coreboot conference 2015 announced

What: coreboot conference 2015
When: October 9-11 2015 (after ELC-E)
Where: Bonn, Germany

Carl-Daniel Hailfinger announced the 2015 coreboot conference on the coreboot-announce list today. Excerpted announcement follows, see below URL for full details:

This conference and developer meeting is geared towards manufacturers of hardware (processors, chipsets, mainboards and servers/ laptops/ tablets/ desktops/ appliances) as well as developers of firmware with an interest in coreboot and the possibilities it offers as well as (potential) coreboot users. Both professionals and hobbyists are invited. The date of the coreboot conference is Friday October 9 to Sunday October 11, 2015. This is scheduled directly after Embedded Linux Conference Europe to make travel arrangements easier for people attending both events.
Call for presentations: We are looking for interesting talks/presentations about coreboot related topics for the first (and possibly second) day of the conference.
Call for discussion topics and development suggestions: We hope to stimulate discussion and foster new ideas as well as explore ways to improve code, development and deployment.
Call for profiles: This is the chance to tell others what you’re doing, what you can offer and in what area you’d like to collaborate.
Call for developers: If you want to do development all day, every day, just come and do it.

More Info:


Hardware training at HushCon, December in Seattle

What: HushCon 2015
Where: Seattle, WA, USA
When:  December 2015

The event includes Hardware Training:
Joe Grand (@joegrand) – Hands-on Hardware Hacking and Reverse Engineering
Joe FitzPatrick (@securelyfitz) – Applied Physical Attacks On x86 Systems

The conference’s web site is under construction, look at their Twitter feed for current info.



Hardware.io Early Bird discount ends soon

Hardware.io, the Hardware Security and Training Conference, is happening this Fall in Europe. This is their first conference, nice to see the hardware security focus.

I just noticed, August 31st is the deadline for earlybird discounted rates for Hardware.io:



Intel IDF post-conference materials

Intel Developer Forum ended the other week:


The other day I posted a pointer to a Redfish/UEFI HTTP Boot talk at IDF, and commented that I wish I could find the video. A kind reader showed me how to navigate the cryptic IDF archive site:


The search function on that page works well, eg filtering on firmware. There are PDF and A/V links to many of them!  IDF had 200 talks, many of them interesting to firmware security. For example, here’s the talk on Redfish from yesterday:



Linux Security Summit 2015 proceedings available

As part of LinuxCon North America, the Linux Security Summit recently finished, and presentations are now available (I omitted the few talks which had no presentations from below list):

* Keynote: Giant Bags of Mostly Water – Securing your IT Infrastructure by Securing your Team, Konstantin Ryabitsev, Linux Foundation
* CC3: An Identity Attested Linux Security Supervisor Architecture, Greg Wettstein, IDfusion
* SELinux in Android Lollipop and Android M, Stephen Smalley, NSA
* Discussion: Rethinking Audit, Paul Moore, Red Hat
* Assembling Secure OS Images, Elena Reshetova, Intel
* Linux and Mobile Device Encryption, Paul Lawrence, Mike Halcrow, Google
* Discussion: Core Infrastructure Initiative, Emily Ratliff, Linux Foundation
* Security Framework for Constraining Application Privileges, Lukasz Wojciechowski, Samsung
* IMA/EVM: Real Applications for Embedded Networking Systems, Petko Manolov, Konsulko Group, Mark Baushke, Juniper Networks
* Ioctl Command Whitelisting in SELinux, Jeffrey Vander Stoep, Google
* IMA/EVM on Android Device, Dmitry Kasatkin, Huawei Technologies
* Subsystem Update: Smack, Casey Schaufler, Intel
* Subsystem Update: AppArmor, John Johansen, Canonical
* Subsystem Update: Integrity, Mimi Zohar, IBM
* Subsystem Update: SELinux, Paul Moore, Red Hat
* Subsystem Update: Capabilities, Serge Hallyn, Canonical
* Subsystem Update: Seccomp, Kees Cook, Google
* Discussion: LSM Stacking Next Steps, Casey Schaufler, Intel



ARM Tech Conference in November

(This week is Intel’s Developer Conference….) ARM has a Developer Conference in November in California. Like the Intel devcon, many of the presentations at the ARM event look very interesting, here’s a sampling:

* Building an ARM Cortex M4 Automated Firmware Update System
* The Future of Security for the Connected Car
* Use cases for ARM TrustZone dealing with mixed criticality applications
* Deploying Trusted Code to TrustZone: Easy as 1,2,3!
* IoT protocols for constrained devices
* Designing Security and Trust into Connected Devices
* Protection for Premium Content for Mobile, Smart TV, STB’s
* Resilient Internet of Things Security The End of Flat Security Models
* Bringing Mali, the Android GPU of Choice, to Wearables
* C++ Exception Handling on the ARMv7 Architecture
* De-Mystifying Automotive ADAS Collision Avoidance systems with Programmable SoCs
* Efficient Interrupts on ARM Cortex-M Microcontrollers
* Addressing Debug Challenges for ARM based Heterogeneous Multicore SoCs
* ARM-based Secure IoT with Secure Boot and Secure software platform that delivers Data integrity, confidentiality, Anonymity and Non-Repudiation
* ARM mbed powering the Internet of Things that really matter
* Multi-Abstraction Hardware/Software Debug for ARM(R)v7/v8 Based SoCs
* New Intrusion Detection Methodology for IoT Cybersecurity using Programmable SoCs
* Development Tools for Writing Secure Software Targeting Cortex-M Processors
* IoT Security Therapy Panel: Becoming Less Insecure
* Windows 10 IoT for Embedded ARM Devices
* Building Confidence for the Internet of Tomorrow: How ARM-Powered Solutions Will Secure the IoT
* Code Verification Explained: Code Coverage and Unit Testing
* Improving Software Security through Standards Compliance and Structural Coverage Analysis
* New Approaches for Securing Mobile and Iot Devices Through Cognitive Technologies
* The Benefits and Ease of Establishing a PUF-Based Root of Trust on ARM Trustzone
* Resolving Security and Power Conflicts in ARM Cortex-M7 IoT SoCs
* Simplifying Software Development for Socs Containing Multiple Cortex-M Based Processors

September 4th is the Early Bird discount rate change. Expo passes are free.




GlobalPlatform’s TEE Developers Workshop

Next month is the GlobalPlatform TEE conference in California; they’re also hosting a 1-day developer workshop on October 12th. GlobalPlatform, Trustonic, Intel, and Linaro are presenting; the agenda looks interesting:

1) GlobalPlatform
Kevin Gillick, GlobalPlatform Exec. Director
Gil Bernabeu, GlobalPlatform Technical Director
Christophe Colas, VP of Product Marketing at Trustonic and GlobalPlatform Device Committee Chair

2) Trustonic: Scaling Fast and Simply Across Trustonic TEE-based Devices
Rob Dyke, Senior Field Application Engineer, Trustonic

3) Intel: Open-TEE – A Virtual TEE and SDK
Brian McGillion, Security Engineer, Intel
Tanel Dettenborn, Security Engineer, Intel
Thomas Nyman, Doctoral Candidate, Aalto University, Finland
Valentin Manea, Security Engineer, Huawei

4) Linaro: TEE and TA Development the Easy Way
Joakim Bech, Technical Lead, Security Working Group, Linaro



Early bird pricing is $199 USD before 30 August 2015. $299 USD after. There is no price distinction between GlobalPlatform members and non-members for this workshop. Organizations sending two or more people will receive $50 discount per student.