ARM Innovator Program launched

October 24, 2017 ~ hucktech ~ Leave a comment

Big news, I’ve joined the Arm Innovator Program! Super excited about upcoming Arm security research and assembly funhttps://t.co/ON8tMjZPXg pic.twitter.com/A8hZSBSA1U

— Azeria (@Fox0x01) October 20, 2017

Arm is pleased to announce the launch of the Arm Innovator Program in collaboration with Hackster.io, the leading community dedicated to learning hardware. The Arm Innovator Program is a new initiative to help support the global ecosystem of Arm developers, highlight the impressive work happening around the world based on Arm technology and share key domain knowledge from top technical experts building solutions on Arm with a wider audience. Without further ado, we’re excited to announce the first group of Arm Innovators below; you’ll learn more about them later in the blog:

John Teel, President of Predictable Designs
Laura Kassovic, President and Co-founder of MbientLab
Forrest Iandola, CEO and Founder of DeepScale
Amit Moran, VP of Innovation at temi – the personal robot
Laurent Itti, Computational Neuroscientist, creator of the JeVois
Orlando Hoilett, PHD student and founder of Calvary Engineering
Renee Love, Open-source roboticist
Azeria – Independent Security Researcher, Founder of Azeria Labs
Andrew Dresner, Open-source roboticist
Honggang Li, Co-founder of Maker Collider

https://community.arm.com/company/b/blog/posts/introducing-the-arm-innovator-program-in-collaboration-with-hackster-io
https://www.arm.com/innovation/meet-innovators

ARM releases Platform Security Architecture

October 23, 2017 ~ hucktech ~ Leave a comment

ARM has announced a Platform Security Architecture.

As well, they’ve announced the ARM CryptoIsland family of TrustZone family.

And they’ve announced the ARM CoreSight SDC-600 Secure Debug Channel, which provides a dedicated path to a debugged system for authenticating debug accesses.

https://www.arm.com/news/2017/10/a-common-industry-framework

https://developer.arm.com/products/architecture/platform-security-architecture

https://community.arm.com/processors/b/blog/posts/platform-security-architecture-scalable-security-for-the-iot

https://developer.arm.com/products/system-ip/trustzone-security-ip/cryptoisland-family

https://developer.arm.com/products/system-ip/coresight-debug-and-trace/coresight-components/coresight-sdc-600-secure-debug-channel

Anti-disassembly on ARM with IDA

August 31, 2017 ~ hucktech ~ Leave a comment

Anti-disassembly instruction on ARM #MobileSecurity https://t.co/m8ITpJ2KZ1

— Mobile Security (@mobilesecurity_) August 30, 2017

[…]So what else is cool about this is, this is just one combination of invalid bytes that creates a PLD instruction the processor can ingest. There’s all sorts of combinations that will cause this same thing to happen

https://kbdsmoke.me/anti-disassembly-on-arm-ida-specifically/

ARM updates C/C++ compilers

August 13, 2017 ~ hucktech ~ Leave a comment

C and C++ update for Arm Compiler 6 > https://t.co/Z1G3MEiDUC

— Arm Embedded (@ArmEmbedded) August 12, 2017

ARM has updated it’s C/C++ compiler toolchains.

C and C++ update for Arm Compiler 6:
As you are hopefully aware, Arm Compiler 6 has been available for 3+ years now, and has grown in maturity, and optimization quality release on release. As I write this, the latest available version is 6.8, and 6.6 has been qualified for use in safety-related development. We offer full support for the latest Arm processors, across the Cortex-A, R, and M, and SecureCore families. Arm Compiler 6 is available within DS-5 and Keil MDK toolchains. Furthermore the qualified version is available for purchase stand-alone. Arm Compiler 6 is based on the LLVM framework, using the modern Clang compiler front-end, and this is reflected in the name of the executable, Armclang. The compiler is then integrated into the full Arm tools suite, enabling use of legacy assembler code built with Armasm, as well as gas format assembler directly with Armclang. Finally the Arm linker (Armlink) brings in the optimized C and C++ libraries, or if desired the size optimized Arm C MicroLib library, as well as (optionally) implementing link-time optimizations across the source code.[…]

https://community.arm.com/tools/b/blog/posts/c-and-cpp-update-for-arm-compiler-6
https://developer.arm.com/products/software-development-tools/compilers/Arm-compiler

