet :-)
Re: https://firmwaresecurity.com/2018/01/16/dumping-the-playstation4-kernel/
https://twitter.com/fail0verflow/status/964954316892119040
https://www.theverge.com/circuitbreaker/2018/2/19/17029916/nintendo-switch-hack-linux-fail0verflow
https://www.nintendo.com/switch/
I have never once considered purchasing a Nintendo Switch …until now. 🙂
dkmsscripts: scripts to help with DKMS and UEFI boot keysigning
Collection of scripts and readme’s to help with DKMS and UEFI boot keysigning. Everythign in here is for RHEL derivs for now. Pathing is slightly different on Debian based. This assumes you have a /root/dkms/ directory with keys and scripts in it.
UEFImarkEbcEdition: UEFI Byte Code (EBC) benchmark utility
System information, benchmark utility for UEFI. Use EFI Byte Code (EBC). EBC instructions coded as FASM macro. SOURCE directory contains FASM source, plus EBC application build service utilites for DOS(TASM) and Win32(FASM). EXECUTABLE directory contains UEFI EBC application. For UEFI, cross platform (x64, IA32, +).
DeepState: C/C++ symbolic execution unit test framework from Trail of Bits
DeepState is a framework that provides C and C++ developers with a common interface to various symbolic execution and fuzzing engines. Users can write one test harness using a Google Test-like API, then execute it using multiple backends without having to learn the complexities of the underlying engines. It supports writing unit tests and API sequence tests, as well as automatic test generation. DeepState currently targets Linux, with macOS support in progress.
EnclaveDB: A Secure Database using SGX
https://www.computer.org/csdl/proceedings/sp/2018/4353/00/index.html
EnclaveDB: A Secure Database using SGX
Christian Priebe , Imperial College London
Kapil Vaswani , Microsoft Research
Manuel Costa , Microsoft Research
We propose EnclaveDB, a database engine that guarantees confidentiality, integrity, and freshness for data and queries. EnclaveDB guarantees these properties even when the database administrator is malicious, when an attacker has compromised the operating system or the hypervisor, and when the database runs in an untrusted host in the cloud. EnclaveDB achieves this by placing sensitive data (tables, indexes and other metadata) in enclaves protected by trusted hardware (such as Intel SGX). EnclaveDB has a small trusted computing base, which includes an in-memory storage and query engine, a transaction manager and pre-compiled stored procedures. A key component of EnclaveDB is an efficient protocol for checking integrity and freshness of the database log. The protocol supports concurrent, asynchronous appends and truncation, and requires minimal synchronization between threads. Our experiments using standard database benchmarks and a performance model that simulates large enclaves show that EnclaveDB achieves strong security with low overhead (up to 40% for TPC-C) compared to an industry strength in-memory database engine.
https://www.computer.org/csdl/proceedings/sp/2018/4353/00/435301a405-abs.html
Windows AMSI (AntiMalware Scan Interface) bypass
SHA_Performance_Review_In_UEFI: UEFI SHA1/SHA256 perf tests with C (and asm)
Background of The work: To compare the SHA1/SHA-256 performance in different implementation, different optimization flags and with different compilers(GCC48/GCC5). See how the performance difference in UEFI(Pre-boot environment). As a UEFI developer, while using these CPU intensive algorithms, we need to take into account the performance between them.
https://github.com/tsunghowu/SHA_Performance_Review_In_UEFI
UEFTW – UEFI Toys: ShellOpt/ShellExpand/DBounce/KernextPatcher/AcpiPatcher (binary-only, no source)
UEFTW – UEFI Toys: ShellOpt/ShellExpand/DBounce/KernextPatcher/AcpiPatcher (binary-only, no source)
Some of UEFI Toys by me. Taken from my early forked of Clover and ‘others’ below. No sources available yet, just binary (EAT that!).
ShellOpt: Port of GNUEFI Finnbarr P. Murphy ShellOpt (>>>) to EDK2, to set / delete various Shell options.
