[…]The HydraBus+HydraNFC Shield v2(hardware[1]) with HydraFW[2] (firmware) are used as an open source multi-tool for anyone interested in Learning/Developping/Debugging/Hacking/Penetration Testing for basic or advanced NFC communications.[…]

[1] https://hydrabus.com/hydranfc-shield-v2-specifications/
[2] https://github.com/hydrabus/hydrafw_hydranfc_shield_v2

 

There are Vagrant/bash scripts to help install half a dozen firmware analysis tools (binwalk, firmadyne, binaryanalysis-ng, firmware-mod-kit, firmwalker, etc.), which is helpful because most security tool authors are not good at writing installers.

https://github.com/jamesooo/binary-exploitation-lab

Includes updated Redfish support, as well as some changes after security audits.

https://lists.ozlabs.org/pipermail/openbmc/2020-July/022211.html
https://github.com/openbmc/docs/blob/master/release/release-notes.md
https://github.com/openbmc/openbmc/releases/tag/2.8.0

 

Re: https://firmwaresecurity.com/2015/08/28/new-efi-based-operating-systems/

Below is a list of currently-actively “UEFI hobby operating system”-style projects on Github, defining “active” as updated in last 2 months. Projects which haven’t been updated recently are not listed, but there are a few dozen other projects between above link and below list. Most are barely more than a hello-world bootloader; others are nearly-complete operating systems, some in C a few in Rust, I think one was in C#. List not sorted in any order:

https://github.com/vvaltchev/tilck
https://github.com/Michael-Kelley/RoseOS
https://github.com/GreenteaOS/Tofita
https://github.com/ondralukes/OndrOS
https://github.com/MCJack123/craftos-efi
https://github.com/Totsugekitai/minOSv2
https://github.com/portasynthinca3/neutron
https://github.com/wordandahalf/Stelox
https://github.com/kazuminn/minos
https://github.com/hikalium/liumos
https://github.com/sonjt0705/afwj-uefi
https://github.com/justinian/jsix
https://github.com/VerdureOS/Verdure
https://github.com/bSchnepp/Feral
https://github.com/DylanGTech/PiousOS
https://github.com/Lan-t/MyOsLoader
https://github.com/Ocean-git-hub/EgoisticOS
https://github.com/approvers/minimos

By Alejandro Mera, Bo Feng, Long Lu, Engin Kirda, William Robertson

[…]We present DICE, a drop-in solution for firmware analyzers to emulate DMA input channels and generate or manipulate DMA inputs. DICE is designed to be hardware-independent, and compatible with common MCU firmware and embedded architectures. DICE identifies DMA input channels as the firmware writes the source and destination DMA transfer pointers into the DMA controller. Then DICE manipulates the input transferred through DMA on behalf of the firmware analyzer. […]All our source code and dataset are publicly available.

https://arxiv.org/abs/2007.01502

PS: If someone can find the source code, leave the URL in a Comment, please.

Features:
* Find known EFI GUID’s
* Identified protocols which are finding with LOCATE_PROTOCOL function
* Identified functions used as the NOTIFY function
* Identified protocols installed in the module through INSTALL_PROTOCOL_INTERFACE
* Identified functions used as an interrupt function (like some hardware, software or child interrupt)
* Script for loading efi modules to relevant directories upon import in Headless mode
* Sorting smm modules relying on meta information by next folders[…]

https://github.com/DSecurity/efiSeek

 

Welcome to 2020.

