The Embedded Base Boot Requirements (EBBR) specification defines requirements for embedded systems to enable inter-operability between SoCs, hardware platforms, firmware implementations, and operating system distributions. The aim is to establish consistent boot ABIs and behaviour so that supporting new hardware platforms does not require custom engineering work.
Server partners expect to be able to deploy new systems directly from the shipping box, with straightforward integration of the operating systems and applications of their choosing. To achieve this, it is necessary for the Arm server ecosystem to define and comply to a minimal set of standards. This is of particular importance for the server and infrastructure market, as unlike the mobile sector, it is not acceptable to have to modify the operating system for every platform. Standards allow compatibility across different products, while enabling the individual partners to innovate and differentiate within these boundaries.[…]
Linaro Community Projects Division announces the Trusted Firmware open project
San Jose – WEBWIRE – Tuesday, October 16, 2018
The Trusted Firmware project promises to provide an important software foundation to further security development for both Cortex-A and Cortex-M/R processors. Linaro Community Projects Division, the division of Linaro managing open source community projects with open governance, today announced that Trusted Firmware is available as a Linaro Community Projects Division open project. Trusted Firmware provides a reference implementation of Secure World software for Armv7, Armv8-A and Armv8-M architectures. It provides SoC developers and OEMs with a reference trusted code base complying with the relevant Arm specifications. This forms the foundations of a Trusted Execution Environment (TEE) on application processors, or the Secure Processing Environment (SPE) on microcontrollers.[…]
LAVA is a test harness for ARM hardware.
It appears to be changing from a Linaro project to more of a community project.
New web site:
Security: Limiting Exploits
Once an attacker has found a vulnerability to exploit, their next aim is to execute code to gain control of the machine they have accessed. Techniques used include ROP and JOP Attacks (Return- and Jump-Oriented Programming). These techniques find small sections (called gadgets) of vulnerable programs that chain together to run the code the attacker wants. These methods work because the architecture puts no restrictions on where code can branch to, or where branches can have come from. This enables attackers to use small snippets of functions, which do what they want.
In Armv8.3-A, we introduced the Pointer Authentication feature, which can be used to ensure functions return to the location expected by the program.
In Armv8.5-A, we introduce Branch Target Indicators (BTI). Systems supporting BTI can enforce that indirect branches only go to code locations where the instruction is one of a small acceptable list. This reduces the ability of an attacker to execute arbitrary code.
These two features work together to significantly reduce the number of gadgets available to an attacker. The gadgets that remain available are large in size, making it much harder for an attacker to make a viable exploit, even if they find a vulnerability that lets them gain access to a machine.
The third-annual Arm Research Summit – an academic summit to discuss future trends and disruptive technologies across all sectors of computing – will be returning to Cambridge, UK on 17-19 September 2018.
it appears ARM pulled the site. I can’t see this site anymore:
But the Wayback Machine appears to have made a snapshot:
This is a series of notes designed to be a walkthrough on how to configure the HiKey Kirin 620 to boot securely with ARM Trusted Firmware’s Trusted Board Boot. This does not use any proprietary settings or vendor-specific details about the SoC. Instead, the secure boot path relies on the SoC’s BOOT_SEL configured to boot solely from the eMMC. With this configuration there should be no way to interrupt or bypass the root of trust via runtime changes.[…]
See below blog for a few links to new projects.
Improving firmware updates for Internet of Things devices – the IETF SUIT Hackathon in Berlin/Germany
Last updated about 13 hours ago, by Hannes Tschofenig. Arm Research, hackathon
IoT devices commonly require security patches and updates to protect against known vulnerabilities. In this blog post Hannes Tschofenig highlights a recently-launched standardization effort in the Internet Engineering Task Force (IETF): the “Software Updates group for Internet of Things (SUIT)” working group. The report shares experiences from a Hackathon in Berlin, where several working group members met to work on code for firmware updates.
Working Group Formation and IETF London Hackathon
The Internet Engineering Task Force (IETF) met in London from March 17th – 23rd for the first face-to-face meeting of the IETF Software Updates group for Internet of Things (SUIT). The SUIT working group is chartered to develop firmware update solutions that can be implemented into Internet of Things (IoT) devices, especially microcontrollers with limited RAM and flash memory, such as 10 KiB RAM and 100 KiB flash. The focus of the group is simple: since many IoT devices require software updates to fix security vulnerabilities, the group will develop and standardize a secure approach to these updates. For IoT devices, this software update often comes in the form of a monolithic block, where the entire codebase running on the device, i.e. the firmware, is replaced in one shot.[…]
[…]This starts a series of two blogposts discussing hardware technologies that can be used to support TEE implementations:
* TrustZone from ARM
* SGX from Intel
As suggested by the title, this blogpost tells you more about TrustZone.[…]