TianoCore mailing list migration to 01.org begins

May 4, 2015 ~ hucktech ~ Leave a comment

The first step of the migration from the SourceForge-hosted mailing lists to Intel 01.org-hosted lists is underway:

https://lists.01.org/mailman/listinfo/edk2
http://www.tianocore.org/news/2015/05/01/UnderConst.html

Today, on the edk2-devel mailing list, Joe Peterson of Intel announced the availability of the replacement EDK2 mailing list:

“Due to community feedback, a new mailing list is being set up to replace this one. The new list will be hosted on Lists.01.org and should be more stable and consistent than this one. The host has an opt-in policy and will not allow the current subscription list to be imported so you will need to subscribe yourself. The timing of the final conversion to the new list is still to be determined, but in the meantime you can sign up for the new list here: https://lists.01.org/mailman/listinfo/edk2/ . Please keep all relevant communications on this channel and do not use the new one for patches or questions yet. Feel free to post questions/comment/concerns to this current list. Stay tuned for more updates… A list of the content changes / improvement being worked can be found here: http://www.tianocore.org/news/2015/05/01/UnderConst.html . Thank you.”

Stages Cycling firmware update

May 4, 2015 ~ hucktech ~ Leave a comment

Firmware updates are everywhere these days. Your bicycle might need a firmware update! 🙂 As reported by the Bicycle Retailer[1], today Stages Power[2], makers of embedded hardware for the bicycle industry, issued a firmware update, to address a variety of issues, including a “Startup/Shutdown routine bug fixes eliminating potential to over-burden battery.” Full details from the Stages support site[3]. I’ll admit, I don’t know what embedded OS and firmware solution they’re based on. Does anyone know?

[1] http://www.bicycleretailer.com/product-tech/2015/05/04/stages-issues-firmware-update-power-meter-and-app
[2] http://www.stagescycling.com/stagespower
[3] http://support.stagescycling.com/support/solutions/articles/1000043365-stages-power-meter-firmware-release-details-and-history

GIGABYTE 9-Series UEFI update available

May 1, 2015 ~ hucktech ~ Leave a comment

GIGABYTE Enables Support for Upcoming 5th Gen Intel® Core™ Processors
Entire Range of GIGABYTE 9 Series Motherboards including Z97/H97 Now Compatible with Simple BIOS Update

2015/04/30

Taipei, Taiwan, April 30th, 2015 – GIGABYTE TECHNOLOGY Co. Ltd., a leading manufacturer of motherboards and graphics cards is proud to announce their entire line-up of Z97 and H97 motherboards now support the soon-to-launch 5th Generation Intel® Core™ processors. GIGABYTE engineers have tested and validated all GIGABYTE 9 series motherboards including Z97 and H97 chipset-based motherboards to ensure optimal performance for 5th Generation Intel® Core™ processors. Users wanting to take advantage of all the features of 5th Gen Intel® Core™ processors have to offer at launch, simply need to download the latest UEFI BIOS from the GIGABYTE website.

Read the full press release:

http://www.gigabyte.us/press-center/news-page.aspx?nid=1362

Firmware and IoT Security

May 1, 2015 ~ hucktech ~ Leave a comment

Richard Quinnell of EDN has a story about IoT security, “First three rules of IoT security”.

Excerpt: “First, plan on making your device able to have its firmware remotely updated in a secure manner.”

Read the entire document here:
http://www.edn.com/electronics-blogs/eye-on-iot-/4439342/First-three-rules-of-IoT-security

InFocus projector firmware vulnerability detected

May 1, 2015 ~ hucktech ~ Leave a comment

Read the full story at ThreatPost:

Authentication Vulnerabilities Identified in Projector Firmware
By Chris Brook
April 28, 2015 , 11:42 am

Authentication Vulnerabilities Identified in Projector Firmware

UEFI Forum releases new specs and SCTs

May 1, 2015 ~ hucktech ~ Leave a comment

The UEFI Forum announced availability of the PI Spec v1.4, the ACPI Spec v6.0, the UEFI Spec v2.5, and Self-Certification Test (SCT v2.4B today.

