Category: Uncategorized

ACPIview

~ hucktech ~ Leave a comment

Evan Lloyd and Sami Mujawar of ARM have submitted a new ACPI UEFI Shell tool for Tianocore.

[edk2] [PATCH] ShellPkg: Add acpiview tool to dump ACPI tables

This program is provided to allow examination of ACPI table contents from the UEFI Shell.  This can help with investigations, especially at that stage where the tables are not enabling an OS to boot. The program is not exhaustive, and only encapsulates detailed knowledge of a limited number of table types. Default behaviour is to display the content of all tables installed. ‘Known’ table types will be parsed and displayed with descriptions and field values.  Where appropriate a degree of consistency checking is done and errors may be reported in the output. Other table types will be displayed as an array of Hexadecimal bytes. To facilitate debugging, the -t and -b options can be used to generate a binary file image of a table that can be copied elsewhere for investigation using tools such as those provided by acpica.org.  This is especially relevant for AML type tables like DSDT and SSDT. The inspiration for this is the existing smbiosview Debug1 Shell command, and the command is also intended for Debug1. Many tables are not explicitly handled, in part because no examples are available for our testing. The program is designed to be extended to new tables with minimal effort, and contributions are invited.

The code is available for examination at:
https://github.com/EvanLloyd/tianocore/tree/651_acpiview_v1

STM added to Tianocore

~ hucktech ~ Leave a comment

Intel has submitted a patch to Tianocore to add STM support!

[edk2] [patch 0/4] Add STM (Smi Tranfer Monitor) support

This patch series is used to add STM support to UefiCpuPkg. More details about STM are described in:
http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-manual-325462.pdf
https://firmware.intel.com/sites/default/files/STM_User_Guide-001.pdf
https://firmware.intel.com/sites/default/files/A_Tour_Beyond_BIOS_Launching_STM_to_Monitor_SMM_in_EFI_Developer_Kit_II.pdf

28 files changed, 6036 insertions(+), 65 deletions(-)

More info:
https://lists.01.org/mailman/listinfo/edk2-devel
https://firmwaresecurity.com/tag/stm/

 

Bluetooth 5.0 spec released

~ hucktech ~ Leave a comment

https://twitter.com/michaelossmann/status/806567763888271360

“With up to 4x the range, 2x the speed and 8x the broadcasting message capacity, the enhancements of Bluetooth® 5 focus on increasing functionality for the Internet of Things (IoT). Bluetooth 5 delivers a “connectionless” IoT, advancing beacon and location-based capabilities in home, enterprise and industrial applications.[…]”

https://www.bluetooth.com/specifications/adopted-specifications

MonitorDarkly: Dell monitor on-screen-display exploit

~ hucktech ~ Leave a comment

“This repo contains the exploit for the Dell 2410U monitor. It contains utilities for communicating with and executing code on the device. The research presented here was done in order to highlight the lack of security in “modern” on-screen-display controllers. Please check out our Recon 0xA presentation (included) for a detailed description of our research findings and process.[…]”

https://github.com/redballoonshenanigans/monitordarkly

Talos FlexVer technology -vs- Evil Maids

~ hucktech ~ Leave a comment

Talos has a new post on their use of FPGAs on their OpenPower-based workstation.

https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation/updates/talos-fpga-functions-and-responsibilities-part-2

Talos Secure Workstation: coreboot + POWER8

 

1Bitsy and Black Magic Probe

~ hucktech ~ Leave a comment

1Bitsy and Black Magic Probe has a Kickstarter campaign worth checking out:

 

 

MapleSyrup: ARM security tool

~ hucktech ~ Leave a comment

https://twitter.com/suqdiq/status/805453613699043328

Maplesyrup Register Display Tool:
Maplesyrup is a tool that can be used to help determine the security state of an ARM-based device by examining the system register interface of the CPU. Maplesyrup is for anyone who has low level access to a handset or single-board PC running an ARMv7A/v8A based processor and is interested in knowing the register level configuration of their CPU at OS runtime. These registers contain featureset and security information that may influence operation of the system kernel and running applications. Linux provides featureset and platform information to the user in the /proc and /sys filesystems, but the configurations governing how these features operate is sometimes hidden to the user. In some cases, the OS will make use of the information to conform to implementation specific features and not indicate this to the user. In other cases, these features may not be managed by the operating system at all, but nevertheless could potentially affect the operation of the system by configuring how a CPU controls access to security domains, executes specific instructions, and handles CPU exceptions.[…]

 

https://github.com/iadgov/Maplesyrup

 

James on Linux TPM stack

~ hucktech ~ Leave a comment

James has a new blog post that gives a good introduction to the Linux TPM stack:

“[…]One of the great advantages of the TPM, instead of messing about with USB pkcs11 tokens, is that it has a file format for TPM keys (I’ll explain this later) which can be used directly in place of standard private key files.  However, before we get there, lets discuss some of the basics of how your TPM works and how to make use of it.[…]”

Using Your TPM as a Secure Key Store

 

DMTF SMBIOS spec updated

~ hucktech ~ Leave a comment

“New in Version 3.1, SMBIOS now includes support for mini PCIe and Trusted Platform Module (TPM) devices, and adds new chassis types for Internet of Things (IoT) gateways, as well as embedded, mini and stick PCs. In addition, the standard has been updated to support extended BIOS ROM size and cache sizes greater than 2047 MB.[…]”

http://www.dmtf.org/content/dmtf-releases-updated-smbios-standard

http://www.dmtf.org/standards/smbios

 

 

PANDA 2.0 released

~ hucktech ~ Leave a comment

“The PANDA team is pleased to announce the initial release of PANDA 2.0. It’s been roughly four years since we first released PANDA, and it’s come a long way, becoming more stable, featureful, and easier to use — in large part because of fantastic contributions from developers around the world. At the same time, though, QEMU has undergone huge changes, and PANDA hasn’t kept up. QEMU now supports new platforms like Mac OS X, has improved the TCG emulator’s performance, and includes countless security fixes. The main goal of PANDA 2.0 is to re-sync with upstream QEMU, allowing us to take advantage of all of these improvements. We’ve also restructured the repository, which will make it easier to keep up with upstream changes in the future.”

“PANDA is an open-source Platform for Architecture-Neutral Dynamic Analysis. It is built upon the QEMU whole system emulator, and so analyses have access to all code executing in the guest and all data. PANDA adds the ability to record and replay executions, enabling iterative, deep, whole system analyses. Further, the replay log files are compact and shareable, allowing for repeatable experiments. A nine billion instruction boot of FreeBSD, e.g., is represented by only a few hundred MB. PANDA leverages QEMU’s support of thirteen different CPU architectures to make analyses of those diverse instruction sets possible within the LLVM IR. In this way, PANDA can have a single dynamic taint analysis, for example, that precisely supports many CPUs. PANDA analyses are written in a simple plugin architecture which includes a mechanism to share functionality between plugins, increasing analysis code re-use and simplifying complex analysis development. It is currently being developed in collaboration with MIT Lincoln Laboratory, NYU, and Northeastern University.”

https://github.com/panda-re/panda