What You Don’t Know about Firmware Might Get You ∅wn3d

Brian Richardson of Intel has an article on firmware security. It even mentions CHIPSEC and NIST 147!

http://eecatalog.com/intel/2018/04/09/what-you-dont-know-about-firmware-might-get-you-own3d/#.WtZPvUZ6xU0.twitter

 

 

 

Intel: Implementing MicroPython as a UEFI test framework

https://software.intel.com/en-us/blogs/2018/03/08/implementing-micropython-as-a-uefi-test-framework

MicroPython for UEFI - Stack Overview

Black Hat: System Firmware Attack and Defense for the Enterprise

A variety of attacks targeting system firmware have been discussed publicly, drawing attention to interaction with system firmware components. This includes operating system loaders, secure boot mechanisms, runtime interfaces, and system management mode (SMM). This training will detail and organize objectives, attack vectors, vulnerabilities, and protection mechanisms in this fascinating environment. The training includes two parts.
1. Present a structured approach to system firmware security analysis and mitigations through lecture and hands-on exercises to test system firmware for vulnerabilities. After the training, students will have basic understanding of platform hardware components, system firmware components, attacks against system firmware, and available mitigations. Students can apply this knowledge to identify firmware vulnerabilities and perform forensic analysis.
2. Apply concepts to an enterprise environment. Using an understanding of security issues, students explore potential risks to operational environments including both supply chain and remote malware attacks. Students will perform assessments and basic forensic analysis of potential firmware attacks.

https://www.blackhat.com/us-18/training/schedule/index.html#system-firmware-attack-and-defense-for-the-enterprise-9792

 

Brian: Using CHIPSEC Whitelists to Improve Firmware Security

[Strange, I was doing the previous blog post on Brian, and during that time, he did a new blog post…]

Brian Richardson of Intel has a new blog post on using CHIPSEC whitelist command to help with UEFI security:

Using Whitelists to Improve Firmware Security

Firmware has become more popular in the world of computer security research. Attacks operating at the firmware level can be difficult to discover, and have the potential to persist even in bare-metal recovery scenarios. This type of hack has been well documented by investigations of the HackingTeam and Vault7 exploits. Fortunately, there are methods for detecting and defending against such attacks. Firmware-based attacks typically attempt to add or modify system firmware modules stored in NVRAM. Tools provided by the open source CHIPSEC project can be used to generate and verify hashes of these modules, so users can detect unauthorized changes.[…]

https://software.intel.com/en-us/blogs/2017/12/05/using-whitelists-to-improve-firmware-security
https://github.com/chipsec/chipsec

CHIPSEC in Ubuntu Linux

Brian speaking at ESCConf on UEFI security

Brian Richardson of Intel will be speaking at the Embedded Systems Conference (ECS Conf) on firmware security, talk is called:

What You Don’t Know About Firmware Might Get You 0wn3d

http://www.embeddedconf.com/

I’m not sure I blogged on this, but Brian also gave a talk at BSidesJackson:

And his talk about BIOS end-of-life from recent UEFI plugfest are also online:

Intel Whitepaper updated: Using IOMMU for DMA Protection in UEFI Firmware

We recommend firmware developers review this docment to understand threats from unauthorized internal DMA, as well as DMA from non-PCI devices that platform firmware may configure. Using an IOMMU such as Intel VT-d allows fine-grain control of memory protection without broadly disabling bus-mastering capabilities in the pre-boot space.

Note: this whitepaper was originally published under the title “A Tour beyond BIOS Using Intel® VT-d for DMA Protection in UEFI BIOS” in January 2015.

https://firmware.intel.com/blog/updated-whitepaper-using-iommu-dma-protection-uefi-firmware

https://firmware.intel.com/sites/default/files/Intel_WhitePaper_Using_IOMMU_for_DMA_Protection_in_UEFI.pdf

Brian on UEFI security

Brian Richardson of Intel recently gave a talk about UEFI security at BSides Asheville, NC. Slides are on the below blog URL:

What you don’t know about firmware might get you 0wn3d

Following firmware developers on social media during Black Hat & Def Con can be a bit bewildering. Firmware is becoming more important in the realm of cybersecurity research. Most of the work I do is working with other firmware developers to make sure they understand current capabilities and trends, but that work may take months or years to hit the market. The people on the front lines of computer security need some understanding of what they can do today to help secure their systems. While many of my colleagues spent a very hot and crowded week in Las Vegas, I had a much cooler weekend at the Bsides conference in Asheville, NC. My “What you don’t know about firmware might get you 0wn3d” presentation is designed to describe the importance of firmware in computer security, and what can be done today to mitigate and detect common attacks against firmware. There are practical methods to prevent a number of common bootkit/rootkit attacks, platform security features to consider when purchasing new systems, and responsible ways to research firmware issues.[…]

https://software.intel.com/en-us/blogs/2017/07/29/what-you-don-t-know-about-firmware-might-get-you-0wn3d