PI Spec v1.4 changes:
* Graphics PPI: Launches graphics subsystem and memory controller in the PI layer, providing access to various operating systems including those that do not require full UEFI conformance.
* Multi-processor PPI: Initializes processors in the PI layer, creating a prime environment for parallelization, giving the system full use of multi-processor machines.
* Capsule PPI: Discovers operating-system-initiated firmware updates during run time and allows updates to be handled in the driver execution environment (DXE).
* No Execute Support: Protects firmware against compromised hypervisor or operating system firmware.

ACPI Spec v6.0 changes:
* CPU Topology Recognition: Identifies different CPU topologies, enabling finer control of SoCs—thereby improving power efficiency.
* Source Language Evolution: Introduces high-level language including symbolic operations and expressions for intuitive programming.

UEFI Spec v2.5 changes:
* Boot From HTTP: Provides an improved UEFI replacement for iPXE.
* Platform Recovery: Explicitly defines standard (non-emergency) boot options as well as OS and platform firmware recovery options for when the system boot fails.
* Connectivity Support: Supports Bluetooth® technology and Wi-Fi/EAP2.
* High Assurance Enterprise Replacement: Allows automated platform deployment for higher security Secure Boot configurations.

Read the full press release here:
http://www.uefi.org/node/897

Click to access UEFI%20Memory%20Specs%20Release%20Final_Apr%2030.pdf

CHIPSEC 1.1.9 released

April 29, 2015April 29, 2015 ~ hucktech ~ Leave a comment

Version 1.1.9 of CHIPSEC was just released (well, 2 days ago).

http://www.intelsecurity.com/advanced-threat-research/chipsec.html

https://github.com/chipsec/chipsec

UEFI Forum specs publicly-downloadable again

April 29, 2015 ~ hucktech ~ Leave a comment

A brief post, with a note of thanks:

Thank you to the UEFI Forum, for making the specifications more publicly available again!

http://www.uefi.org/specsandtesttools

(Earlier, the specs were downloadable directly from uefi.org, albeit with a click-to-download message. Later, the specs were no longer publicly-downloadable, but only for UEFI Forum members. Currently, the UEFI Forum has changed the access to the specs to be publicly-downloadable.

BTW, curent public UEFI spec is 2.4, but 2.5 is apparently be worked on, and they are meeting in May, so I hope that we’ll soon see UEFI 2.5 specs publicly-available later this month…

New info for Google Verified Boot and Kernelfinger bootloader

April 29, 2015 ~ hucktech ~ Leave a comment

Thanks to Andrew Boie of Intel for posting this information to the Android-IA list on 01.org:
https://lists.01.org/pipermail/android-ia/2015-April/000894.html

Andrew points to the new Google Verified Boot spec, the current public version of which is here:
https://source.android.com/devices/tech/security/verifiedboot/verified-boot.html

Andrew gave a talk about this at the Android Builder’s Summit:

Click to access ABS%20Lollipop%20MR1%20Verified%20Boot.pdf

First Post!

April 28, 2015 ~ hucktech ~ Leave a comment

Hi,

This is the first post to FirmwareSecurity.com blog! And it is my first post as a blogger, I’m a newbie blogger, bear with me while I learn how do blog properly. The focus of the blog is firmware security. 🙂 Firmware targets are UEFI, Coreboot, and BIOS. OS targets are mostly open source ones (Linux, Android, NanoBSD/FreeBSD, Chrome), but also track firmware issues and MacOSX and Windows.

FYI, I just gave a talk at LinuxFestNorthWest.org this last weekend, on firmware security tools. See the presentation PDF linked off the talk page:

http://linuxfestnorthwest.org/2015/sessions/building-your-linux-firmware-security-toolkit

I’ll be regiving this talk at an upcoming DC206 Meeting at Black Lodge Research, with a LUV-live lab added.

The highlight of LFNW for me was meeting the CEO of Sage Engineering, a Colorado-based BIOS vendor that works on open source firmware, including Coreboot firmware for Chrome systems. Very smart guys!

http://www.se-eng.com/