NXP: designing IoT devices with secure boot

August 13, 2017 ~ hucktech ~ Leave a comment

Designing secure IoT devices starts with a secure boot – view the webinar OR download the whitepaper > https://t.co/ow0r5Hn4yO

— Arm Embedded (@ArmEmbedded) August 12, 2017

NXP has a webinar for IoT makers, talking about secure booting. ‘Webinar’ scared me, but there’s no registration required. 🙂

Watch this on-demand presentation to learn how to:
* Manage the life cycle of an IoT edge node from development to deployment.
* Leverage hardware and software offerings available with the Kinetis MCU portfolio that can help you protect against attacks.
* Ease the burden of secure IoT edge node development using new processors and architectures from ARM.

https://community.arm.com/processors/trustzone-for-armv8-m/b/blog/posts/designing-secure-iot-devices-starts-with-a-secure-boot

http://www.nxp.com/video/designing-secure-iot-devices-starts-with-a-secure-boot:DESIGNING-SECURE-IOT-DEVICES

slides: https://www.nxp.com/docs/en/supporting-information/Designing-Secure-IoT-Devices-Starts-with-a-Secure-Boot.pdf

Click to access Designing-Secure-IoT-Devices-Starts-with-a-Secure-Boot.pdf

vTZ: Virtualizing ARM TrustZone

August 7, 2017 ~ hucktech ~ Leave a comment

https://twitter.com/security_Kiwi/status/894174335493124096

vTZ: Virtualizing ARM TrustZone
Zhichao Hua, Jinyu Gu, Yubin Xia, Haibo Chen, Binyu Zang, Haibing Guan

ARM TrustZone, a security extension that provides a secure world, a trusted execution environment (TEE), to run security-sensitive code, has been widely adopted in mobile platforms. With the increasing momentum of ARM64 being adopted in server markets like cloud, it is likely to see TrustZone being adopted as a key pillar for cloud security. Unfortunately, TrustZone is not designed to be virtualizable as there is only one TEE provided by the hardware, which prevents it from being securely shared by multiple virtual machines (VMs). This paper conducts a study on variable approaches to virtualizing TrustZone in virtualized environments and then presents vTZ, a solution that securely provides each guest VM with a virtualized guest TEE using existing hardware. vTZ leverages the idea of separating functionality from protection by maintaining a secure co-running VM to serve as a guest TEE, while using the hardware TrustZone to enforce strong isolation among guest TEEs and the untrusted hypervisor. Specifically, vTZ uses a tiny monitor running within the physical TrustZone that securely interposes and virtualizes memory mapping and world switching. vTZ further leverages a few pieces of protected, self-contained code running in a Constrained Isolated Execution Environment (CIEE) to provide secure virtualization and isolation among multiple guest TEEs. We have implemented vTZ on Xen 4.8 on both ARMv7 and ARMv8 development boards. Evaluation using two common TEE-kernels (secure kernel running in TEE) such as seL4 1 and OP-TEE shows that vTZ provides strong security with small performance overhead.

Click to access fetch.php

CHIPSEC for ARM: to be released at Black Hat

July 25, 2017 ~ hucktech ~ Leave a comment

I nearly missed this CHIPSEC announcement in the below Black Hat abstract. Exciting.

Patching hypervisor on ARM based phone to give user app R/W permissions to kernel memory #BHUSA with @ABazhaniuk https://t.co/utxFBTdbzR pic.twitter.com/9pM9aQqf2t

