Re: https://firmwaresecurity.com/2018/11/08/fall-2018-uefi-plugfest-presentations-uploaded/
The videos are online!
NintendoSwitchPkg: WIP UEFI EDK2 Implementation for Nintendo Switch
https://github.com/imbushuo/NintendoSwitchPkg
WIP UEFI EDK2 Implementation for Nintendo Switch
353C videos online or streaming soon…
Lots of stuff is happening at CCC…
PANDA-VM’s LAVA 2.0 released
LAVA (Large-scale Automated Vulnerability Addition) 2.0 is out. This is the PANDA (Platform for Architecture-Neutral Dynamic Analysis) VM LAVA, not the Linaro CI LAVA…
build-anywhere: Create highly portable ELF binaries using the build-anywhere toolchain
This post describes the basic requirements for compiling highly portable ELF binaries. Essentially using a newer Linux distro like Ubuntu 18.10 to build complex projects that run on older distros like CentOS 6. The details are limited to C/C++ projects and to x86_64 architectures. The low-level solution is to use a C++ runtime that requires only glibc 2.13+ runtime linkage and link all third-party libraries as well as the compiler runtime and C++ implementation statically. Do not make a “fully static” binary. You will most likely find a glibc newer than 2.13 on every Linux distribution released since 2011. The high-level solution is to use the build-anywhere scripts to build a easy-to-use toolchain and set compiler flags.[…]
GCC: Spectre V1 diagnostic / mitigation
UEFI-Rust: UEFI libraries and examples for Rust
Someone needs to sit down and clarify the various UEFI Rust bindings/libraries, which ones are better than others, which are usable, etc. I think there’s about 4 different Rust/UEFI implementations now.
Here’s a new set of UEFI/Rust bindings and samples.
UEFI-BGRT: Sample UEFI Shell C app to show ACPI BGRT table
Written in C. Requires Ruby. There are a few BGRT tools, this one is about a week old.
Nfish: C# .NET Redfish library
CopperheadOS: Verified Boot limitations
CopperheadOS appears to becoming active again. There is — AFAICT — a new document on Verified Boot security.
https://copperhead.co/android/docs/verified_boot_limitations
Chrome OS to block USB access while the screen is locked
ZeroNights 2018: videos/slides online
Security Issues Related to Pentium System Management Mode
In French. And has a transcript.
“Security Issues Related to Pentium System Management Mode”
Loïc Duflot Direction Centrale de la Sécurité des Systèmes d’Information SGDN/DCSSI 51 boulevard de la Tour Maubourg Paris
Intel: An update on SGX 3rd Party Attestation
Command Line Alias Attacks against Windows
Seeing the below tweet about, I wonder if anyone has done security testing against UEFI’s variables and shell aliases, similar to current attacks against the NT, the successor to OS/2, which also has console APIs (and variables).
Like Windows, UEFI also has command line shell alias command and API (part of the UEFI Shell protocol). UEFI was created back when the state-of-the-art of systems interfaces from Microsoft was OS/2 1.x, and one of the initial EFI developers was previously doing OS/2 1.x console API coding.
https://twitter.com/Hexacorn/status/1076257505829900289
https://github.com/tianocore/edk2/blob/master/ShellPkg/Library/UefiShellLevel3CommandsLib/Alias.c
https://en.wikipedia.org/wiki/Alias_(command)#cite_note-EFI-Shells-and-Scripting-3
https://github.com/tianocore/edk2/blob/master/MdePkg/Include/Protocol/Shell.h
http://h17007.www1.hpe.com/docs/iss/proliant_uefi/UEFI_Edgeline_103117/v28070872.html
ELVM/8cc: compile any C code into UEFI EBC binary
coreboot 4.9 released
https://twitter.com/coreboot_org/status/1075809504556736512
coreboot 4.9 has been released. There are lots of changes, but the project does a great job summarizing the changes in their announcement:
[…]In the little more than 7 months since 4.8.1 we had 175 authors commit 2610 changes to master. The changes were, for the most part, all over the place, touching every part of the repository: chipsets, mainboards, tools, build system, documentation. In that time we also had 70 authors made their first commit to coreboot.[…]
Microsoft: Introducing Project Mu
Re: https://firmwaresecurity.com/2018/10/12/microsoft-project-mu-adaptation-of-tianocores-edk2/ Microsoft has a new document introducing Project Mu:
https://blogs.windows.com/buildingapps/2018/12/19/%e2%80%afintroducing-project-mu/
INTEL-SA-00131: Intel Power Management Controller (PMC) EoP
Power Management Controller (PMC) Security Advisory
Intel ID: INTEL-SA-00131
Advisory Category: Firmware
Impact of vulnerability: Escalation of Privilege, Information Disclosure
Severity rating: HIGH
Original release: 09/11/2018
Last revised: 12/18/2018
A potential security vulnerability in power management controller firmware may allow escalation of privilege and/ or information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html
Firmware Security 
You must be logged in to post a comment.