It appears the Intel LUV (Linux UEFI Validation) distribution is no longer active. Last checkin:

The LUV project is not being maintained actively. Update the README accordingly.

https://github.com/intel/luv-yocto/commit/10bda4cf7d64cd36cd282463a5e2b5a536139fe9

https://01.org/linux-uefi-validation

https://github.com/intel/luv-yocto

Binary analysis is imperative for protecting COTS (common off-the-shelf) programs and analyzing and defending against the myriad of malicious code, where source code is unavailable, and the binary may even be obfuscated. Also, binary analysis provides the ground truth about program behavior since computers execute binaries (executables), not source code. However, binary analysis is challenging due to the lack of higher-level semantics. Many higher level techniques are often inadequate for analyzing even benign binaries, let alone potentially malicious binaries. Thus, we need to develop tools and techniques which work at the binary level, can be used for analyzing COTS software, as well as malicious binaries. One of the most challenging problems in the binary analysis is firmware analysis because of the given inter-dependencies between modules and pipelines inside the device, in most cases, it’s almost impossible to take the binary out of its environment and perform fuzzing on the binary individually. So, dynamic testing or fuzzing of embedded firmware is severely limited by the hardware-dependence and poor scalability, partly contributing to the widespread vulnerable IoT devices. Over the years, researchers found ways around this shortcoming by either emulating the I/O communication of peripherals to perform off-device fuzzing or using some tricks to perform on-the-device fuzzing. In this talk, I’ll cover the state-of-the-art for the firmware fuzzing by going through the history and the evolution of techniques that have been proposed so far and then I’ll go through another idea to perform fuzzing of IoT devices in large scale.

https://www.isi.edu/events/calendar/12822

Customize Secure Boot
The goal is to have you own certificate in the Secure Boot db variable.
Then, to sign Linux with your own certificate.
As we have dual boot with Windows, we’ll keep Microsoft and PC manufacturer certificates.

https://github.com/sebmillet/custom-uefi

Summary:
Detect Boot Mode Is Bios Or UEFI

https://github.com/czytcn/SystemUnityLib

Maybe it’s just me, but it seems a bit scary to think that games need to know about what kind of platform firmware they are booting from. 🙂

[[Update: adding Tweet with announcement:

]]

This new plugin looks powerful!

Contributors:
Alex Matrosov (@matrosov)
Andrey Labunets (@isciurus)
Philip Lebedev (@p41l)
Yegor Vasilenko (@yeggor)

https://github.com/binarly-io/efiXplorer

AMD UEFI Inside: What is really behind AGESA, the PSP (Platform Security Processor) and especially Combo PI?
Igor Wallossek

Since there are always questions and some things are often confused, we will give you some insights into AMD-UEFI, what is colloquially called “the BIOS” (although it is no longer correct). I have also broken down the following extremely to remain as simple and understandable as possible. Nevertheless, what happens when the PC starts up is the classic hen-and-egg problem that you simply have to talk about. Software starts hardware, whereas hardware without software does not actually work and software without hardware does nothing. Now what?[…]

In BOTH English and German:

https://www.igorslab.de/en/inside-amd-bios-what-is-really-hidden-behind-agesa-the-psp-platform-security-processor-and-the-numbers-of-combo-pi/

https://www.igorslab.de/inside-amd-bios-was-verbirgt-sich-wirklich-hinter-agesa-dem-psp-platform-security-processor-und-den-zahlen-von-combo-pi/

HelloAmdHvPkg is a type-1 research hypervisor for AMD processors. The hope is to help researchers learn implementation required for the operating system start up under AMD-V (SVM: Secure Virtual Machine).[…]

https://github.com/tandasat/HelloAmdHvPkg

ACPICA and dmicheck updated. Multiple changes to multiple ACPI table checks. New Dmicheck testing. See announcement for long list of features and bugfixes.

http://fwts.ubuntu.com/release/fwts-V20.06.01.tar.gz
https://wiki.ubuntu.com/FirmwareTestSuite/ReleaseNotes/20.06.01
https://lists.ubuntu.com/mailman/listinfo/fwts-announce
https://launchpad.net/~firmware-testing-team/+archive/ubuntu/ppa-fwts-stable

Re: https://firmwaresecurity.com/2020/06/23/thinkpad-uefi-sign-tools-to-check-and-cryptographically-sign-uefi-firmware-images-found-in-thinkpads/

see this Comment on that post:

https://firmwaresecurity.com/2020/06/23/thinkpad-uefi-sign-tools-to-check-and-cryptographically-sign-uefi-firmware-images-found-in-thinkpads/#comment-3953

