EFI-Clang: build UEFI apps with Clang and LLD

April 20, 2018 ~ hucktech ~ 1 Comment

efi-clang: build UEFI applications with the Clang compiler and LLD linker. Of course, you’ll need to have those installed. I tested this with Clang v. 6.0.0. I use Arch Linux, so I installed pacman -S clang lld. […] If you built a similar application using gnu-efi, you’ll notice this executable is substantially smaller. […]

https://github.com/yoppeh/efi-clang

Intrinsic Rowhammer PUFs: Leveraging the Rowhammer Effect for Improved Security

April 19, 2018 ~ hucktech ~ Leave a comment

someone found a way to use the Rowhammer effect for device authentication and key derivation https://t.co/FptrxF87Zo [pdf]

— yan (@bcrypt) April 18, 2018

Intrinsic Rowhammer PUFs: Leveraging the Rowhammer Effect for Improved Security

Physically Unclonable Functions (PUFs) have become an important and promising hardware primitive for device fingerprinting, device identification, or key storage. Intrinsic PUFs leverage components already found in existing devices, unlike extrinsic silicon PUFs, which are based on customized circuits that involve modification of hardware. In this work, we present a new type of a memory-based intrinsic PUF, which leverages the Rowhammer effect in DRAM modules – the Rowhammer PUF. Our PUF makes use of bit flips, which occur in DRAM cells due to rapid and repeated access of DRAM rows. Prior research has mainly focused on Rowhammer attacks, where the Rowhammer effect is used to illegitimately alter data stored in memory, e.g., to change page table entries or enable privilege escalation attacks. Meanwhile, this is the first work to use the Rowhammer effect in a positive context – to design a novel PUF. We extensively evaluate the Rowhammer PUF using commercial, off-the-shelf devices, not relying on custom hardware or an FPGA-based setup. The evaluation shows that the Rowhammer PUF holds required properties needed for the envisioned security applications, and could be deployed today.

Chrome OS firmware change may support Verified Boot of Windows?

April 19, 2018 ~ hucktech ~ Leave a comment

[…]A recent branch title “firmware-eve-campfire” was discovered in the Chromium gerrit, accompanied by changes referencing “AltOS” and “go/vboot-windows.” That, combined that with the addition of placeholder strings for “Chrome OS” and “AltOS” being added to all languages, suggests that a future Chrome OS device, codenamed “Eve” will have the capability to boot more than one operating system. The commit was found by -nbsp- on Reddit. Obviously, with a name like “vboot-windows,” it is easy to jump to the conclusion that the feature is intended for Microsoft Windows, though little information about this is available. Most of the relevant code is hidden behind the private gerrit for Google employees, making it difficult to ascertain how this works and what it is intended for. According to a post at XDA-developers, it seems possible that this could be used for non-Windows OSes, such as Linux, or whatever Google Fuschia actually is.[…]

https://www.techrepublic.com/article/a-mysterious-chrome-os-commit-could-hint-at-a-chromebook-that-dual-boots-windows/

Debugging UEFI

April 19, 2018 ~ hucktech ~ Leave a comment

This old article has been offline for a while, just got back online:
https://code.bluestop.org/w/tianocore/debugging-with-gdb/

This is a new article:
https://github.com/tianocore/tianocore.github.io/wiki/How-to-debug-OVMF-with-QEMU-using-GDB

This is not new, but is still useful:
https://github.com/tianocore/tianocore.github.io/wiki/Testing-SMM-with-QEMU,-KVM-and-libvirt

Spring UEFI Forum plugfest videos uploading

April 19, 2018 ~ hucktech ~ Leave a comment

Looks like some of the videos from the recent plugfest are now online, there’s at least one security video online available:

https://www.youtube.com/channel/UCNB_fDQLXM9lGLu9ODPAnKw

Lai (Lux ACPI Implementation): AML for Lux, a Unix-like OS

April 18, 2018 ~ hucktech ~ Leave a comment

Lux is a new Unix-like operating written for the PC, aiming for high performance with minimal requirements. Lai, the Lux ACPI Implementation, is an implementation of ACPI’s Machine Language (AML) written for use with lux, but with portability in mind. As such, lai is portable and OS-independent. It depends on a few OS-specific functions, and so a small layer is written for each OS lai is to be used with, and this requires no changes to the core code of lai.

