Introducing the new AMD Ryzen K9! Accelerate your pet experience with the best technology available, just in time for #YearOfTheDog! pic.twitter.com/UlDcjE3Mih
— AMD (@AMD) April 1, 2018
April 1st: AMD announces Ryzen K9
Category: Uncategorized
texplained.com: hardware security resources
Thanks to its facilites & expertise, Texplained is able to explore and analyse the security of any IC on the market.
Here is a bunch of resources that can be useful to chip enthusiasts who want to go deeper into silicon:
A collection of optical and Electronic images at different magnifications
Of a great diversity of chips: microcontrollers, FPGA, microprocessors, SoCs
From the most renowned chip makers: Altera, Atmel, Cypress, Infineon, Microchip, Microsemi, NXP, ST Microelectronics, Texas Instruments, Xilinx….
This is free. Simply name Texplained for any usage other than personal.
BranchScope: a new side-channel attack on directional branch predictor
efivm: EFI ByteCode (EBC) Virtual Machine
This tool is an experiment to try to implement an EFI Byte Code Virtual Machine
Geoff Chappell: Secure Boot internals
https://twitter.com/mattifestation/status/980082458715500545
https://twitter.com/mattifestation/status/980082458715500545
DRAFT: Take more than your usual care.
SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION
The SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION structure is what a successful call to ZwQuerySystemInformation or NtQuerySystemInformation produces in its output buffer when given the information class SystemSecureBootPolicyFullInformation (0xAB).
Documentation Status
The SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION structure is not documented.
http://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ex/sysinfo/secureboot_policy_full.htm
Intel releases version 066 of the Software Dev Manuals
https://software.intel.com/en-us/articles/intel-sdm
At present, downloadable PDFs of all volumes are at version 066. The downloadable PDF of the Intel® 64 and IA-32 architectures optimization reference manual is at version 039. Additional related specifications, application notes, and white papers are also available for download.
MORF – AMI’s open source Redfish Framework in OpenBMC
Total Meltdown for Windows 7: follow-up
DiskImageCreator: designed to help people attack the machine with a secure chain-of-trust boot process in UEFI BIOS
[[
UPDATE: adding URL, which I forgot in original post:
https://github.com/tsunghowu/DiskImageCreator
]]
DiskImageCreator : A python utility to process the input raw disk image and sign MBR/partitions with given corresponding keys.
Signing Tool for boot security validation.
This python utility is designed to provide a baseline for people who may be interested in attaching the machine with secure boot process built-in. The secure boot process is a customized chain-of-trust boot flow in UEFI BIOS. It will exam the target disk image(in MBR) and see if it is properly signed by the root key controlled by owner. This utility is to help owner to create a signed image with owner keys.
This tool is designed to help people attack the machine with a secure chain-of-trust boot process in UEFI BIOS.
cgasm: command line tool that provides x86 assembly docs
PS4 4.55 BPF Race Condition Kernel Exploit Writeup
https://twitter.com/cybergibbons/status/979680338006958081
PS4 4.55 BPF Race Condition Kernel Exploit Writeup
Cryptogenic Update PS4 4.55 BPF Race Condition Kernel Exploit Writeup
Note: While this bug is primarily interesting for exploitation on the PS4, this bug can also potentially be exploited on other unpatched platforms using FreeBSD if the attacker has read/write permissions on /dev/bpf, or if they want to escalate from root user to kernel code execution. As such, I’ve published it under the “FreeBSD” folder and not the “PS4” folder.[…]
Update on Microsoft UEFI Github projects
Re: https://firmwaresecurity.com/2017/11/01/microsoft-uefi-capsule-update-package-on-github/
Last year at the UEFI Forum Spring Plugfest, Microsoft announced a new Github tree with UEFI-centric code.
This year, they talked about some new code on that tree.
Honestly, I thought that they haven’t been doing anything in a year, but it ends up all the activity has been in the BRANCHES:
https://github.com/Microsoft/MS_UEFI
For example:
https://github.com/Microsoft/MS_UEFI/tree/share/MsCapsuleSupport
So, there’s a lot of new Microosoft UEFI-related code on this tree, just not on the master. 🙂
Stealthy dopant-level hardware Trojans
Stealthy dopant-level hardware Trojans: extended version
Georg T. Becker, Francesco Regazzoni, Christof Paar, Wayne P. Burleson
In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical-infrastructure applications, could be maliciously manipulated during the manufacturing process, which often takes place abroad. However, since there have been no reported hardware Trojans in practice yet, little is known about how such a Trojan would look like and how difficult it would be in practice to implement one. In this paper we propose an extremely stealthy approach for implementing hardware Trojans below the gate level, and we evaluate their impact on the security of the target device. Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to most detection techniques, including fine-grain optical inspection and checking against “golden chips”. We demonstrate the effectiveness of our approach by inserting Trojans into two designs—a digital post-processing derived from Intel’s cryptographically secure RNG design used in the Ivy Bridge processors and a side-channel resistant SBox implementation—and by exploring their detectability and their effects on security.
FWAudit 0.0.1 released
I have released 0.0.1 — milestone 1 — of Firmware Audit (fwaudit). It is *NOT* ready to use yet. Milestone 2 should start to be usable.
FWAudit is a Python script that calls various tools, CHIPSEC, FirmWare Test Suite, acpidump, etc. See the readme and other documents for more info in abilities, and current issues.
CeLoader: A UEFI bootloader for Windows CE
CELoader is an EFI application that can load and boot to a Windows CE kernel (NK.EXE). The code is fairly simple but demonstrates the ability to read and write the console, read files and query and configure the graphics system. The loader configures the BootArgs structure with information needed by the kernel. Finally, the loader jumps to the entry point of the CE kernel.
Ulf: Total Meltdown (Windows 7)
LSI SAS2008/SAS2108 SBR writing tool for Linux
Duo Security: Microcontroller Firmware Recovery Using Invasive Analysis
Microcontroller Firmware Recovery Using Invasive Analysis
https://duo.com/blog/microcontroller-firmware-recovery-using-invasive-analysis
UEFI for Binary Ninja users
A blog post on using Binary Ninja to analyze UEFI:
HP seeks iLO firmware developer intern
“[…]Summer intern to work on the iLO team (Integrated Lights Out).
iLO firmware provides industry leading remote management in each HPE ProLiant server.
This position will be to work on enhancements in our functionality and tools.[…]”
Firmware Security 
You must be logged in to post a comment.