This is the original codebase:

This is a small utility which checks and recomputes sha1 hashes used to validate Lenovo ThinkPad X220/T420 (and probably other Sandy Bridge ThinkPads) firmware integrity. You can hear 5 beeps twice if the firmware fails validation and you have TPM (security chip) turned on, which is pretty common for modified firmwares.[…]

https://github.com/ValdikSS/thinkpad-shahash/

But the one in the previous blog post has had a recent checkin, whereas this one has had no changes in a long time, so the new branch still may be of interest. Change is in this file:

https://github.com/thrimbor/thinkpad-uefi-sign/commit/83ca863d593becc8ea8ba3a9a6a699c922549b0a#diff-9f4286b8580d8928becab03e268e59f5

 

Not to be confused with the Capstone Engine: the ECE Capstone Project: a current project at Oregon State University:

Our goal is to develop a software tool that when supplied with images of a printed circuit board will reverse engineer the netlist for the board. The software will be implemented as a web based service allowing for users to publish the netlist that they generate. This web page will be available to the engineering community for prolonging the life of old equipment as well as documenting systems for repair to reduce waste. Integrating Computer Vision & Deep Learning to the software, this project is aimed to provide precision and reliability without compromises.[…]

https://sites.google.com/oregonstate.edu/ece44x201913/completion-timeline

https://eecs.oregonstate.edu/project-showcase/projects/?id=DjjEhrfP6Jv0yWqi

 

So far, the only info are these tweets:

Microsoft Defender has been a Windows-cenric AV tool. Recently, Microsoft has ported it to Android and Linux. Recently, Microsoft also started adding UEFI scanning to Defender. So maybe now Android and Linux users can use Defender to scan for UEFI vulns?

CHIPSEC has been the main option for UEFI scanning. It works only on Intel systems. It works as an OS-level app (“OS-present”) on Mac, Windows, and Linux. And runs on UEFI. The OS-level scanners from Apple and Microsoft now both cover UEFI. Will either scan non-Intel systems: ARM64 and AMD64?

https://www.microsoft.com/security/blog/2020/06/23/microsoft-continues-to-extend-security-for-all-with-mobile-protection-for-android/

https://www.microsoft.com/security/blog/2020/06/17/uefi-scanner-brings-microsoft-defender-atp-protection-to-a-new-level/

AMD issued an update last week saying that it will provide an actual update in a few weeks, and sarcastically advises vendors to stay “up-to-date”…

6/17/20

AMD is aware of new research related to a potential vulnerability in AMD software technology supplied to motherboard manufacturers for use in their Unified Extensible Firmware Interface (UEFI) infrastructure and plans to complete delivery of updated versions designed to mitigate the issue by the end of June 2020.[…]AMD has delivered the majority of the updated versions of AGESA to our motherboard partners and plans to deliver the remaining versions by the end of June 2020. AMD recommends following the security best practice of keeping devices up-to-date with the latest patches.[…]

We thank Danny Odler for his ongoing security research.

Full announcement paragraph:
https://www.amd.com/en/corporate/product-security

No news here:
https://developer.arm.com/support/arm-security-updates

AGESA status page:
just kidding, there is no such page, only AMD clients get AGESA status updates under NDA.

I wonder if the Apple macOS or Microsoft Defender UEFI scanners will be updated to catch this on AMD systems. CHIPSEC can’t, it does not work on AMD systems.

[The main branch is 9 months old, but there’s another branch that has just been updated…]

Tools to check and cryptographically sign UEFI firmware images found in ThinkPads. This will resolve the issue where your ThinkPad lets out two groups of five beeps before continuing to boot (the error indicating an invalid signature). These tools are written in Python 3 and rely on the “pycryptodome” library.[…]

https://github.com/thrimbor/thinkpad-uefi-sign