6th RISC-V Workshop: call for papers

Registration and the call for presentations / posters is open for the 6th RISC-V Workshop, co-hosted by NVIDIA and the Shanghai Jiao Tong University (SJTU) in Shanghai China on May 8-11, 2017.  As with past workshops, our goals for these events are to bring the RISC-V community together to share information about recent activity in the various RISC-V projects underway around the globe, and build consensus on the future evolution of the instruction set. This will be a four day event broken down as follows[…]


China defines ‘golden image’ as source, apparently

A few weeks ago, when I thought the ‘golden image’ in NIST SP800-147’s Provisioning phase required source access to the firmware, the below story would be an example of the only way vendors would get access to the source code to their closed-source firmware:


However, as clarified in email ‘interview'[1] with Andrew of NIST, the ‘golden image’ can also be a closed-source blob, in which case we’re supposed to *TRUST* the vendor. Now that “cyberwar” is a mainstream topic, governments will likely not trust closed-source blobs from foreign countries much anymore, at the firmware, operating system, or application level. But consumers don’t have the pressure that governments do, so we get to continue to *TRUST* the vendor, and the PKI backing the firmware, most of the keys of which we cannot verify, no acts of good faith from vendors to non-government players. 😦

[1] https://firmwaresecurity.com/2015/10/13/interview-with-andrew-regenscheid-of-nist/





Quoting Wikipedia, “Kylin is an operating system developed by academics at the National University of Defense Technology in the People’s Republic of China since 2001. It is named after the mythical beast qilin. The first versions were based on FreeBSD and were intended for use by the Chinese military and other government organizations. With version 3.0 Kylin became Linux-based, and there is a version called NeoKylin which was announced in 2010. In 2013, it was announced that a new Linux-based operating system with the same name would be released using Ubuntu. The first version, Ubuntu Kylin 13.04, was released on 25 April 2013.

QZ.com has a new review of this OS, including some screenshots:


I still don’t know what firmware it uses. I’ve not found the source code yet. 😦

More Information:


book mini-review: combat: UEFI Principles and Programming (in Chinese)

Ok, I’m writing a book review about a book I didn’t read. 😦 The book is written in Chinese, and I’m not good enough at translation software yet to read the book. But for anyone who can read Chinese, if you don’t already know about this book, you should check it out.

According to Amazon.com. the author is Director of Intel Labs China, and the book has a developer focus. The github site includes a snapshot of the EDK2, with a few examples. Even if you can’t read Chinese, you can still benefit from reading the samples. The  book was published January 1st 2015, and Gthub appears to have last been updated in May. From the Amazon.com abstract:

combat: UEFI Principles and Programming is the first UEFI monograph in Chinese, which is written by senior UEFI expert and evangelist. Director of Intel Labs China, Wu Gansha, strongly recommended! This book is combat-oriented for UEFI users and developers. It describes the UEFI system components, boot process, advantages, and a variety of systems development environment to build; Then it analyzes the UEFI components from deverloper’s view, including UEFI modules, a variety of protocols. basic services, events, hard drives and file systems; Finally it explaines UEFI development , involving the development of UEFI services(video decoder service though ffmpeg), UEFI-driver development(AC97 audio driver), the development of multi-tasking applications, the development of network applications and GUI application development.”