https://www.phoronix.com/scan.php?page=news_item&px=Intel-Open-Source-FSP-Likely
Please leave a Comment on this post if you have more info, other than above.
Intel releases 5 new security advisories
Intel® QuickAssist Technology for Linux Advisory
INTEL-SA-00211
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00211.html
Intel® System Defense Utility Vulnerability Advisory
INTEL-SA-00209
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00209.html
Intel® Parallel Studio Vulnerability Advisory
INTEL-SA-00208
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00208.html
Intel® Solid State Drive Toolbox File Permissions Advisory
INTEL-SA-00205
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00205.html
Intel® VTune Amplifier 2018 Update 3 Advisoy
INTEL-SA-00194
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00194.html
1BitSquared’s iCEBreaker FPGA: open source iCE40 FPGA dev board
FreeBSD 12.0 released
https://twitter.com/FreeBSD_RE/status/1072564698938261505
Highlights — from my perspective — include:
* The bsdinstall(8) utility now supports UEFI+GELI as an installation option.
* The bhyve(8) utility is now able to be run withing a jail(8).
https://lists.freebsd.org/pipermail/freebsd-announce/2018-December/001856.html
https://www.freebsd.org/releases/12.0R/relnotes.html
PS: There’re a few days left to purchase a FreeBSD 25th Anniversary t-shirt:
https://www.customink.com/fundraising/freebsd25
PSRedfishEventListener: Redfish Event Listener in PowerShell
The Redfish specification supports event mechanism through which the target redfish devices can send events from different components in the system to an event listener. This project provides an event listener that is create in native PowerShell.
https://github.com/rchaganti/PSRedfishEventListener
https://www.powershellmagazine.com/2018/11/13/redfish-event-listener-in-powershell/
AMI joins LVFS (fwupd)
Great! Welcome AMI!
https://blogs.gnome.org/hughsie/2018/12/07/ami-joins-the-lvfs/
AMI is the world’s largest BIOS firmware vendor, supplying firmware and tools to customers such as Asus, Clevo, Intel, AMD and many others. If you’ve heard of a vendor using Aptio for firmware updates, that means it’s from them. AMI has been testing the LVFS, UpdateCapsule and fwupd for a few months and is now fully compatible.
And a small teaser:
Also, expect another large vendor announcement soon. It’s the one quite a few people have been waiting for.
Super Hexagon: A Journey from EL0 to S-EL3
Welcome to a journey of AArch64 kernel exploitation, from the least privileged, to the most secure privilege level on the ARMv8 platform. For this year’s HITCON CTF, I played with my academic team, Kernel Sanders. When scanning through the problems, I quickly latched on to the Super Hexagon challenge once I heard it involved ARM exploitation.
https://hernan.de/blog/2018/10/30/super-hexagon-a-journey-from-el0-to-s-el3/
Lecture: Modchips of the State: Hardware implants in the supply-chain
https://twitter.com/qrs/status/1072141831620755457
Hardware implants and supply chain attacks have been in the news recently, but how feasible are they and what can we do about them? In this talk we’ll examine the design of a proof of concept SPI bus hardware implant that has similar capabilities to those described in the Bloomberg/Supermicro article as well as some countermeasures that we can use to try to detect these “modchips” and increase our trust in our systems.
We don’t know how much of the Bloomberg story about hardware implants installed in Supermicro servers shipped to Apple and Amazon is true, nor do we know the story behind the story and the reasons for the vehement denials by all the parties involved.
However, a technical assessment of details of the describe implants reveals that a supply chain attack on the hardware is definitely possible, that the capabilities of the BMC can be used to bypass OS protections, and that there are means to access the BMC that would not necessarily generate readily identified network traffic.