— Yuriy Bulygin (@c7zero) July 24, 2017

Blue Pill for Your Phone
By Oleksandr Bazhaniuk & Yuriy Bulygin

In this research, we’ve explored attack surface of hypervisors and TrustZone monitor in modern ARM based phones, using Google Nexus 5X, Nexus 6P, and Pixel as primary targets. We will explain different attack scenarios using SMC and other interfaces, as well as interaction methods between TrustZone and hypervisor privilege levels. We will explore attack vectors which could allow malicious operating system (EL1) level to escalate privileges to hypervisor (EL2) level and potentially install virtualization rootkit in the hypervisor. We will also explore attack vectors through SMC and other low level interfaces, interactions between TrustZone and hypervisor (EL2) privilege levels. To help with further low level ARM security research, we will release ARM support for CHIPSEC framework and new modules to test issues in ARM based hypervisors and TrustZone implementations, including SMC fuzzer.

https://www.blackhat.com/us-17/briefings.html#blue-pill-for-your-phone

ARM IETF ID on IoT firmware update architecture

July 18, 2017 ~ hucktech ~ 1 Comment

IETF Internet draft: draft-moran-fud-architecture-00:

A Firmware Update Architecture for Internet of Things Devices
July 18, 2017
Brendan Moran, Milosch Meriac, Hannes Tschofenig
ARM Limited

Vulnerabilities with IoT devices have raised the need for a solid and secure firmware update mechanism that is also suitable for constrained devices. Incorporating such update mechanism to fix vulnerabilities, to update configuration settings as well as adding new functionality is recommended by security experts. This document specifies requires and an architecture for a firmware update mechanism aimed for Internet of Things (IoT) devices. The architecture is agnostic to the transport of the firmware images and associated meta-data. This version of the document assumes asymmetric cryptography and a public key infrastructure. Future versions may also describe a symmetric key approach for very constrained devices.

There’s a mailing list for FUD:

https://www1.ietf.org/mailman/listinfo/fud

https://tools.ietf.org/html/draft-moran-fud-architecture-00

The Threat of Virtualization: Hypervisor-Based Rootkits on the ARM Architecture

July 14, 2017 ~ hucktech ~ Leave a comment

The Threat of Virtualization: Hypervisor-Based Rootkits on the ARM Architecture https://t.co/lAlQ1M2LFv

— Tamas K Lengyel (@tklengyel) July 12, 2017

The Threat of Virtualization: Hypervisor-Based Rootkits on the ARM Architecture
Robert Buhren, Julian Vetter, Jan C. Nordholz

The virtualization capabilities of today’s systems offer rootk-its excellent hideouts, where they are fairly immune to countermeasures. In this paper, we evaluate the vulnerability to hypervisor-based rootkits of ARM-based platforms, considering both ARMv7 and ARMv8. We implement a proof-of-concept rootkit to prove the validity of our findings. We then detail the anatomy of an attack wherein a hypervisor rootkit and a userspace process collaborate to undermine the isolation properties enforced by the Linux kernel. Based on our discoveries, we explore the possibilities of mitigating each attack vector. Finally, we discuss methods to detect such highly privileged rootkits so as to conceive more effective countermeasures.

https://www.researchgate.net/publication/309770683_The_Threat_of_Virtualization_Hypervisor-Based_Rootkits_on_the_ARM_Architecture

ARM buys IoT security firm Simulity for £12m

July 4, 2017 ~ hucktech ~ Leave a comment

By Josh Brooks 4th July 2017
ARM has bought IoT security tech business Simulity Labs in a £12m purchase from its private equity owner Foresight. Simulity provides embedded operating system software and related server systems for SIM cards and embedded SIMs (‘eSIMs’), allowing Internet of Things (IoT) devices to securely connect to networks. Foresight bought the business only last October for around £4m – meaning a massive return on its investment in percentage terms.[…]

ARM buys IoT security firm Simulity for £12m

https://www.simulity.com/

https://www.arm.com/products/iot-solutions

ARM joins UEFI Forum Board

June 6, 2017June 6, 2017 ~ hucktech ~ 1 Comment

The UEFI Forum issued a press release today, about ARM joining the board.