https://github.com/omarrx024/lux
https://omarrx024.github.io/

https://github.com/omarrx024/lai
https://omarrx024.github.io/docs/lai.html

Microsoft Azure Sphere

April 18, 2018 ~ hucktech ~ Leave a comment

The #AzureSphere excitement continues throughout the week at #RSAC! Visit @caitie & others at the Microsoft booth in the North Expo Hall: https://t.co/xMwAhoNkR4 pic.twitter.com/KHnuIz3t9s

— Microsoft Security (@msftsecurity) April 18, 2018

Today’s Azure Sphere announcement marks a significant step forward in IoT security & unlocking innovation with the billions of devices coming to the intelligent edge. #AzureSphere @Azure https://t.co/uNvrh3bp6M

— Julia White (@julwhite) April 16, 2018

Announcing Microsoft Azure Sphere, envisioned through research, built with product expertise. It’s how Microsoft will help to secure and transform billions of new devices coming to the intelligent edge: https://t.co/vj9tWY4qnC #AzureSphere #IoT #Security pic.twitter.com/PZCzdYfkzT

— Microsoft Research (@MSFTResearch) April 16, 2018

Our IoT security will extend to all connected devices with one tiny chip. Meet #AzureSphere: https://t.co/JoGF5TdLCQ pic.twitter.com/h1k36RdMeY

— Microsoft (@Microsoft) April 16, 2018

https://www.microsoft.com/en-us/azure-sphere/
https://www.microsoft.com/en-us/azure-sphere/about/
https://ms-device-contact.com/

Introducing Microsoft Azure Sphere: Secure and power the intelligent edge

https://www.microsoft.com/en-us/azure-sphere/details/
https://www.mediatek.com/products/azureSphere/mt3620

A diagram that shows the MCU architecture. It includes sections for: Microsoft Pluton Security Subsystem, flash, Connectivity, application processor, SRAM, real-time processor, and firewalls.

Tianocore updates EDK II Driver Writer’s Guide for UEFI 2.3.1

April 18, 2018 ~ hucktech ~ Leave a comment

The UEFI Driver Writer's Guide is now available in gitbook format. More info at https://t.co/lzlvOL9DCJ pic.twitter.com/kVAk3hJFVl

— tianocore (@tianocore) April 18, 2018

https://github.com/tianocore/tianocore.github.io/wiki/UEFI-Driver-Writer’s-Guide

https://edk2-docs.gitbooks.io/edk-ii-uefi-driver-writer-s-guide/

seL ported to RISC-V

April 18, 2018 ~ hucktech ~ Leave a comment

seL, in addition to Intel and ARM, now supports RISC-V!

https://github.com/seL4/seL4/tree/master/include/arch/riscv/arch
https://sel4.systems/pipermail/devel/2018-April/001928.html
https://docs.sel4.systems/Hardware/RISCV
https://sel4.systems/About/seL4/
https://riscv.org/

PS: seL is not the only OS porting to RISC-V, here’s the Debian port:
https://groups.google.com/a/groups.riscv.org/forum/#!topic/sw-dev/u4VcUtB9r94

PS: RISC-V is getting active, and has had lots of newsworthy events that I’ve not covered:
https://riscv.org/news/

John joins Eclypsium

April 18, 2018 ~ hucktech ~ Leave a comment

I am very excited to have started my new role as VP of Engineering at Eclypsium. We are building defenses for attacks targeting firmware and hardware.

— John Loucaides (@JohnLoucaides) April 18, 2018

!!!

An Introduction to Counterfeit ICs: Counterfeiting, Detection and Avoidance Methods

April 18, 2018 ~ hucktech ~ Leave a comment

https://t.co/C8vM94lT5S

— rev (@AlanJGay) April 13, 2018

An Introduction to Counterfeit ICs: Counterfeiting, Detection and Avoidance Methods
Yahya Tawil
23rd December 2017

An Introduction to Counterfeit ICs: Counterfeiting, Detection and Avoidance Methods

Click to access SIA%20Anti-Counterfeiting%20Whitepaper.pdf

see also Bunnie’s post on SD cards counterfeits https://t.co/gJZaNlV1no

— Igor Skochinsky (@IgorSkochinsky@infosec.exchange) (@IgorSkochinsky) April 14, 2018

http://www.bunniestudios.com/blog/?page_id=1022

Linaro Connect: Vancouver, BC in September

April 18, 2018 ~ hucktech ~ Leave a comment

“The next Linaro Connect will take place at the Hyatt Regency in Vancouver, 17-21 September 2018. We will open registration in April 2018.”

http://connect.linaro.org/

Archive of last Linaro Connect from Hong Kong:

http://connect.linaro.org/hkg18/resources/

What You Don’t Know about Firmware Might Get You ∅wn3d

April 17, 2018 ~ hucktech ~ Leave a comment

Brian Richardson of Intel has an article on firmware security. It even mentions CHIPSEC and NIST 147!

