Fall UEFI plugfest presentations uploaded

Fall 2017 UEFI Plugfest – October 30-November 3, 2017

State of the UEFI – Mark Doran (UEFI Forum President)
UEFI Security Response Team (USRT) – Dick Wilkins (UEFI Forum)
“Last Mile” Barriers to Removing Legacy BIOS – Brian Richardson (Intel)
UEFI Firmware Security Concerns and Best Practices – Dick Wilkins (Phoenix)
Strategies for Stronger Software SMI Security in UEFI Firmware – Tim Lewis (Insyde)
UEFI in Arm Platform Architecture – Dong Wei (ARM)
Self-Certification Tests (SCTs) in UEFI World – Eric Jin (Intel) and Alex Hung (Canonical)
Firmware Test Suite -Uses, Development, Contribution and GPL – Alex Hung (Canonical)
Near Field Communication (NFC) and UEFI – Tony Lo (AMI)
EDK2 Platforms Overview – Leif Lindholm (Linaro)
UEFI Manageability and REST Services – Abner Chang (HPE) and Ting Ye (Intel)



Intel open sources HAXM, Hardware Accelerated Executation Manager for Mac/Windows

Intel Hardware Accelerated Execution Manager (HAXM)

HAXM is a hardware-assisted virtualization engine (hypervisor) that uses Intel Virtualization Technology to speed up IA (x86/ x86_64) emulation on a host machine running Windows or macOS. It started as an Android SDK component, but has recently transformed itself into a general accelerator for QEMU. HAXM can be built as either a kernel-mode driver for Windows or a kernel extension for macOS.[…]








Purism Librem15 fails CHIPSEC security tests

Current Purism Librem15 systems — based on Intel x64/coreboot/SeaBIOS tech — results in 3 FAILs and 1 WARNING from CHIPSEC:

The UEFI Forum recommends that OEMs pass CHIPSEC’s tests before shipping units to customers. I wish modern BIOS-based OEMs would also heed that advice… The default install is to use an MBR-based partition, so also be wary of all of the existing BIOS-centric, MBR-based rootkits. Adhere all ‘evil maid’ warning signs with this laptop. If you have corporate policies that require NIST 800-147/155/193 requirements, you might have to work hard to justify this device. I wish it were not true: configurable or secure, choose one.

In other computer review news: the trackpad did not work during initial install, had to be rebooted. I’m guessing trackpad drivers aren’t integrated? You’ll have to use external mouse if you need to click on something during install of Linux. Same with backlit key and display intensity features: only worked after OS setup. Firmware security pedantry aside, nice hardware. Fan rarely kicks in, unlike some OEMs. It is nice to see a Mac-style trackpad instead of a PC-style touchpad with 2 explicit button areas, I’ve grown to dislike those. Startup and poweroff are both very fast. Reminds me of what a modern non-UEFI system should be like. Great, except we’re no longer in a world where security can be ignored. If you want an insecure BIOS box, you’ll probably enjoy this system. If you care about security, this is a BIOS box….


ReFirm labs gets 1.5mil in funding, launches Centrifuge Platform

[…] Led by National Security Agency (NSA) alumni, ReFirm Labs aims to close the firmware security gap exploited by hackers to gain control of or disable IoT devices such as digital cameras, home appliances, routers, servers, printers and other connected machines. These common devices can be remotely taken over, destroyed or hijacked for Botnet attacks that effectively shut down or slow major web services such as Twitter, Spotify, Netflix, and PayPal. Distributed denial of service (DDoS) attacks use infected devices to bombard websites and have cost some organizations as much as $22,000 a minute in lost business and remediation costs. “Manufacturers often have little visibility or control over the firmware of third-party components that are integrated into their devices,” said ReFirm Labs CEO and co-founder Terry Dunlap, an NSA veteran with deep experience in wireless network security. “ReFirm Labs’ Centrifuge Platform makes it possible to rapidly assess the security posture of a device at any point in the lifecycle chain, identifying backdoor accounts, hard-coded passwords and potential zero-day threats.” Other key members of the ReFirm Labs team include co-founder and CTO Peter Eacmen, a Naval Postgraduate School alumni and former Department of Defense cyber expert for the NSA, FBI, and US Special Forces; and Principal Research Engineer Craig Heffner, author of the open source firmware project “binwalk,” a tool for reverse engineering compiled firmware images of embedded systems, and Firmware Mod-Kit. Additionally, John Stewart, Chief Security Officer of Cisco and Jay Emmanuel, Chief Architect at DataTribe, joined the ReFirm Labs board of directors.[…]



Palantir on osquery

Palantir has a new blog post on OSquery.

[…]The goal of this blog post is twofold: first, to provide configuration guidance for a multi-platform osquery deployment, and second to describe our open-source set of osquery configurations:[…]

Arg, WordPress messes up medium.com-based URLs. Remove the 2 spaces in the below URL, or click on the URL from the above tweet instead:
https://  medium.com /@palantir/osquery-across-the-enterprise-3c3c9d13ec55




CopperheadOS: business model concerns

CopperheadOS is “A security and privacy focused mobile operating system compatible with Android apps.“.

It appears the company is having problems trying to monetize an open sourced operating system. I hope they can solve things, they’re doing interesting security things with Android.