ShellExpand: To eliminate known Shell bugs edit command by translating TABS to SPACES with custom size.
DBounce: An UEFI driver to load all required drivers first before finally calling a chainloader. Originally introduced by Christoph Pfisterer (rEFIts author). The original source can be found here. Later I port this module to work with EDK2 with following changes (compared to original):
KernextPatcher: KernextPatcher (stand for Kernel & Kext Patcher) is an Darwin kernel & extensions patcher UEFI driver based on Clover Memfix by dmazar. This driver try to hook ExitBootServices event and patching kernelcache including kernel it self and kexts.
AcpiPatcher: AcpiPatcher is an Darwin ACPI patcher UEFI driver. Yes, its a MEGA stripped version compare to original one. At least, we can now get rid from some of complexity to load custom ACPI tables with some fixes. This driver try to hook ExitBootServices event and patching ACPI as below.
https://github.com/cecekpawon/UEFTW
Careful, these are closed-source binaries. Freeware is hard to trust, these decades… I have not tried them.
LinuxJournal article on LinuxBoot
F-Secure’s Guide to Evil Maid Attacks
Windows 10: storing system-tracking data in UEFI variables
https://twitter.com/dakotathekat/status/963086883621408768
https://docs.microsoft.com/en-us/uwp/api/Windows.System.Profile.SystemIdentification
As one comment above notes, make sure you know how to reset this firmware-stored data before you dispose of any such systems.
Interesting, I would have guessed that this data would be stored in UEFI SMM LockBox, but some forms of UEFI variables are also hard to access. Ah, but this is for persistent data…
https://github.com/tianocore/edk2/blob/master/MdeModulePkg/Universal/LockBox/SmmLockBox/SmmLockBox.c
I’d swear I saw some MacOSX (before change to macOS) components moved from system libraries up into Apple EFI, I wonder if Apple also implements SmmLockBox?
Windows: enable BIOS and UEFI boot for PXE in DHCP
There’s an URL to a live.com download in the blog, as well as PowerShell script inline with blog text:
https://ittherapist.net/2018/02/10/enable-bios-and-uefi-boot-for-pxe-in-dhcp/
FreeBSD bhyve UEFI support improved
https://twitter.com/lattera/status/963126671963557888
MFC: r316746 Add UEFI support to vmrun.sh
Adds:
-E: Use UEFI mode
-f: path to UEFI firmware image (default: path to uefi-edk2-bhyve package)
-F: UEFI framebuffer size (default: w=1024,h=768)
-L: IP to listen for VNC connections on (default: 127.0.0.1)
-P: Port to listen for VNC connections on (default: 5900)
-T: Enable tablnet device (for VNC)
-v: Wait for VNC client before booting VM
https://svnweb.freebsd.org/base?view=revision&revision=329178
Dell Sputnik systems disable Secure Boot
“Dell ship their Sputnik systems with a pre-populated MokSB variable that disables Secure Boot, so this is working as intended on the Fedora side.”
adding BIOS Mode and Secure Boot state to BGInfo
Intel updates bug bounty program
Updates to our program include
+ Shifting from an invitation-only program to a program that is open to all security researchers, significantly expanding the pool of eligible researchers.
+ Offering a new program focused specifically on side channel vulnerabilities through Dec. 31, 2018. The award for disclosures under this program is up to $250,000.
+ Raising bounty awards across the board, with awards of up to $100,000 for other areas.
https://newsroom.intel.com/news/expanding-intels-bug-bounty-program/
dtrace for linux; Oracle does the right thing
dtrace for linux; Oracle does the right thing
Posted on February 14, 2018, 11:13.
[…]This changeset integrates DTrace module sources into the main kernel source tree under the GPLv2 license. Sources have been moved to appropriate locations in the kernel tree. That is right, dtrace dropped the CDDL and switched to the GPL![…]
Firmware Security 
You must be logged in to post a comment.