In this talk we’ll examine the design of a proof of concept SPI bus hardware implant that has similar capabilities to those described in the Bloomberg/Supermicro article as well as some countermeasures that we can use to try to detect these “modchips” and increase our trust in our systems.
https://fahrplan.events.ccc.de/congress/2018/Fahrplan/events/9597.html
snapper: a simulator of Redfish service on x86
A simulator for common Redfish service running on x86, with end to end solution for HTTP service, Redfish specification compliant engine, custom implementation of standard/oem schema and utilities serving Redfish schema upgrade and specification update.
35c3 Chaos West : 9 out of 10 x86_64 firmware vendors will hate this talk!
9 out of 10 x86_64 firmware vendors will hate this talk!
We’ll give a short introduction what you might find in your machines firmware and tell the story of two hackers that magically found tens of thousands x86_64 firmware images in their backyard as well as their journey to explore common configuration fuckups, update frequencies and potential security risks.
https://fahrplan.chaos-west.de/35c3chaoswest/talk/7ZSFL9/
https://fahrplan.chaos-west.de/35c3chaoswest/talk/
(Let’s hope the publish this repository of images….)
Google Android on Pixel Verified Boot Fingerprint privilege escalation
CVE-2018-9567
The most severe vulnerability in this section could enable a local attacker to bypass user interaction requirements in order to gain access to additional permissions.
https://source.android.com/security/bulletin/2018-12-01
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9567
Drill Apple Core: Up and Down – Fuzz Apple Core Component in Kernel and User Mode for Fun and Profit
VmcsAuditor – A Bochs-Based Hypervisor Layout Checker
Uberducky – a wireless USB Rubber Ducky triggered via BLE
Zimperium: FreeRTOS TCP/IP Stack Vulnerabilities – The Details
CVE-2018-12155, INTEL-SA-00202: Intel Integrated Performance Primitives advisory
Advisory Category: Software
Impact of vulnerability: Information Disclosure
Severity rating: MEDIUM
Original release: 12/05/2018
A potential security vulnerability in Intel® IPP may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Data leakage in cryptographic libraries for Intel(R) IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access. Intel recommends that users of Intel® IPP update to 2019 update1 or later. Updates are available for download […] Intel would like to thank an Wichelmann (Universität zu Lübeck), Ahmad Moghimi (Worcester Polytechnic Institute), Thomas Eisenbarth (Universität zu Lübeck) and Berk Sunar (Worcester Polytechnic Institute) for reporting this issue and working with us on coordinated disclosure.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12155
EFI-Firmware-Password-Simulator: macOS EFI Password Simulator
A new macOS EFI password tool has appeared on Github today
…but I’ve no time today to look at how it works. 😦
CLOSED-SOURCE WARNING: The project includes a few pre-compiled .EFI binaries but no source, so be careful.
https://github.com/smileycreations15/EFI-Firmware-Password-Simulator
See-also:
MNT Reform DIY Laptop: A free and open source modular computing platform
MNT Reform DIY Laptop
A free and open source modular computing platform
Goals: Security, Transparency, Hackability — All power to the user!
Thoroughly understand it on the electrical, mechanical and software levels
Take it apart, modify and upgrade it without regret
Repair it yourself with simple 3D printed parts and the hardware store
Reclaim your privacy and security: No microphone, camera or management engine
https://www.crowdsupply.com/mnt/reform/updates/prototype-unboxing-videos
https://blog.hackster.io/mnt-reform-a-modular-open-source-diy-arm-based-laptop-3fdcb901e830
Formal Verification of RISC-V cores with riscv-formal
Learn how to use formal Assertion Based Verification (ABV) and open-source tools to formally verify HDL designs, and how to use the properties and formal test benches in the riscv-formal framework to formally verify RISC-V cores with ease. This tutorial is aimed specifically at HDL design engineers without in-depth knowledge of formal methods who want to add formal ABV to their verification toolbox.
Making Sure A Heterogeneous Design Will Work
Why the addition of multiple processing elements and memories is causing so much consternation. An explosion of various types of processors and localized memories on a chip or in a package is making it much more difficult to verify and test these devices, and to sign off with confidence.[…]
Firmware Security 
You must be logged in to post a comment.