“Redfish: this is a tool designed to test Redfish for BMC. it’s a GUI programe writen by Python tkinter.”
If you are looking to write a Redfish security research tool, beyond the DMTF’s redfishtool, you might want to look at this one.
Category: Uncategorized
33rd CCC
The 33rd Chaos Communication Congress (CCC) takes place in December in Germany. There are MANY great presentations, and CCC is great at making video archives available. Here’s a sample of a few of the presentations, starting with Trammell’s lecture on Heads:
Bootstraping a slightly more secure laptop
Trammell Hudson
https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8314.html
What could possibly go wrong with <insert x86 instruction here>?: Side effects include side-channel attacks and bypassing kernel ASLR
Clémentine Maurice and Moritz Lipp
https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8044.html
Untrusting the CPU: A proposal for secure computing in an age where we cannot trust our CPUs anymore
jaseg
https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8014.html
Virtual Secure Boot: Secure Boot support in qemu, kvm and ovmf
Gerd Hoffmann
https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8142.html
Full schedule:
https://fahrplan.events.ccc.de/congress/2016/Fahrplan/schedule.html
https://events.ccc.de/congress/2016/wiki/Main_Page
Boot2Flappy – Flappy Bird port for UEFI in assembly
“Flappy Bird for UEFI written in x86 Assembly”
Fabian Mastenbroek has written Boot2Flappy, a UEFI port of the game “Flappy Bird”. It is a new project on Github, less than a week old, “FreshMeat”, as they used to say.
Tetris for UEFI
Nikolaj points out that there’s a UEFI port of the game Tetris …but I can’t find the source, only the binary:
As mentioned in the below Defiant UEFI game engine post below, there’s a Tetris for UEFI on Github with source, unclear if this is a different one than above:
https://github.com/swmicro/Tetris
If someone has some spare time, please port MAME to UEFI. Please!
UEFI-OS
There’s a handful of research OSes written for UEFI:
Now there’s one more:
https://github.com/queer/uefi-os
Granted, it’s probably the smallest one yet, merely a hello-world program.
Mark Doran on device IDs
Mark Doran of Intel is interviewed for an article in EECatalog on device IDs, a useful read for those that care about device IDs (and ACPI).
OEMs: request from coreboot community
https://twitter.com/coreboot_org/status/811644238861631489
I agree. I’d like to see more OEMs shipping Linux-centric models, not just Windows or Chrome or Android PCs, leaving Linux users to deal with installing their preferred OS, which is getting harder and harder with pre-OS security (Secure Boot, etc.) preventing customization. Windows PCs have ACPI tied to Windows OS, a Linux PC does not need those ACPI tables, and perhaps may even want some Linux-centric ACPI tables.
Last time I looked, most “Linux OEMs” — scoped to laptops, not servers — still shipped BIOS-based systems. I asked one large Linux vendor why they were still doing this, and they said that Secure Boot was great for sales for them, Linux users avoid it and prefer BIOS. This may be good for ease-of-configurability, but it is bad for security. If you’re going to keep using BIOS, at least consider using SeaBIOS.
OEMs, please take one decent laptop and desktop of your Windows line, and make a Linux-friend model. Dell used to do this. These years, with Secure Boot, it is much more needed.
CyanogenMod dies
Parsing Intel microcode
Finbarr P. Murphy has a new blog post which includes some new Linux-centric Python-based code that parses Intel microcode, to detect updates.
http://blog.fpmurphy.com/2016/12/python-3-utilities-for-parsing-intel-microcode.html
UEFI Spring 2017 Plugfest announced
The Spring 2017 UEFI Plugfest will take place in March 27-31, 2017, and will be located in Nanjing, Jiangsu Province, China.
For more info, see the home page of http://uefi.org/ (it currently has a broken link to the page with more info, I expect they’ll update that soon).
UEFI presentation from Linux Plumbers Conference available
EFI and Linux Interoperability – Harry Hsiung of Intel gave a presentation at the November 2016 Linux Plumbers Conference on UEFI and Linux. The PDF of the presentation is now available on UEFI.org:
Another RISC-V project
The other week I pointed out a RISC-V project on CrowdSupply:
There’s another one, as Jeremy Bennett Embecosm announced on the Open Source Hardware User Group list:
Another RISC-V project
Hot on the heels OnChip and Open-V of comes
https://www.crowdsupply.com/sifive/hifive1
I note they have already met their target on the first day (it wasn’t a very hard target).
