Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Siemens has updated their products for Intel AMT vulnerability:
Click to access siemens_security_advisory_ssa-874235.pdf
Siemens Patches Critical Intel AMT Flaw in Industrial Products
https://www.theregister.co.uk/2017/07/03/intel_amt_bug_bit_siemens_industrial_pcs/
Embedded Firmware Security Lead
We are now looking for an Embedded Firmware Security Lead. […] Ways to stand out from the crowd:
* Experience with secure code quality practices and tooling to support quick engagements and rapid analysis – static analysis tools (Coverity, Checkmarx, or similar), dynamic scanning (Rapid 7, AppSider, or similar), Fuzzing (AFL, Peach, or similar) and code coverage (Bullseye, LDRA, etc)
* Experience with security incident response activities and penetration testing
* Experience with Ada/Spark language variant and formal proof verification a plus.
[…]
OpenPOWER secure and trusted boot, Part 2
Protecting system firmware with OpenPOWER secure boot
Making your system safe against boot code cyberattacks
Dave Heller and Nageswara Sastry
Published on June 05, 2017
This content is part 2 of 2 in the series: OpenPOWER secure and trusted boot. IBM® OpenPOWER servers offer two essential security features, trusted boot and secure boot, to help ensure the integrity of your server and safeguard against a boot code cyberattack. Trusted boot works by creating secure recordings, or measurements, of executable code as the system boots. Using a process known as remote attestation, you can retrieve these measurements securely and use them to verify the integrity of your firmware or target operating system (OS). Secure boot helps ensure the integrity of your OS and firmware as well. But rather than taking measurements for later examination, secure boot performs the validation in place, during boot, and will halt the boot process if the validation fails. These two features are complementary and work together to provide comprehensive protection of platform boot code. This article explores the secure boot method, with particular focus on protection of system firmware.[…]
https://www.ibm.com/developerworks/library/l-protect-system-firmware-openpower/
Part 1 is from Feburary:
https://www.ibm.com/developerworks/linux/library/l-trusted-boot-openPOWER-trs/index.html?ca=drs-
https://twitter.com/grjohnson10/status/880767835886301184
Simplify Secure, UEFI-Based IoT Firmware Updates
Rich Nass
In the age of the Internet of Things (IoT), where everything is becoming connected, each connection point can be viewed as a “Hack This” sign for the bad guys. To prevent this, developers need to be sure that all firmware and associated patches are kept up to date with verified and secure revision control. Any unpatched or outdated firmware can allow access to critical system functions. Unfortunately, this need to keep firmware updated often goes overlooked by the development team after a product has shipped. In many cases this is due to the resources required and complexities involved. But what if the whole process of updating and securing firmware remotely or over the air (OTA) could be standardized and encapsulated within an easy-to-use, reliable solution that works seamlessly with your underlying hardware? It turns out that such a solution is already in hand.[…]
http://www.insight.tech/industrial/simplify-secure-uefi-based-iot-firmware-updates
[[[UPDATE:
William’s blog post on Nikolaj’s comments are more readable than below post:
http://www.basicinputoutput.com/2017/07/uefi-27-courtesy-of-nikolaj.html
]]
Nikolaj has over a dozen tweets showcasing the interesting new features in the latest UEFI and ACPI specs. Click on the above Twitter URL to see the full set.
Brian Richardson of Intel has a new article talking about the latest UEFI dev kit. It includes a summary of the newly-added UEFI features.
https://github.com/tianocore/edk2/releases/tag/vUDK2017
https://github.com/tianocore/tianocore.github.io/wiki/UDK2017#udk2017-features–updates–changes
OpenSuCo 2017, the 2017 International Workshop on Open Source Supercomputing, just happened. PDFs of many — but not all — of the presentations are available!
The OpenSuCo Workshop seeks to encapsulate a wealth of effort in design, prototyping, and cross-functional collaboration of open source hardware, software, and scientific computing projects in a singular point of technical discussion and exchange.