UEFI Forum Appoints ARM to Board of Directors Fortifying Its Commitment to Firmware Innovation

ARM Strengthens Its Long-Standing Presence and Contributions to the UEFI Ecosystem
June 06, 2017 11:00 AM Eastern Daylight Time

BEAVERTON, Ore.–(BUSINESS WIRE)–The UEFI Forum, a non-profit industry standards body that champions firmware advancement through industry collaboration and advocacy of firmware technology standards, announced today that ARM has been appointed to the UEFI Forum Board of Directors.[…]

http://www.businesswire.com/news/home/20170606005502/en/UEFI-Forum-Appoints-ARM-Board-Directors-Fortifying

http://www.uefi.org/node/3715

Troll: ARM Cortex-M source-level debugger

June 1, 2017 ~ hucktech ~ Leave a comment

Troll is a new source-level debugger for C programs running on ARM Cortex-M CPU. #CapstoneInside https://t.co/opp2KsQqqa pic.twitter.com/wVVBjTlWCi

— Capstone Engine (@capstone_engine) May 31, 2017

The troll is a C-language source-level debugger for ARM Cortex-M systems, accessed with the excellent blackmagic hardware debug probe, and a customized variant of the blackmagic – the vx/blackstrike (or blackstrike for short). The troll only supports source-level debugging of source code programs written in the C programming language, compiled to executable files in the ELF format, containig DWARF debug information.[…]

https://github.com/stoyan-shopov/troll

alt text

PCIe Option ROMs on AArch64

May 17, 2017May 17, 2017 ~ hucktech ~ Leave a comment

Revolutionizing ARM Technology: x86_64 Option ROM on AArch64 – https://t.co/JTxGqmRKmG

— vincent zimmer (@vincentzimmer) April 7, 2017

https://www.suse.com/communities/blog/revolutionizing-arm-technology-x86_64-option-rom-aarch64/

ARM Compliance test Suite

May 4, 2017 ~ hucktech ~ Leave a comment

ARM compliance test suite [BETA] for server base system architecture and boot requirements now available > https://t.co/VlMbrifw3B pic.twitter.com/PMLbCJ77RL

— Arm (@Arm) May 4, 2017

ARM Compliance Test Suite [BETA] for Server Base System Architecture and Boot Requirements now available

ARM is pleased to announce the BETA release of the ARM SBSA/SBBR test suite. The suite is split across two repos:
1) SBSA-ACS on Github (just SBSA tests)
2) ARM Enterprise ACS on Github (umbrella project that collects SBSA and SBBR tests and builds all the relevant images to allow for execution)

In 2014, ARM and its partners came together and created the key to the success of ARM servers: the Server Base System Architecture (SBSA) and Server Base Boot Requirements (SBBR). These specifications require a minimum set of hardware and firmware implementations that ensure OSes and platforms interoperate. The latest versions are SBSA v3.1 and SBBR v1.0, they are available at developer.arm.com.[…]

https://community.arm.com/processors/b/blog/posts/arm-compliance-test-suite-beta-server-base-system-architecture-boot-requirements

https://github.com/ARM-software/sbsa-acs

https://github.com/ARM-software/arm-enterprise-acs

ARM Releases Machine Readable Architecture Specification

April 21, 2017 ~ hucktech ~ 1 Comment

I wrote a blog article about ARM releasing the v8-A processor specification in machine readable form: https://t.co/rSoGfOv8hQ

— Alastair Reid (@alastair_d_reid) April 20, 2017

https://alastairreid.github.io/alastairreid.github.io/ARM-v8a-xml-release/

https://developer.arm.com/products/architecture/a-profile/exploration-tools

Attacking ARM TrustZone using RowHammer

April 20, 2017 ~ hucktech ~ Leave a comment

Click on URL in tweet for article.

Attacking ARM Trustzone using Rowhammer by @eshardNews (direct link) https://t.co/TGCRWnoqVU

— André Moulu (@andremoulu) April 20, 2017

http://securite-elec.irisa.fr/2017/PierreCarru_fr.html

New ARMv8.3 instructions

March 16, 2017 ~ hucktech ~ Leave a comment

I'm surprised to see that ARMv8.3 adds new instructions aimed at improving double-to-int conversion in *Javascript*: https://t.co/TQqxEKTzYL

— Francisco Falcon (@fdfalcon) March 15, 2017

https://community.arm.com/processors/b/blog/posts/armv8-a-architecture-2016-additions

FWTS 17.03.00 released

March 16, 2017 ~ hucktech ~ Leave a comment

Ivan Hu of Canonical announced the release of FWTS 17.03.00. There’s a new SBBR test, and a slew of bugfixes.

