The Unbearable Lightness of BMC’s

August 11, 2018 ~ hucktech ~ Leave a comment

The Register has a bit of background on BMC attacks, based on the recent presentation at Blackhat:

https://twitter.com/nicowaisman/status/1027944454781632513

https://www.blackhat.com/us-18/briefings/schedule/#the-unbearable-lightness-of-bmcs-10035

https://www.theregister.co.uk/2018/08/10/data_center_hacking/

Microsoft Blackhat speculative execution slides posted

August 11, 2018 ~ hucktech ~ Leave a comment

Slides posted for the #BHUSA presentation by @anders_fogh & @CTurtE on systematizing and mitigating speculative execution side channels vulnerabilities: https://t.co/4OoqLupyRT

— Matt Miller (@epakskape) August 10, 2018

Click to access us-18-Fogh-Ertl-Wrangling-with-the-Ghost-An-Inside-Story-of-Mitigating-Speculative-Execution-Side-Channel-Vulnerabilities.pdf

HALO: HAribote-os LOader for EFI (and UEFI-Hello)

August 11, 2018 ~ hucktech ~ Leave a comment

HALO is a new boot loader for a project I’m not yet familiar with. A related new project from the same author first caught my eye, a UEFI app template that uses an interesting build project, including Rake and LLVM.

https://github.com/neri/uefi-hello

https://github.com/neri/uefi-hello/blob/master/Rakefile

https://github.com/neri/halo

UEFI_Basic: A BASIC programming language interpreter for UEFI

August 11, 2018 ~ hucktech ~ Leave a comment

In the olde days of the early Personal Computer, the BIOS-based firmware’s default bootloader would be a resident BASIC interpreter REPL. Companies made money licensing that BASIC interpreter to vendors!

So a built-in default BASIC interpreter bootloader app was one feature that BIOS had which UEFI did not. ….until now (and this one is not closed-source):

A BASIC interpreter for UEFI.

https://github.com/logern5/UEFI_Basic

Android boot flow and Verified Boot docs updated

August 10, 2018 ~ hucktech ~ Leave a comment

Last week, Google updated the documentation on the Android boot flow and Verified Boot:

https://source.android.com/security/verifiedboot/

https://source.android.com/security/verifiedboot/verified-boot

https://source.android.com/security/verifiedboot/boot-flow

Google seeks Fall Intern for LinuxBoot

August 10, 2018 ~ hucktech ~ Leave a comment

See tweet:

I am looking for a FALL intern to work on @LinuxBootOrg-related boot security projects at Google this year! (~Oct-Dec, Bay Area) Must be in school, at any level (Bachelor's – PhD). DMs are open.

— chris @hugelgupf@hachyderm.io (@hugelgupf) August 8, 2018

Detours now open source

August 10, 2018 ~ hucktech ~ Leave a comment

Nice to see that Microsoft has open-sourced Detours!

Wasn’t aware of that Detours for x64/ARM64 was open sourced. Could be handy or a good reference implementation to make your own. CC @brucedang https://t.co/dAz6ujxjGA

— Satoshi Tanda (@standa_t) August 10, 2018

https://github.com/Microsoft/Detours

https://github.com/microsoft/Detours/wiki

Rosenbridge: Hardware backdoors in some x86 CPUs

August 10, 2018 ~ hucktech ~ 1 Comment

https://t.co/uCAENAwSdM amazing work by @xoreaxeaxeax from #blackhatusa2018

— Maxim Goryachy (@h0t_max) August 9, 2018

GOD MODE UNLOCKED: hardware backdoors in some x86 CPUshttps://t.co/Ph0IAL0Pyw
White paper coming tomorrow. @BlackHatEvents pic.twitter.com/qhZ1vFI7pL

— domas (@xoreaxeaxeax) August 9, 2018

https://github.com/xoreaxeaxeax/rosenbridge

Eclypsium: Remotely Attacking System Firmware

August 10, 2018 ~ hucktech ~ 1 Comment

At BlackHat, Eclypsium gave a great talk with an overview of platform firmware security threats, focusing on network-based attacks, including poorly-tested OEM firmware update implementations.