Open Source Silicon – Challenges, Opportunities, and Predictions
Generation and Reconfiguration of Accelerators for Data Center
Breaking the 4th Wall: Reducing the Datacenter to a SoC
CloudLightning and the OPM-based Use Case
Fundamentals of OmpSs
Efficient Programming for Multicore Processor Heterogeneity: OpenMP versus OmpSs
Taking PBS Pro Open Source: From Crazy Decision to Early Operational Success
HermitCore: A Library Operating System for Cloud and High-Performance Computing
Best GPU Code Practices Combining OpenACC, CUDA, and OmpSs
http://www.opensuco.community/2017/01/30/isc17-opensuco-2017/
I just noticed there’s a new Amazon Kindle eBook on UEFI/BIOS, apparently first published in September 2016:
What You Need to Know About Using UEFI Instead of the BIOS and what is Different ?!
by Mohandes kahraba
ASIN: B072KRSLNR
Kindle eBook
Length: 30 pages
https://twitter.com/_jsoo_/status/878065564157190144
The Hardware Forensic Database (or HFDB) is a project of CERT-UBIK aiming at providing a collaborative knowledge base related to IoT Forensic methodologies and tools. This database provides multiple guides to collect valuable information from various smart/connected devices, as well as dedicated tools. These guides allows quick information extraction and provides all the required material to perform a forensic analysis on specific devices.[…]
At least one UEFI change in this release:
Boot Xen on EFI platforms using GRUB2 (x86):
From Xen Project 4.9 and GRUB2 2.02 onwards, the Xen Project Hypervisor can be booted using the multiboot2 protocol on legacy BIOS and EFI x86 platforms. Partial support for the multiboot2 protocol was also introduced into network boot firmware (iPXE). This makes the Xen Project boot process much more flexible. Boot configurations can be changed directly from within a bootloader (without having to use text editors) and boot configurations are more portable across different platforms.
https://blog.xenproject.org/2017/06/28/whats-new-in-the-xen-project-hypervisor-4-9/
Reverse Engineering Samsung S6 SBOOT – Part II
By Fernand Lone Sang
In my previous article, I explained how to load Samsung’s proprietary bootloader SBOOT into IDA Pro. The journey to the TEE OS continues in this second article which describes two techniques to locate Trustonic’s TEE <t-base in the binary blob. A few months back, I started digging into various TEE implementations and that led me to reverse engineer Samsung’s proprietary bootloader SBOOT [1]. At that time, I suspected that the Trustonic’s TEE <t-base was somehow embedded in the bootloader’s image of Exynos-based smartphones, and it turned out that my assumptions were good. Back then, I used two techniques to locate <t-base in SBOOT but I did not find enough time to cleanup my notes and blog about it until now. This article describes the two techniques I used.[…]
https://blog.quarkslab.com/reverse-engineering-samsung-s6-sboot-part-ii.html
https://blog.quarkslab.com/reverse-engineering-samsung-s6-sboot-part-i.html
This hardcopy book is a bit more expensive than most tech books, so a discount is a good thing!
http://www.basicinputoutput.com/2017/06/super-deal-on-beyond-bios.html
EFI Boot Guard
Simple UEFI boot loader with support for safely switching between current and updated partition sets. A bootloader based on UEFI. Provides the following functionality:
* Arm a hardware watchdog prior to loading an OS
* Provides a simple update mechanism with fail-save algorithm
The following watchdog drivers are implemented: Intel Quark, Intel TCO, and Intel i6300esb.
