find_tables.py: a script to find gST, gBS, gRT
https://github.com/mytbk/radare-uefi
Category: Uncategorized
4th annual Hardwear.io: CfP open
New UEFI-centric web site: uefi.tech (@uefitech)
Unclear who created this site, but if you are looking for UEFI resources here is a new web site:
There’s even a ‘web board’ on Firmware Security:
http://www.uefi.tech/viewforum.php?f=7&sid=368672e20c14a5429658f2c541f594c4
This is a peroiodic reminder that any link I point to may not be secure, use proper online security when accessing any new resource.
ARM: documents CSDB (Consumption of Speculative Data Barrier) instruction
Hmm, I can’t find the updated docs that Igor mentions above.
https://developer.arm.com/support/security-update/latest-news/cache-speculation-issues-update
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0406c/index.html
https://alastairreid.github.io/natural-specs/
https://alastairreid.github.io/ARM-v8a-xml-release/
https://alastairreid.github.io/dissecting-ARM-MRA/
https://alastairreid.github.io/arm-v8_3/
https://developer.arm.com/products/architecture/a-profile/exploration-tools
Intel seeks BIOS/UEFI Tools Developer
BIOS-UEFI Firmware Tools Engineer
As BIOS-UEFI Firmware Tools Engineer you will develop tools and scripts needed for build and test automation infrastructure that is the backbone of the the Continuous Integration process in Intel’s Data Center UEFI firmware BIOS team.[…]
https://jobs.intel.com/ShowJob/Id/1573600/BIOS%20UEFI%20Firmware%20Tools%20Engineer
PS: I need to figure out a way to get some swag/etc from jobs that’re filled via this blog. ;-(
PS: Intel HR: spaces in URLs is generally frowned upon.
PSSysmonTools: SysMon Tools for PowerShell
OPCDE’18 presentations uploaded
BSidesMUC’18: ARM shellcode and exploit development materials uploaded
Open Source Hardware certification update
The Open Source Hardware Association (OSHWA) has updated their certification:
After almost a year and a half of community discussion, OSHWA unveiled the Open Source Hardware Certification Program at the 2016 Open Hardware Summit. Today, with the help of a major grant from the Sloan Foundation, we are excited to announce that we are taking major steps towards Certification 2.0. The original certification program has some fairly straightforward goals. It is designed to make it easy for creators to identify their hardware as compliant with the community definition of open source hardware, as well as make it easy for users to know that hardware that is advertised as “open source” meets their expectations. The certification process gives a creator confidence that they have done everything required to call their hardware open source. The certification logo gives users confidence that they will be able to access, build upon, and hack any hardware that they receive. We didn’t know what to expect when we launched the certification program and have been blown away by the results. There are currently 170 certified hardware projects from 18 countries on 5 continents participating in the program.[…]
WinMagic on Microsoft Pre-Boot Full Disk Encryption Authentication
WinMagic makes full-disk encryption products, including a UEFI one, which the UEFI CA (Microsoft) signs, AFAIK.
Is Microsoft really claiming Pre-Boot Authentication for Full Disk Encryption is not necessary?[…]To summarize, Microsoft has got this one wrong. The fault in their logic is thinking that PBA is limited to protection against memory attacks AFTER automatically unlocking the drive. They missed the whole point of PBA, which is to prevent anything being read from the drive, such as the operating system BEFORE the user has confirmed they have the correct password or other credentials. PBA is a necessary component of a FDE solution in order to fully achieve the confidentiality (and compliance) that full disk encryption is capable of providing.
Microsoft adds temporary Spectre/Meltdown bug bounty
Mid-last month Microsoft announced a temporary bug bounty, good until the end of the year, on speculative execution:
Microsoft Speculative Execution Side Channel Bounty Program
https://blogs.technet.microsoft.com/msrc/2018/03/14/speculative-execution-bounty-launch/
Lenovo: securing the supply chain
Lenovo has a blog post on supply chain security:
[…]Have you ever considered whether the PC’s delivered to your business contain the same components installed by the manufacturer?[…]
http://blog.lenovo.com/en/blog/securing-the-supply-chain/
Lenovo: please publish hashes for your online firmware images!
Quarks Lab: dumping flash chips, blog series
Quarks Lab has a 2-part blog series on dumping flash chips:
First part of a blog post series about our approach to dump a flash chip. In this article we describe how to desolder the flash, design and build the corresponding breakout board. This blog post series will detail simple yet effective attacks against embedded devices non-volatile memories. This type of attack enables you to do the following:
* read the content of a memory chip;
* modify the content of a memory chip;
* monitor the accesses from/to a memory chip and modifying them on the fly (Man-In-The-Middle attack).
In particular, the following topics will be discussed:
* Desoldering of a flash chip;
* Conception of a breakout board with KiCAD;
* PCB fabrication and microsoldering;
* Addition of a breakout board on an IoT device;
* Dump of a SPI flash;
* Dump of a parallel flash;
* Man-in-the-Middle attacks.
AMPC: new ACPI table by Ampere Computing
Please leave a comment on this blog if you can find their spec, UEFI does not have a pointer to it.
http://www.uefi.org/acpi_id_list?search=&order=field_acpi_approved_on_date&sort=asc
http://uefi.org/acpi
https://amperecomputing.com/
GlobalLogic: U-Boot and Android Verified Boot
Noticed a new document on Slideshare on U-Boot and AVB:
Forensics acquisition: Analysis and circumvention of Samsung Secure Boot enforced Common Criteria Mode
https://doi.org/10.1016/j.diin.2018.01.008
https://www.sciencedirect.com/science/article/pii/S1742287618300409
Forensics acquisition: Analysis and circumvention of samsung secure boot enforced common criteria mode
Gunnar Alendal, Geir Olav Dyrkolbotn, StefanAxelssonab
The acquisition of data from mobile phones have been a mainstay of criminal digital forensics for a number of years now. However, this forensic acquisition is getting more and more difficult with the increasing security level and complexity of mobile phones (and other embedded devices). In addition, it is often difficult or impossible to get access to design specifications, documentation and source code. As a result, the forensic acquisition methods are also increasing in complexity, requiring an ever deeper understanding of the underlying technology and its security mechanisms. Forensic acquisition techniques are turning to more offensive solutions to bypass security mechanisms, through security vulnerabilities. Common Criteria mode is a security feature that increases the security level of Samsung devices, and thus make forensic acquisition more difficult for law enforcement. With no access to design documents or source code, we have reverse engineered how the Common Criteria mode is actually implemented and protected by Samsung’s secure bootloader. We present how this security mode is enforced, security vulnerabilities therein, and how the discovered security vulnerabilities can be used to circumvent Common Criteria mode for further forensic acquisition.
ME Analyzer 1.48.0 released
Maxim and Dmitry speaking on Intel ME at CONFidence
Alex speaking at OPCDE
How to update Chrome OS firmware to improve security
How to update Chrome OS firmware to improve security
By Andy Wolber
1. Check Chrome OS firmware version
2. Save settings and files
3. Create Chrome recovery media
4. Update with a Powerwash
Full article:
https://www.techrepublic.com/article/how-to-update-chrome-os-firmware-to-improve-security/
See-also:
https://support.google.com/chromebook/answer/183084
https://support.google.com/chromebook/answer/3296214
https://support.google.com/chrome/a/answer/1360642
https://support.google.com/chromebook/answer/1080595
Firmware Security 
You must be logged in to post a comment.