Don't miss our presentation "Remotely Attacking System Firmware" with @jessemichael & @HackingThings at #BlackHat2018 tomorrow 1:30pm in South Pacific F: https://t.co/QmDabencJ3 pic.twitter.com/ipZ85gjFVE

— Alex Bazhaniuk (@ABazhaniuk) August 7, 2018

Here is the video from our @BlackHatEvents presentation "Remotely Attacking System Firmware", and as customary with such things, calculator must be involved.https://t.co/4EkAoRjeZs

— Mickey (@HackingThings) August 9, 2018

“Update Mechanism Flaws Allow Remote Attacks on UEFI Firmware” by @LindseyOD123 covering most recent research presented by @Eclypsium’s @HackingThings @jessemichael & @ABazhaniuk at #BHUSA https://t.co/XIOp6ZszJl

— Yuriy Bulygin (@c7zero) August 8, 2018

Black Hat 2018: Update Mechanisms Allow Remote Attacks on UEFI Firmware

https://www.blackhat.com/us-18/briefings/schedule/index.html#remotely-attacking-system-firmware-11588

Booting the Mac: loading boot.efi and Secure Boot

August 10, 2018 ~ hucktech ~ 1 Comment

Booting the Mac: loading boot.efi and Secure Boot https://t.co/h6xBXlkI72

— Howard Oakley, Eclectic Light Co (@howardnoakley) August 10, 2018

Booting the Mac: loading boot.efi and Secure Boot

MicroPython for UEFI and Intel MicroPython-based UEFI test framework released

August 10, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/03/20/intel-implementing-micropython-as-a-uefi-test-framework/

MicroPython for UEFI systems is available, see Brian’s edk2-devel list posting and the Tianocore wiki for more details:

https://lists.01.org/pipermail/edk2-devel/2018-August/028339.html

https://github.com/tianocore/edk2-staging/tree/MicroPythonTestFramework

https://github.com/tianocore/edk2-staging/tree/MicroPythonTestFramework/MicroPythonPkg

https://github.com/tianocore/edk2-staging/tree/MicroPythonTestFramework/MpyTestFrameworkPkg

https://micropython.org/

Free Software Foundation certifies 2 new devices for ‘Respect Your Freedom’ program

August 6, 2018 ~ hucktech ~ Leave a comment

Actually, these two devices were certified back in May, recent FSF RYF program activity is a status update:

The Zerocat Chipflasher and Minifree Libreboot X200 Tablet are now both certified to Respect Your Freedom. Our program helps users to find hardware that they can trust to come with freedom inside: https://t.co/a1MnYPzP55

— Free Software Foundation (FSF) @fsf@hostux.social (@fsf) August 2, 2018

Re: ChipFlasher: https://firmwaresecurity.com/2018/05/30/zerocat-chipflasher/

https://www.fsf.org/blogs/licensing/respects-your-freedom-certification-program-continues-to-grow

https://www.fsf.org/resources/hw/endorsement/respects-your-freedom

http://www.zerocat.org/shop-en.html

https://minifree.org/product/libreboot-x200-tablet/

Lenovo joins Linux Vendor Firmware Service (fwupd)

August 6, 2018 ~ penglish0 ~ Leave a comment

Paul again: I’m happy to see that Lenovo has joined the LVFS (aka: fwupd) for Linux! Our firmware security report (https://preossec.com/services/single-variant-firmware-security-report/) on the X1 Carbon 6th generation will reflect this fact. Congratulations to LVFS and Lenovo – sounds like it was a lot of work!

https://blogs.gnome.org/hughsie/2018/08/06/please-welcome-lenovo-to-the-lvfs/

BUSSide: a hardware hacking tool

August 6, 2018 ~ hucktech ~ Leave a comment

Non destructive (SPI flash) firmware dumping https://t.co/FB2SegcBhk with the BUSSide https://t.co/eXDYD8m8T6 and @infosectcbr

— Silvio Cesare (@silviocesare) August 6, 2018

http://busside.com.au/

https://store.bsidescbr.com.au/products/busside

FOSSbytes: How To Enter BIOS Utility (UEFI Settings) On All PCs And Boot From USB?

August 6, 2018 ~ hucktech ~ Leave a comment

Different manufacturers assign a specific key (or key combination) to boot into BIOS/UEFI directly. In this article, we hope to provide the possible keys in all PC to enter UEFI or BIOS mode[…]

How To Enter BIOS Utility (UEFI Settings) On All PCs And Boot From USB?

Article has a table with entries of most OEMs.