New Features :
* ACPICA: Update to version 20170224
* sbbr: Add “–sbbr” flag to support running SBBR Tests.
* acpi: iort: Add support for SMMUv3

http://fwts.ubuntu.com/release/fwts-V17.03.00.tar.gz
https://launchpad.net/~firmware-testing-team/+archive/ubuntu/ppa-fwts-stable
https://wiki.ubuntu.com/FirmwareTestSuite/ReleaseNotes/17.03.00
https://launchpad.net/ubuntu/+source/fwts
https://lists.01.org/mailman/listinfo/luv

https://community.arm.com/iot/b/blog/posts/arm-server-standards-part-2-sbbr-specification-released

Linaro Binary Toolchain Release GCC 6.3-2017.02

February 17, 2017 ~ hucktech ~ Leave a comment

Linaro does regular drops of core tools, and these days they’re using GCC v6.x, and GCC has a few new language features and target architecture features recently. Excerpting the Linaro announcement:

The Linaro GCC 6.3-2017.02 Release is now available. […] The Linaro binary toolchain is a collection of x86-hosted GNU cross-toolchains targeting a variety of ARM architecture targets. Linaro TCWG provides these toolchains as a service to our members. Due to hardware availability, system-image availability, validation complexity, and user-base size, not all host and target toolchain combinations can be validated by Linaro with the same rigor. The most rigorously validated targets are little-endian and hardfloat implementations of the 32-bit ARMv7 (arm), 32-bit ARMv8 (armv8), and 64-bit ARMv8 (aarch64) architectures. Linaro recommends those targets to our members. […] The host system upon which the cross-compiler will run requires a minimum of glibc 2.14, because of API changes to glibc’s memcpy API. Linaro recommends using the 64-bit x86_64 host toolchains as the 32-bit i686 host toolchains and the 32-bit mingw host toolchains will only be provided as long as there is sufficient member interest to justify their continued availability. […] The GCC 6 Release series has significant changes from the GCC 5 release series. For an explanation of the changes please see the following website[1]. For help in porting to GCC 6 please see the following explanation[2]. […]

[1] https://gcc.gnu.org/gcc-6/changes.html
[2] https://gcc.gnu.org/gcc-6/porting_to.html
https://gcc.gnu.org/onlinedocs/

http://releases.linaro.org/components/toolchain/gcc-linaro/6.3-2017.02/
http://releases.linaro.org/components/toolchain/binaries/6.3-2017.02/
http://snapshots.linaro.org/components/toolchain/binaries/

See the full announcement for more details:
https://lists.linaro.org/mailman/listinfo/linaro-toolchain

Olimex releases TERES I, open source hardware ARM laptop

February 3, 2017 ~ hucktech ~ Leave a comment

"Olimex releases their open hardware laptops" https://t.co/fTEtW0w2W2 #instant #feedly

— ladore (@ladore) February 2, 2017

We are proud to announce that our TERES I laptop is complete. We have assembled units and now working on the software. The building instructions are uploaded here and you can see that it’s pretty easy to build one yourself. This weekend in Bruxell at FOSDEM we will have table in Hall AW where every one could touch and play with the very first built laptops. All spare parts are uploaded at the web. Hardware CAD files and Linux build scripts are on GitHub. TERES I is completely designed with KiCAD FOSS so everyone can download and learn, study, edit, modify. Hardwarewise everything is OK and works, the software need some care to be completed, power supply management, Linux distribution, and few more details need attention, but we hope everything to be complete till Friday!

TERES I was the first king of the Odrysian state of Thrace where Plovdiv is also located.

One of the files on github mentions:

In progress
To Do
[…]
* Clean binary blobs if possible
[…]

https://www.olimex.com/Products/DIY%20Laptop/KITS/
https://github.com/OLIMEX/DIY-LAPTOP

TERES I Do It Yourself Open Source Hardware and Software Hacker’s friendly laptop is complete