The slides and video of this webinar are now available.
Click to access UEFI%20Forum%20Redfish%20Webinar_Presentation%20Slides.pdf
Teardown of Apple Lightning video adapters (Haywire)
Click on the above Twitter URL for a thread with a teardown of Apple Lightning video adapters.
Slightly more info:
https://www.theiphonewiki.com/wiki/Haywire
https://panic.com/blog/the-lightning-digital-av-adapter-surprise/
https://www.apple.com/ca/shop/campaigns/lightning-connector
https://news.ycombinator.com/item?id=20544564 https://news.ycombinator.com/item?id=5307781
GRUB 2.04 release for ARM
Leif of Linaro posted a message with a bit of background on — and some patches for — GRUB on ARM, including the latest 2.04 release:
Spoiler alert, prepare a cup of coffee:
[...]Anyway, if you got this far, have (another) cup of coffee. See-also: https://www.gnu.org/software/grub/manual/grub/grub.html http://git.savannah.gnu.org/cgit/grub.git/
FWTS 19.07.00 is released
The July monthly release of FWTS (FirmWare Test Suite) is out, with multiple Intel MSR register tests, an ACPICA update. Hmm, all the URLs from the announcement are HTTPS …except the source link is HTTP. 😦 And the binary link for FWTS-live is also HTTP.
https://wiki.ubuntu.com/FirmwareTestSuite/ReleaseNotes/19.07.00
https://lists.01.org/pipermail/luv/2019-July/003156.html
https://launchpad.net/ubuntu/+source/fwts
https://launchpad.net/~firmware-testing-team/+archive/ubuntu/ppa-fwts-stable
http://fwts.ubuntu.com/release/fwts-V19.07.00.tar.gz
PugPkg: A sandbox package to build UEFI drivers using a front-end script
PUG: “Pug, the UEFI Guidedog”, or “the Programmer’s UEFI Guide”.
A front-end to build the UEFI driver(s) from a sandbox package.
LUV v2.4-rc2 released
[…]This release comes about 7 months after our last release.[…]
See the release notes for all the changes in this release:
https://lists.01.org/pipermail/luv/2019-July/003159.html
LUV is the Linux UEFI Validation project, a firmware (UEFI and BIOS) test distro for Intel UEFI/BIOS systems.
selfblow: [NVIDIA CVE‑2019‑5680] Selfblow exploit, when nvtboot blows a hole in itself
NVIDIA has released software security updates for NVIDIA® Jetson™ TX1 in the NVIDIA® Tegra® Linux Driver Package (L4T). The update addresses issues that may lead to code execution, denial of service, or escalation of privileges. To protect your system, download available updates from NVIDIA DevZone.[…]
https://nvidia.custhelp.com/app/answers/detail/a_id/4835
https://nvd.nist.gov/vuln/detail/CVE-2019-5680
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5680
This is an untethered coldboot exploit and as far as i can tell it affects every single Tegra device released so far. (Except the Nintendo Switch since it uses a custom bootloader.) Completely defeats secure boot even on latest firmware.[…]
KernelShark 1.0 released
It is finally official. We have finished and released KernelShark 1.0. It’s a completely new rewrite in Qt from the older KernelShark that was written in GTK. It’s faster, it’s more extensible, and easier to use.[…]
U-Boot NFS RCE Vulnerabilities (CVE-2019-14192)
By: Fermín J. Serna
July 24, 2019
This post is about 13 remote-code-execution vulnerabilities in the U-Boot boot loader, which I found with my colleagues Pavel Avgustinov and Kevin Backhouse. The vulnerabilities can be triggered when U-Boot is configured to use the network for fetching the next stage boot resources. Please note that the vulnerability is not yet patched at https://gitlab.denx.de/u-boot/u-boot, and that I am making these vulnerabilities public at the request of U-Boot’s master custodian Tom Rini. For more information, check the timeline below.[…]
coreboot GSoC update
Coreboot’s Google Summer of Code continues, with 2 students this Summer, with some Coverity fixes and UEFI improvements!
[GSoC] Ghidra firmware utilities, weeks 6-8
https://blogs.coreboot.org/blog/2019/07/17/gsoc-ghidra-firmware-utilities-weeks-6-8/
[GSoC] Ghidra firmware utilities, week 9
https://blogs.coreboot.org/blog/2019/07/24/4743/
[GSoC] Coreboot Coverity, weeks 5-7
https://blogs.coreboot.org/blog/2019/07/16/gsoc-coreboot-coverity-weeks-5-7/
Apple lets Nikolaj continue to work on UEFITool
Nikolaj stopped working on UEFITool when he joined Apple, because Apple apparently wouldn’t allow employees to work on open source projects. There’s been a change for the better:
If you haven’t looked at UEFITool yet, it is definately worth a look:
Aeon: A macOS app for Hackintoshes that will generate a pre-defined OpenCore EFI folder based off user selection of varies items.
A macOS app for Hackintoshes that will generate a pre-defined OpenCore EFI folder based off user selection of varies items.
https://github.com/Pavo-IM/Aeon
Note: project includes some binary-only .EFI files without source code.
coreboot 4.10 released
[…]In nearly 8 months since 4.9 we had 198 authors commit 2538 changes to master. Of these, 85 authors made their first commit to coreboot[…] the tree grew by about 11000 lines of code plus 5000 lines of comments.[…]Added 28 mainboards[…]
See the below announcement for more details. Luckily, the coreboot project is pretty good at giving an overview of the changes for each release:
InfinityHook: Hook Windows system calls, context switches, page faults and more
UEFI-Tetris: Tetris for UEFI
DemonSeed: miniaturizing HID attack hardware inside of USB cables
FOIA’ed info for 2010 OpenBSD IPsec backdoor
Rembember the suspected USGov backdoor into OpenBSD’s IPsec from around 2000? Here’s some more FOIA’d information on it, see multiple messages in this Twitter thread:
https://www.muckrock.com/foi/united-states-of-america-10/foia-fbi-openbsd-70084/
Redfish-Util: Utility for accessing the Redfish services on a BMC/Service Processor
A new Redfish command line tool, written in Rust:
USB Fuzzing: A USB Perspective
Syzkaller starts to support USB fuzzing recently and has already found over 80 bugs within the Linux kernel. Almost every fuzzing expert whom I talked to has started to apply their fuzzing techniques to USB because of the high-security impact and potential volume of vulnerabilities due to the complexity of USB itself. While this post is NOT about fuzzing or USB security in general, I hope to provide some insights for USB fuzzing in general as someone who has been doing research on USB security for a while.[…]
CERT-Bund: analysis of Windows 10 TPM and UEFI Secure Boot
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/SiSyPHus/Workpackage5_TPM-Nutzung.html
Firmware Security 
You must be logged in to post a comment.