http://lists.llvm.org/pipermail/llvm-dev/2018-March/122085.html
Category: Uncategorized
OCP Summit 2018 presentations online
The OpenComputeProject Summit 2018 presentations are online:
https://www.youtube.com/results?search_query=ocpus18
SDQAnalyzer: A Saleae analyzer plugin for the SDQ (Apple Lightning, MagSafe, Battery) protocol
https://github.com/nezza/SDQAnalyzer
“A Saleae analyzer plugin for the SDQ (Apple Lightning, MagSafe, Battery) protocol.”
https://support.saleae.com/hc/en-us/articles/115005987726-Protocol-Analyzer-SDK
UbootKit: A Worm Attack for the Bootloader of IoT Devices
bootKit: A Worm Attack for the Bootloader of IoT Devices
The security of the IoT has never been so important, especially when millions of devices become parts of everyday life. Most of the IoT devices, however, are vulnerable to cyberattacks, as the hardware resources are limited or the security design is missing during the development. Tencent Anti-Virus Laboratory demonstrates a new worm prototype dubbed UbootKit, which targets the bootloader of IoT devices, to indicate how a worm can propagate between variable devices and why it is difficult to eliminate. UbootKit attack is a kind of manipulation attack against the bootloader, causing infected devices to be remotely controlled and spread malware to other devices. UbootKit is extremely difficult to remove, even by physically pressing the reset button, and is able to attack various kinds of IoT devices with Linux system. A demonstration will be introduced to explain how UbootKit is able to propagate between ARM and MIPS based devices. First, the worm rewrites the bootloader to parasite on the host. Second, the modified bootloader hijacks the start procedure of the Linux kernel in memory. The malicious code in the kernel will download a worm program and execute it with the root privilege. Finally, the downloaded worm program attacks other devices through password scanning or remote execution exploits. The experiment affirms that UbootKit is able to infect real IoT products, such as routers and webcams. Just to clarify, all experiments were restricted in the laboratory environment, and no harmful payload has ever been applied. The reason the UbootKit attack can be launched is that the integrity verification for bootloader is missing for most IoT devices. At the end of the paper, a mitigation solution – which is adding an integrity verification procedure at the on-chip code – is explained to address the vulnerability.
slides:
Click to access asia-18-Yang-UbootKit-A-Worm-Attack-for-the-Bootloader-of-IoT-Devices.pdf
paper:
Click to access asia-18-Yang-UbootKit-A-Worm-Attack-for-the-Bootloader-of-IoT-Devices-wp.pdf
Microsoft Windows: Kernel Virtual Address (KVA) Shadow: mitigating Meltdown
KVA Shadow: Mitigating Meltdown on Windows
On January 3rd, 2018, Microsoft released an advisory and security updates that relate to a new class of discovered hardware vulnerabilities, termed speculative execution side channels, that affect the design methodology and implementation decisions behind many modern microprocessors. This post dives into the technical details of Kernel Virtual Address (KVA) Shadow which is the Windows kernel mitigation for one specific speculative execution side channel: the rogue data cache load vulnerability (CVE-2017-5754, also known as “Meltdown” or “Variant 3”). KVA Shadow is one of the mitigations that is in scope for Microsoft’s recently announced Speculative Execution Side Channel bounty program. It’s important to note that there are several different types of issues that fall under the category of speculative execution side channels, and that different mitigations are required for each type of issue. Additional information about the mitigations that Microsoft has developed for other speculative execution side channel vulnerabilities (“Spectre”), as well as additional background information on this class of issue, can be found here. Please note that the information in this post is current as of the date of this post.[…]
https://blogs.technet.microsoft.com/srd/2018/03/23/kva-shadow-mitigating-meltdown-on-windows/
Toshiba: Infineon TPMs, Security Feature Bypass Vulnerability
Infineon Technologies Trusted Platform Modules (TPMs), Security Feature Bypass Vulnerability
Document ID: 4015874
Posted Date: 2018-03-20
Last Updated: 2018-03-20
Infineon® Technologies Trusted Platform Modules (TPMs), Security Feature Bypass Vulnerability
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Potential Security Impact: A security vulnerability exists in certain Trusted Platform Module (TPM) firmware. The vulnerability weakens key strength. It is important to note that this is a firmware vulnerability, and not a vulnerability in the operating system or a specific application. Toshiba is working closely with Infineon® to validate their fix and ensure it works across Toshiba’s range of products. Until firmware updates are available, it is recommended that people and companies using Toshiba PCs and devices that incorporate TPMs to take steps to maintain the security of their systems and information.