More info:
http://oshug.org/cgi-bin/mailman/listinfo/oshug
Tianocore TLS library updated
Jiaxin Wu of Intel submitted a v2 update to the TLS library of Tianocore:
CryptoPkg: Add new TlsLib library
v2:
* Code refine and Typo fix:
TlsHandeAlert -> TlsHandleAlert
This patch is used to add new TlsLib library, which is wrapped over OpenSSL. The implementation provides TLS library functions for EFI TLS protocol and EFI TLS Configuration Protocol.
new AArch64 vm-spec validation tools
Riku Voipio of Linaro has announced the release of some new tools that validate the VM to the Linux cross-distro list.
Some time ago we drafted a specification[1] for AArch64 virtual machines. Now we are launching verification tools that let everyone verify that the whole stack (host hypervisor, guest firmware and guest OS image) implements the spec 2[]. For some extra background see the blog post on vmspec [3]. From the cross-distro point of view, we are interested in finding out if
– QEMU shipped is new enough (2.6+)
– a compatible EFI for arm64 guests is available
– a vmspec compatible cloud guest image is available
If the image comes with cloud-init, vmspec-boot can be used directly to verify compliance. Without cloud-init, one can run vmspec-verify inside the guest to verify manually. The tools are still under development, for example the ACPI test returns a failure even if the guest would support ACPI if forced. Feedback and patches are always welcome. The README.md lists a handful of guest images that have been used in testing. I’d be most happy to add more links to the list!
[1] http://www.linaro.org/app/resources/WhitePaper/VMSystemSpecificationForARM-v2.0.pdf
[2] https://github.com/linaro/vmspec-tools
[3] http://www.linaro.org/blog/core-dump/ensuring-bootable-arm-vm-images/
Full message:
https://lists.linaro.org/mailman/listinfo/cross-distro
Tianocore updates Security Advisories
Previously, the advisories were in PDF format. There were 2 advisories, each PDF contained a number (19?, I forget) of issues. Now, they’ve moved to Github-hosted content using Gitbooks.
I’ve not yet checked if there are any NEW advisories in the new content.
https://www.gitbook.com/book/edk2-docs/security-advisory/details
James on using TPM as keyring on Linux
Re:
James has a follow-up post. The first post, besides being a good introduction to the Linux TPM stack, talks about using TPM as a store for your keys. This second post shows how to integrate with GNOME.
APress TPM book, free ebook option
APress has a printing mode called APress Open where the ebook is freely-available, including this TPM 2.0-centric book:
PCIleech -vs- Apple Mac OS X
It appears Mac OS X 10.12.2 has some firmware-related security updates, with some defense against PCILeech:
http://blog.frizk.net/2016/12/filevault-password-retrieval.html
https://github.com/ufrisk/pcileech
https://twitter.com/aionescu/status/809590186447228928
macOS FileVault2 Password Retrieval
“macOS FileVault2 let attackers with physical access retrieve the password in clear text by plugging in a $300 Thunderbolt device into a locked or sleeping mac. The password may be used to unlock the mac to access everything on it. To secure your mac just update it with the December 2016 patches. Anyone including, but not limited to, your colleagues, the police, the evil maid and the thief will have full access to your data as long as they can gain physical access – unless the mac is completely shut down. If the mac is sleeping it is still vulnerable. Just stroll up to a locked mac, plug in the Thunderbolt device, force a reboot (ctrl+cmd+power) and wait for the password to be displayed in less than 30 seconds!
[…]
Recovering the password is just one of the things that are possible unless the security update is applied. Since EFI memory can be overwritten it is possible to do more evil …
[…]
December 13th: Apple released macOS 10.12.2 which contains the security update. At least for some hardware – like my MacBook Air.
[…]”
Look at recent Tweets from Xeno Kovah, he has multiple posts with information about the 10.12.2 update:
https://twitter.com/XenoKovah/
Firmware passwords:
https://support.apple.com/en-us/HT202796
https://support.apple.com/en-us/HT204455
https://support.apple.com/en-us/HT203409
I’ll admit, I didn’t find any firmwaer information in their release:
https://support.apple.com/en-us/HT207423
Intel open sources XED
Reversing Huawei router firmware, part 5
Juan Carlos has a written part 5 of his series of firmware reversing posts!
http://jcjc-dev.com/2016/12/14/reversing-huawei-5-reversing-firmware/
I think I missed part 4!
Firmware Security 
You must be logged in to post a comment.