Regarding XDA’s stance on Huawei’s decision to stop bootloader unlocking

August 5, 2018 ~ hucktech ~ Leave a comment

Regarding XDA's stance on Huawei's decision to stop bootloader unlocking https://t.co/8muEHOqJHO pic.twitter.com/fj998VfThH

— XDA (@xdadevelopers) August 4, 2018

Back in April, Huawei’s form to request a bootloader unlock code mysteriously disappeared. Late May, the form returned but with a warning that the service would no longer work after 60 days. As promised, Huawei’s form is no longer available, meaning it’s no longer possible to unlock the bootloader of Huawei or Honor devices. This has obviously been disappointing to many users on our forums, but it’s been especially disappointing for us, the XDA Portal team. Some have wondered when we would be addressing the elephant in the room – that is, Honor’s sponsorship agreements with XDA – in light of this recent news. Here’s where we stand.[…]

https://www.xda-developers.com/xda-huawei-decision-stop-bootloader-unlocking/

VivienneVMM: a stealthy debugging framework implemented via an Intel VT-x hypervisor

August 5, 2018 ~ hucktech ~ Leave a comment

VivienneVMM – a stealthy debugging framework implemented via an Intel VT-x hypervisorhttps://t.co/FlqzkvI5dx

— Nicolas Krassas (@Dinosn) August 4, 2018

VivienneVMM is a stealthy debugging framework implemented via an Intel VT-x hypervisor. The driver exposes a hardware breakpoint control interface which allows a user mode client to set and clear breakpoints. These breakpoints are invisible to the guest.

https://github.com/changeofpace/VivienneVMM

BlueHat v18: First STRONTIUM UEFI Rootkit Unveiled

August 5, 2018 ~ hucktech ~ Leave a comment

@jiboutin and I will be there to present the first publicly known Sednit/APT28's UEFI rootkit. Very excited about it! #APT28 #Sednit #UEFI #Rootkit https://t.co/52SD8GSUSE

— Freddrickk (@Freddrickk_) August 2, 2018

Microsoft is proud to announce the schedule for #BlueHatv18. The conference will be held Sept 25-27, 2018 in Redmond, WA. Thank you to all who submitted abstracts for consideration. This is a strong schedule. #bluehat https://t.co/vvHQL0KVIk

— Phillip Misner (@phillip_misner) August 2, 2018

https://blogs.technet.microsoft.com/bluehat/2018/08/02/announcing-the-bluehat-v18-schedule/

New! Single Make / Model / Revision Firmware Security Report from PreOS Security

August 4, 2018 ~ penglish0 ~ Leave a comment

We’re both pretty excited to offer a new report. For any single make / model / revision of hardware, we’ll do an in-depth firmware security report. We will lead by posting example reports to this blog, in sections as (tagged!) blog posts, for:

Lenovo Carbon X1 6th Generation
Dell XPS 13 9370 (Early 2018)
Purism Librem 15 v3

Once we’re done, you’ll be able to access the full reports as a pdfs on the corporate site:

https://preossec.com/services/single-variant-firmware-security-report/

We think it is cool enough to include the entire corporate spiel here:

$500 USD.

You ship us a single example of a current, or intended fleet machine – laptop, desktop or server, and we’ll make you a firmware security report for that system. Use this report to inform purchasing decisions, system security positioning, and improve IT procedures such as firmware updates and incident response.

Example reports available September 2018 for Lenovo Carbon X1 6th Generation, Dell XPS 13 9370 (Early 2018) and Purism Librem 15v3.

If it is an Intel x86_64 machine, we will run:

CHIPSEC
Firmware Test Suite (FWTS)

and include an analysis of the results in the report.

We will run all publicly available firmware and hardware vulnerability tools and check version numbers, for known issues such as:

Intel AMT
Intel ME
AMD PSP
Spectre
Meltdown
Microcode
Rowhammer

We’ll include a comprehensive list of firmware on the system, and highlight potential issues such as:

Closed source binary blobs
Modifiable firmware
- How it can be modified (eg: desoldering and flashing chips, JTAG, I2C, etc)
- Compliance with applicable NIST standards
- Tools, updates and support availability from component manufacturer, and OEM
- Operational support, such as signed firmware updates via Windows update and Linux Vendor Firmware Service (aka: fwupd).

We will make recommendations if this system should not be used in sensitive areas such as:

Critical Infrastructure
DOD
PCI
HIPAA
Executives (CEO, CTO, etc)
Finance
Legal

MrChromebox has UEFI updates for Skylake/Kabylake Chromeboxes

August 3, 2018 ~ hucktech ~ Leave a comment

https://twitter.com/MrChromebox/status/1025217121410850816

https://mrchromebox.tech/