Toshiba’s TPM Firmware Release Schedule:[…]
Source: Infineon® & Microsoft® Security TechCenter
Using Intel C/Fortran to mitigate against Spectre/Meltdown
https://twitter.com/DevZoneBlog/status/977257032364494849
Using Intel® Compilers to Mitigate Speculative Execution Side-Channel Issues
Jennifer J. (Intel)
March 23, 2018
Table of Content:
Disclaimers
Introduction
Mitigating Bounds Check Bypass (Spectre Variant 1)
Mitigating Branch Target Injection (Spectre Variant 2)
How to Obtain the Latest Intel® C++ Compiler and Intel® Fortran Compiler
Conclusion and Further Reading
https://software.intel.com/en-us/c-compilers
https://software.intel.com/en-us/qualify-for-free-software
Vincent on how to pronounce UEFI and ACPI :-)
Vincent has a new blog post, first new post in months. It covers UEFI and Open Compute Project, and amongst other things, how to pronounce “UEFI” and “ACPI.
http://vzimmer.blogspot.com/2018/03/open-platforms-and-21-or.html
MeshCmd: new Intel AMT command line tool
Intel has a new AMT command line tool — not a GUI! — for Windows and Linux:
https://software.intel.com/en-us/blogs/2018/03/22/meshcmd-new-intel-amt-command-line-tool
Intel ME crypto info (in Russian)
Intel on security -vs- debug policy
Verified Boot – Introduction to U-Boot’s Secure Boot
Verified Boot – Introduction to U-Boot’s Secure Boot
Submitted by admin on Sun, 09/24/2017 – 13:37
First things first, Uboot for the uninitiatited is an open source bootloader that is commonly used on Linux ARM, and MIPS systems, but has roots in the PowerPC (PPC) days. It supports a number of computer architectures and is secretly hiding away in many devices you or I use everyday (e.g., home routers).[…]
HackBGRT: How to change Windows Boot Logo using HackBGRT
Re: https://firmwaresecurity.com/2016/05/21/hackbgrt-changes-windows-boot-logo-on-uefi-systems/
https://github.com/Metabolix/HackBGRT
People are constantly searching for “HackBGRT” is constantly being hit on this blog search site. Here’s a new article on how to use it:
http://www.thewindowsclub.com/change-windows-boot-logo-using-hackbgrt
Microsoft Project Denali
Microsoft creates industry standards for datacenter hardware storage and security
March 20, 2018
Kushagra Vaid General Manager, Azure Hardware Infrastructure
Today I’m speaking at the Open Compute Project (OCP) U.S. Summit 2018 in San Jose where we are announcing a next generation specification for solid state device (SSD) storage, Project Denali. We’re also discussing Project Cerberus, which provides a critical component for security protection that to date has been missing from server hardware: protection, detection and recovery from attacks on platform firmware. Both storage and security are the next frontiers for hardware innovation, and today we’re highlighting the latest advancements across these key focus areas to further the industry in enabling the future of the cloud.[…]
Microsoft creates industry standards for datacenter hardware storage and security
Project Denali to define flexible SSDs for cloud-scale applications
http://www.eweek.com/storage/microsoft-announces-project-denali-ssd-storage-specification-effort
ARM to add PSA to Trusted Firmware-M (and new threat model docs available)
ARM has new threat model docs available for their PSA, and have announced that they’ll be releasing ARM Trusted Firmware with PSA support at the end of the month, you can give them your email address to be notified when it is released.