What’s new in Windows Defender ATP Fall Creators Update:
When we introduced Windows Defender Advanced Threat Protection (Windows Defender ATP), our initial focus was to reduce the time it takes companies to detect, investigate, and respond to advanced attacks. The Windows Fall Creators Update represents a new chapter in our product evolution as we offer a set of new prevention capabilities designed to stop attacks as they happen and before they have impact. This means that our service will expand beyond detection, investigation, and response, and will now allow companies to use the full power of the Windows security stack for preventative protection. The stack will be powered by our cloud-based security intelligence, which moves us from a world of isolated defenses to a smart, interconnected, and coordinated defense grid that is more intelligent, simple to manage, and ever-evolving. We will also provide a single pane of glass experience for security professionals. This means that security management (SecMgmt) teams can easily configure a broad set of Windows security stack technologies through an integrated configuration management experience. Security operations (SecOps) teams get full visibility into their Windows endpoint security and a rich toolset to take action using the Windows Defender ATP console. This will not only give companies a full picture of what’s happening on their endpoints, but will also put them in the driver seat to quickly react to threats as they happen. Leveraging our cloud-based security intelligence gives the optics, context, and tools that companies need to quickly investigate and remediate incidents. Here are some highlights of the Windows Fall Creators Update:[…]
https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp
I’ve seen a large number of ‘Summer reading list’ posts on various social media forums in the last few days. I’ll add my own.
http://www.timeglider.com/timeline/5ca2daa6078caaf4
https://github.com/advanced-threat-research/firmware-security-training
https://www.nostarch.com/rootkits
https://www.degruyter.com/view/product/484477
https://www.degruyter.com/view/product/484468
https://blog.invisiblethings.org/2015/10/27/x86_harmful.html
https://blog.invisiblethings.org/2015/12/23/state_harmful.html
Regarding the No Starch Press book above, most chapters available via ebook, hardcopy book apparently due later this Summer, autographed edition at DEF CON.
Intel has updated their Control-flow Enforcement Technology (CET) spec.
Click to access control-flow-enforcement-technology-preview.pdf
When safety and security become one
What happens when your car starts getting monthly upgrades like your phone and your laptop? It’s starting to happen, and the changes will be profound. We’ll be able to improve car safety as we learn from accidents, and fixing a flaw won’t mean spending billions on a recall. But if you’re writing navigation code today that will go in the 2020 Landrover, how will you be able to ship safety and security patches in 2030? In 2040? In 2050? At present we struggle to keep software patched for three years; we have no idea how to do it for 30. Our latest paper reports a project that Éireann Leverett, Richard Clayton and I undertook for the European Commission into what happens to safety in this brave new world. Europe is the world’s lead safety regulator for about a dozen industry sectors, of which we studied three: road transport, medical devices and the electricity industry.[…]
Firmware Analysis for IoT Devices
Aditya Gupta
This is the second blog related to IoT Exploitation and Penetration Testing. In this blog we are going to have a look at a key component in an IoT device architecture – firmware. Any IOT device you use, you will be interacting with firmware, and this is because firmware can be thought of as the actual code that runs on an IoT or embedded device . For this post, we will start by looking at various ways to extract file system from firmware, and then move into going deeper into analysing binaries for vulnerabilities. The most common architectures for IoT devices are ARM and MIPS , which is also something we will cover later in this series. Before starting digging deep into the firmware, we would have a look at the components and related aspects, such as file system types, compression , encryptions, and bootladder.[…]
https://www.peerlyst.com/posts/firmware-analysis-for-iot-devices-aditya-gupta
Dell/EMC has a new Tech Note, written by Wei Liu and Seamus Jones, summarizing some of the new firmware security features available in their new server:
Cyber-Resiliency Starts at the Chipset and BIOS
2-page Tech Note covering new BIOS features introduced with PowerEdge 14G servers, offering unique resiliency to malicious intent or user error. The two features highlighted, BIOS Recovery and integration of Intel Boot Guard, respectively, are further demonstration of PowerEdge engineering commitment to ensuring the security and stability of enterprise infrastructures.
http://en.community.dell.com/techcenter/extras/m/white_papers/20444061
systemd Secure boot integration
sicher*boot automatically installs systemd-boot and kernels for it into the ESP, signed with keys generated by it. The signing keys are stored unencrypted and only protected by the file system permissions. Thus, you should make sure that the file system they are stored (usually /etc) in is encrypted. After installing sicherboot, you can adjust a number of settings in /etc/sicherboot.conf and should set a kernel commandline in /etc/kernel/cmdline. Then run ‘sicherboot setup’ to get started.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Discover the Desktop
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
News from coreboot world
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Just another WordPress.com site
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Firmware Security 
You must be logged in to post a comment.