Sail-Arm: Sail version of ARM ISA definition, currently for ARMv8.5-A

https://github.com/rems-project/sail-arm

see-also:

https://github.com/rems-project/sail

https://alastairreid.github.io/papers/FMCAD_16/

Super Hexagon: A Journey from EL0 to S-EL3

Welcome to a journey of AArch64 kernel exploitation, from the least privileged, to the most secure privilege level on the ARMv8 platform. For this year’s HITCON CTF, I played with my academic team, Kernel Sanders. When scanning through the problems, I quickly latched on to the Super Hexagon challenge once I heard it involved ARM exploitation.

https://hernan.de/blog/2018/10/30/super-hexagon-a-journey-from-el0-to-s-el3/

ARM releases EBBR 0.7 spec

The Embedded Base Boot Requirements (EBBR) specification defines requirements for embedded systems to enable inter-operability between SoCs, hardware platforms, firmware implementations, and operating system distributions. The aim is to establish consistent boot ABIs and behaviour so that supporting new hardware platforms does not require custom engineering work.

https://github.com/ARM-software/ebbr/releases/tag/v0.7

https://github.com/ARM-software/ebbr
https://github.com/ARM-software/ebbr/wiki

see-also:

https://www.uefi.org/sites/default/files/resources/Dong_Wei_ARM_Final.pdf
https://www.linaro.org/blog/the-boot-problem/

ARM announces ServerReady – a compliance program for Arm-based servers

Server partners expect to be able to deploy new systems directly from the shipping box, with straightforward integration of the operating systems and applications of their choosing. To achieve this, it is necessary for the Arm server ecosystem to define and comply to a minimal set of standards. This is of particular importance for the server and infrastructure market, as unlike the mobile sector, it is not acceptable to have to modify the operating system for every platform. Standards allow compatibility across different products, while enabling the individual partners to innovate and differentiate within these boundaries.[…]

https://community.arm.com/processors/b/blog/posts/arm-announces-server-ready-program-for-arm-based-servers

ARM Root of Trust APIs announced

https://community.arm.com/iot/b/blog/posts/how-psa-apis-will-enable-secure-devices-and-a-consistent-developer-experience

https://www.theregister.co.uk/2018/10/17/arm_psa_iot/

Accelerating development with PSA APIs

Intel, Arduino and myDevices join ARM’s Pelion IoT platform

https://www.arm.com/products/iot/pelion-iot-platform

https://www.arm.com/company/news/2018/10/pelion-iot-platform-ecosystem-announcement

Linaro announces the Trusted Firmware open project

Linaro Community Projects Division announces the Trusted Firmware open project
San Jose – WEBWIRE – Tuesday, October 16, 2018

The Trusted Firmware project promises to provide an important software foundation to further security development for both Cortex-A and Cortex-M/R processors. Linaro Community Projects Division, the division of Linaro managing open source community projects with open governance, today announced that Trusted Firmware is available as a Linaro Community Projects Division open project. Trusted Firmware provides a reference implementation of Secure World software for Armv7, Armv8-A and Armv8-M architectures. It provides SoC developers and OEMs with a reference trusted code base complying with the relevant Arm specifications. This forms the foundations of a Trusted Execution Environment (TEE) on application processors, or the Secure Processing Environment (SPE) on microcontrollers.[…]

https://www.webwire.com/ViewPressRel.asp?aId=230084

https://www.trustedfirmware.org/

 

ARM v8.5-A adds Branch Target Indicators for new security

https://community.arm.com/processors/b/blog/posts/arm-a-profile-architecture-2018-developments-armv85a

Security: Limiting Exploits

Once an attacker has found a vulnerability to exploit, their next aim is to execute code to gain control of the machine they have accessed. Techniques used include ROP and JOP Attacks (Return- and Jump-Oriented Programming). These techniques find small sections (called gadgets) of vulnerable programs that chain together to run the code the attacker wants. These methods work because the architecture puts no restrictions on where code can branch to, or where branches can have come from. This enables attackers to use small snippets of functions, which do what they want.

In Armv8.3-A, we introduced the Pointer Authentication feature, which can be used to ensure functions return to the location expected by the program.

In Armv8.5-A, we introduce Branch Target Indicators (BTI). Systems supporting BTI can enforce that indirect branches only go to code locations where the instruction is one of a small acceptable list. This reduces the ability of an attacker to execute arbitrary code.

These two features work together to significantly reduce the number of gadgets available to an attacker. The gadgets that remain available are large in size, making it much harder for an attacker to make a viable exploit, even if they find a vulnerability that lets them gain access to a machine.

ARM Research Summit

The third-annual Arm Research Summit – an academic summit to discuss future trends and disruptive technologies across all sectors of computing – will be returning to Cambridge, UK on 17-19 September 2018.

https://www.arm.com/company/events/research-summit

https://eu.eventscloud.com/ehome/index.php?eventid=200174782&tabid=200415056

 

ARM pulls RISC-V web site?

Re: https://firmwaresecurity.com/2018/07/10/arm-basics-com-arm-architecture-understand-the-facts/

and https://firmwaresecurity.com/2018/07/09/arm-on-risc-v-five-things-to-consider-before-designing-a-system-on-chip/

it appears ARM pulled the site. I can’t see this site anymore:

https://www.riscv-basics.com/

But the Wayback Machine appears to have made a snapshot:

https://web.archive.org/web/20180710134510/https://riscv-basics.com/

https://www.theregister.co.uk/2018/07/10/arm_riscv_website/

DIY Root of Trust using ARM Trusted Firmware on the 96Boards Hikey

This is a series of notes designed to be a walkthrough on how to configure the HiKey Kirin 620 to boot securely with ARM Trusted Firmware’s Trusted Board Boot. This does not use any proprietary settings or vendor-specific details about the SoC. Instead, the secure boot path relies on the SoC’s BOOT_SEL configured to boot solely from the eMMC. With this configuration there should be no way to interrupt or bypass the root of trust via runtime changes.[…]

https://casualhacking.io/blog/2018/7/8/diy-root-of-trust-using-arm-trusted-firmware-on-the-96boards-hikey

https://www.96boards.org/documentation/consumer/hikey/getting-started/

ARM v8.4A spec: online HTML as well as PDF

https://developer.arm.com/products/architecture/a-profile/docs/ddi0596/latest/a64-base-instructions-alphabetic-order/adc

https://developer.arm.com/products/architecture/a-profile