[…]we announced a major program to improve IoT security, called Platform Security Architecture (PSA). PSA is a common framework aiming to provide a holistic approach to IoT security.[…]Now available! Open Source Trusted Firmware-M. Arm wants to make security simpler and more cost effective, by making high quality reference code and documents accessible – as security becomes more complex, all developers need access to these resources. We have released the first open source reference implementation firmware that conforms to the PSA specification, Trusted Firmware-M, at the end of March 2018.[…] Download now: Threat Models and Security Analyses documentation: The TMSA is a starting point for assessing the security risk facing a selection of connected devices. From this research, the right level of security can be determined, and then functional requirements established to mitigate the threats.
https://pages.arm.com/psa-resources.html
https://www.trustedfirmware.org/
https://www.arm.com/news/2018/02/psa-next-steps-toward-a-common-industry-framework-for-secure-iot
https://community.arm.com/iot/b/blog/posts/the-next-step-for-psa-and-a-secure-iot-future
https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Centre
https://github.com/ARM-software/arm-trusted-firmware
FWTS 18.03.00 is released
FWTS 18.03.00 is released.
New Features:
* ACPICA: Update to version 20180313
* dmi: dmicheck: add chassis type for Type 3
http://fwts.ubuntu.com/release/fwts-V18.03.00.tar.gz
https://launchpad.net/~firmware-testing-team/+archive/ubuntu/ppa-fwts-stable
https://wiki.ubuntu.com/FirmwareTestSuite/ReleaseNotes/18.03.00
https://launchpad.net/ubuntu/+source/fwts
UEFI tool: UEFI image parsing tools in Go language
UEFI tool: This repository will contain tools to parse and manipulate UEFI firmware images.
https://github.com/insomniacslk/uefi
Not to be confused with UEFITool, which is in C++, not Go.
AMD responds to CTS Labs vulns
“[…]AMD will provide additional updates on both our analysis of these issues and the related mitigation plans in the coming weeks.”
While many feel that CTS Labs did not do a good job at disclosure, AMD has also not been doing a good job at updating the world about it’s vulns. Still no CVE for the PSP vuln from January, which is related to this one. Does AMD only reply-to vulns which have 24 hour limit response threats, and ignore ones that do not? Why haven’t we seen some response like above for the below fulldisclosure vuln?
INTEL-SA-00117: Intel SGX Elevation of Privilege
Intel® SGX SDK Edger8r and Intel® Software Guard Extensions Platform Software Component
Intel ID: INTEL-SA-00117
Product family: Intel® SGX
Impact of vulnerability: Elevation of Privilege
Severity rating: Important
Original release: Mar 19, 2018
[…]CVE-2018-3626: The Edger8r tool in the Intel® Software Guard Extensions (SGX) Software Development Kit (SDK) before version 2.1.2 (Linux) and 1.9.6 (Windows) may generate code that is susceptible to a side channel attack, potentially allowing a local user to access unauthorized information. CVE-2018-5736: An elevation of privilege in Intel® Software Guard Extensions Platform Software Component before 1.9.105.42329 allows a local attacker to execute arbitrary code as administrator. CVE-2018-3626: Recently it was reported that the Edger8r Tool, a software component of the Intel® Software Guard Extensions (SGX) Software Development Kit (SDK), may generate C source code potentially leading to a software based side-channel vulnerability. […]Intel would like to thank Jo Van Bulck, Frank Piessens, and Raoul Strackx of Ku Leuven University for reporting CVE-2018-3626 and working with us on coordinated disclosure.
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00117&languageid=en-fr
IBM providing their OpenBMC code to Linux Foundation
[…]IBM is providing their OpenBMC code base to The Linux Foundation, and this project will be supported by several organizations, including Facebook, Google, Intel, and Microsoft. The community is looking to expand and invites contributors from across the industry to come together in defining and creating the OpenBMC stack.[…]The Linux Foundation is pleased to welcome OpenBMC to our family of open source projects and to work with the community to support its growth.[…]
Firmware Security 
You must be logged in to post a comment.