UDK2017 available

Brian Richardson of Intel has a new article talking about the latest UEFI dev kit. It includes a summary of the newly-added UEFI features.

https://software.intel.com/en-us/blogs/2017/06/29/udk2017-the-latest-uefi-development-kit-release-is-now-available

https://github.com/tianocore/edk2/releases/tag/vUDK2017

https://github.com/tianocore/tianocore.github.io/wiki/UDK2017#udk2017-features–updates–changes

UEFI UDK2017 pre-release available

Brian Richardson of Intel announced a pre-release of UDK2017, a snapshot of the Tianocore.org EDK2 trunk code matching a set of UEFI.org specs.

Information on UDK2017, the next stable snapshot release of EDK II, is available on the TianoCore wiki.

From the release page on the wiki, here’s the list of

UDK2017 Key Features
    Industry Standards & Public Specifications
        UEFI 2.6
        UEFI PI 1.4a
        UEFI Shell 2.2
        SMBIOS 3.1.1
        Intel® 64 and IA-32 Architectures Software Developer Manuals
    Storage Technologies
        NVMe
        RAM Disk (UEFI 2.6, Section 12.17, RAM Disk Protocol)
    Compilers
        GCC 5.x
        CLANG/LLVM
        NASM
    OpenSSL 1.1.0
    UEFI HTTP/HTTPS Boot
    Adapter Information Protocol
    Regular Expression Protocol
    Signed Capsule Update
    Signed Recovery Images
    SMM Communication Buffer Protections
    STM Launch
    Memory Allocation/Free Profiler
    NX Page Protection in DXE
    LZMA Compression 16.04
    Brotli Compression
    MP Init Library

https://github.com/tianocore/tianocore.github.io/wiki/UDK2017

More info:
https://lists.01.org/mailman/listinfo/edk2-devel

Brian speaking at Bsides Huntsville

Brian Richardson of Intel will be speaking about firmware at a security conference, BSides Huntsville.

https://software.intel.com/en-us/meet-the-developers/evangelists/team/Brian-Richardson

https://www.bsideshuntsville.org/

 

video of Brian’s Tianocore Linaro Connect presentation

Brian Richardson of Intel recently gave a presentation at ARM Ltd’s Linaro Connect on the subject of UEFI. Intel started UEFI but in recent years ARM is also using UEFI.

Linaro Connect

ARM’s Linaro Connect is happening. Click on their web page for live streaming.
In addition to all of the ARM topics, Brian Richardson, an Intel evangelist will be speaking about UEFI at this event. 🙂

 

http://connect.linaro.org/las16/

Brian Richardson on Redfish and x-UEFI Config Lang

Brian Richardson of Intel UEFI team has a new blog post, showing HP vendor data using DMTF Redfish as well as viewing UEFI x-UEFI Configuration Language data.

http://blogs.intel.com/evangelists/2016/05/25/firmware-modern-data-center/

For more on the x-UEFI Configuration language, see Vincent’s post:

https://firmwaresecurity.com/2016/02/18/vincent-zimmer-on-the-x-uefi-configuration-language/

Motherboard interview on Intel UEFI and IoT security

Motherboard has an interview with Brian Richardson of the Intel UEFI team, on the topic of IoT security. Wide range of topics covered!

http://motherboard.vice.com/en_uk/blog/protecting-firmware-is-crucial-for-iot-technology

 

Brian Richardson on UEFI community changes

Brian Richardson of Intel’s UEFI team posted a new blog with information about recent changes in the Tianocore development ecosystem. Brian summarizes recent activity, including Tony Mangefeste’s new community roadmap, the recent UEFI plugfest in Taipei, and other changes:

http://blogs.intel.com/evangelists/2016/04/11/tianocore-community-uefi/

Brian Richardson on UEFI hacker tools

https://twitter.com/Intel_UEFI/status/699756428177776640

Brian Richardson of Intel has a new blog out talking about UEFI hacking tools in general, and UEFI Tool in particular, and he mentions this blog! 🙂 (This reminds me, I need to create a list of tools that I promised earlier. Give me a few days and I’ll create a new blog on that…)

“This is where my friends in firmware development and validation need to pay attention, because these tools can be your friend or your enemy. It’s great to use UEFITool for testing firmware images, making sure contents are properly formatted and verifying changes between version updated. However, it’s also an easy way for someone you don’t like to try and insert malicious code into your product.”

http://blogs.intel.com/evangelists/2016/02/16/uefi-tools-theyre-not-just-for-hackers-anymore/