Firmware threat models might be the droids you're looking for.

This will make more sense if you attend "What you don’t know about firmware might get you ∅wn3d" at ESC Boston (Apr 19, 8am, Room 107C).https://t.co/jxu6YkbNrb @ESC_Conf #firmware #uefi #Security pic.twitter.com/d0Rz0DzUUT

— Brian Richardson (on LinkedIn) (@BrianOnChips) April 12, 2018

Check out my article in this month's edition of Embedded Systems Engineering (What You Don’t Know about Firmware Might Get You ∅wn3d | Embedded Intel® Solutions) https://t.co/SVtFHlcXI9

— Brian Richardson (on LinkedIn) (@BrianOnChips) April 17, 2018

http://eecatalog.com/intel/2018/04/09/what-you-dont-know-about-firmware-might-get-you-own3d/#.WtZPvUZ6xU0.twitter

Leif Lindholm on GNU-EFI (and blog site changed)

April 17, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2017/01/06/leif-on-qemu-and-usb-host-device-pass-through/

Leif Lindholm of Linaro has moved his blog, from http://blog.eciton.net/ to https://station.eciton.net/

I think his RSS feed follows the transition: https://station.eciton.net/index.rss

His most recent post is on using GNU-EFI:

https://station.eciton.net/fun-and-games-with-gnu-efi.html

Intel Security Essentials: A Built-in Foundation with Security at the Core

April 17, 2018 ~ hucktech ~ Leave a comment

Intel Threat Detection Technology (TDT) announced at RSA. Includes GPU-powered antivirus code.

https://newsroom.intel.com/editorials/securing-digital-world-intel-announces-silicon-level-security-technologies-industry-adoption-rsa-2018/

https://software.intel.com/en-us/blogs/2018/04/16/intel-security-essentials-a-built-in-foundation-with-security-at-the-core

https://www.intel.com/content/www/us/en/security/hardware/hardware-security-overview.html

https://www.engadget.com/2018/04/17/intel-malware-scanner-gpu-processor-cpu-speed/

https://arstechnica.com/gadgets/2018/04/intel-microsoft-to-use-gpu-to-scan-memory-for-malware/

https://twitter.com/diodesign/status/986099399104212993

Intel Security Essentials

more on INTEL-sa-00087

April 17, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/04/03/intel-sa-00087-unsafe-opcodes-exposed-in-intel-spi-based-products/

Lenovo has an advisory now:

https://support.lenovo.com/us/en/solutions/LEN-16445

Could an Intel chip flaw put your whole computer at risk?

Unsafe Opcodes exposed in Intel SPI based products( INTEL-SA-00087/CVE-2017-5703): https://t.co/A8BjnI0kpd Lenovo Security Advisory: LEN-16445 https://t.co/tviWkrkuEi

— Hardened-GNU/Linux (@hardenedlinux) April 17, 2018

Curious if this Intel SPI issue affects Apple as well, given the range of included CPU generations. https://t.co/ZmaTDHV2mD

— Pepijn Bruienne 🐶🌲🧀💴 (@bruienne) April 17, 2018

According to the public info, it's an Intel chipset config error from firmware so most x86 OEM vendors( included Apple) are likely have the same issue.

— Hardened-GNU/Linux (@hardenedlinux) April 17, 2018

INTEL-SA-00110: BIOS SW SMI Call-Out EoP

April 17, 2018 ~ hucktech ~ Leave a comment

Intel® NUC BIOS SW SMI Call-Out

Intel ID: INTEL-SA-00110
Product family: Intel® NUC Kits
Impact of vulnerability: Elevation of Privilege
Severity rating: Important
Original release: Apr 17, 2018
Last revised: Apr 17, 2018
Summary:

This update will improve the security of system firmware for the below listed Intel NUC models. Intel has identified a potential vulnerability in Intel NUC kits with insufficient input validation in system firmware that potentially allows a local attacker to elevate privileges to System Management Mode (SMM). Intel highly recommends that users update to the latest firmware version (see table above).

Intel would like to thank Embedi for reporting this issue and working with us on coordinated disclosure.

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00110&languageid=en-fr