coreboot conference 2015 announced

What: coreboot conference 2015
When: October 9-11 2015 (after ELC-E)
Where: Bonn, Germany

Carl-Daniel Hailfinger announced the 2015 coreboot conference on the coreboot-announce list today. Excerpted announcement follows, see below URL for full details:

This conference and developer meeting is geared towards manufacturers of hardware (processors, chipsets, mainboards and servers/ laptops/ tablets/ desktops/ appliances) as well as developers of firmware with an interest in coreboot and the possibilities it offers as well as (potential) coreboot users. Both professionals and hobbyists are invited. The date of the coreboot conference is Friday October 9 to Sunday October 11, 2015. This is scheduled directly after Embedded Linux Conference Europe to make travel arrangements easier for people attending both events.
Call for presentations: We are looking for interesting talks/presentations about coreboot related topics for the first (and possibly second) day of the conference.
Call for discussion topics and development suggestions: We hope to stimulate discussion and foster new ideas as well as explore ways to improve code, development and deployment.
Call for profiles: This is the chance to tell others what you’re doing, what you can offer and in what area you’d like to collaborate.
Call for developers: If you want to do development all day, every day, just come and do it.

More Info: Early Bird discount ends soon, the Hardware Security and Training Conference, is happening this Fall in Europe. This is their first conference, nice to see the hardware security focus.

I just noticed, August 31st is the deadline for earlybird discounted rates for


Intel IDF post-conference materials

Intel Developer Forum ended the other week:

The other day I posted a pointer to a Redfish/UEFI HTTP Boot talk at IDF, and commented that I wish I could find the video. A kind reader showed me how to navigate the cryptic IDF archive site:

The search function on that page works well, eg filtering on firmware. There are PDF and A/V links to many of them!  IDF had 200 talks, many of them interesting to firmware security. For example, here’s the talk on Redfish from yesterday:

Linux Security Summit 2015 proceedings available

As part of LinuxCon North America, the Linux Security Summit recently finished, and presentations are now available (I omitted the few talks which had no presentations from below list):

* Keynote: Giant Bags of Mostly Water – Securing your IT Infrastructure by Securing your Team, Konstantin Ryabitsev, Linux Foundation
* CC3: An Identity Attested Linux Security Supervisor Architecture, Greg Wettstein, IDfusion
* SELinux in Android Lollipop and Android M, Stephen Smalley, NSA
* Discussion: Rethinking Audit, Paul Moore, Red Hat
* Assembling Secure OS Images, Elena Reshetova, Intel
* Linux and Mobile Device Encryption, Paul Lawrence, Mike Halcrow, Google
* Discussion: Core Infrastructure Initiative, Emily Ratliff, Linux Foundation
* Security Framework for Constraining Application Privileges, Lukasz Wojciechowski, Samsung
* IMA/EVM: Real Applications for Embedded Networking Systems, Petko Manolov, Konsulko Group, Mark Baushke, Juniper Networks
* Ioctl Command Whitelisting in SELinux, Jeffrey Vander Stoep, Google
* IMA/EVM on Android Device, Dmitry Kasatkin, Huawei Technologies
* Subsystem Update: Smack, Casey Schaufler, Intel
* Subsystem Update: AppArmor, John Johansen, Canonical
* Subsystem Update: Integrity, Mimi Zohar, IBM
* Subsystem Update: SELinux, Paul Moore, Red Hat
* Subsystem Update: Capabilities, Serge Hallyn, Canonical
* Subsystem Update: Seccomp, Kees Cook, Google
* Discussion: LSM Stacking Next Steps, Casey Schaufler, Intel

ARM Tech Conference in November

(This week is Intel’s Developer Conference….) ARM has a Developer Conference in November in California. Like the Intel devcon, many of the presentations at the ARM event look very interesting, here’s a sampling:

* Building an ARM Cortex M4 Automated Firmware Update System
* The Future of Security for the Connected Car
* Use cases for ARM TrustZone dealing with mixed criticality applications
* Deploying Trusted Code to TrustZone: Easy as 1,2,3!
* IoT protocols for constrained devices
* Designing Security and Trust into Connected Devices
* Protection for Premium Content for Mobile, Smart TV, STB’s
* Resilient Internet of Things Security The End of Flat Security Models
* Bringing Mali, the Android GPU of Choice, to Wearables
* C++ Exception Handling on the ARMv7 Architecture
* De-Mystifying Automotive ADAS Collision Avoidance systems with Programmable SoCs
* Efficient Interrupts on ARM Cortex-M Microcontrollers
* Addressing Debug Challenges for ARM based Heterogeneous Multicore SoCs
* ARM-based Secure IoT with Secure Boot and Secure software platform that delivers Data integrity, confidentiality, Anonymity and Non-Repudiation
* ARM mbed powering the Internet of Things that really matter
* Multi-Abstraction Hardware/Software Debug for ARM(R)v7/v8 Based SoCs
* New Intrusion Detection Methodology for IoT Cybersecurity using Programmable SoCs
* Development Tools for Writing Secure Software Targeting Cortex-M Processors
* IoT Security Therapy Panel: Becoming Less Insecure
* Windows 10 IoT for Embedded ARM Devices
* Building Confidence for the Internet of Tomorrow: How ARM-Powered Solutions Will Secure the IoT
* Code Verification Explained: Code Coverage and Unit Testing
* Improving Software Security through Standards Compliance and Structural Coverage Analysis
* New Approaches for Securing Mobile and Iot Devices Through Cognitive Technologies
* The Benefits and Ease of Establishing a PUF-Based Root of Trust on ARM Trustzone
* Resolving Security and Power Conflicts in ARM Cortex-M7 IoT SoCs
* Simplifying Software Development for Socs Containing Multiple Cortex-M Based Processors

September 4th is the Early Bird discount rate change. Expo passes are free.

GlobalPlatform’s TEE Developers Workshop

Next month is the GlobalPlatform TEE conference in California; they’re also hosting a 1-day developer workshop on October 12th. GlobalPlatform, Trustonic, Intel, and Linaro are presenting; the agenda looks interesting:

1) GlobalPlatform
Kevin Gillick, GlobalPlatform Exec. Director
Gil Bernabeu, GlobalPlatform Technical Director
Christophe Colas, VP of Product Marketing at Trustonic and GlobalPlatform Device Committee Chair

2) Trustonic: Scaling Fast and Simply Across Trustonic TEE-based Devices
Rob Dyke, Senior Field Application Engineer, Trustonic

3) Intel: Open-TEE – A Virtual TEE and SDK
Brian McGillion, Security Engineer, Intel
Tanel Dettenborn, Security Engineer, Intel
Thomas Nyman, Doctoral Candidate, Aalto University, Finland
Valentin Manea, Security Engineer, Huawei

4) Linaro: TEE and TA Development the Easy Way
Joakim Bech, Technical Lead, Security Working Group, Linaro

Early bird pricing is $199 USD before 30 August 2015. $299 USD after. There is no price distinction between GlobalPlatform members and non-members for this workshop. Organizations sending two or more people will receive $50 discount per student.

RISC-V Raven processor talk at HotChips

HotChips 2015 is happening in Cupertino, California later this month, 23-25th. Today Krste Asanovic posted a message on the RISC-V blog:

RISC-V at HotChips: Analyst Kevin Krewell has posted a HotChips preview at EE Times, which mentions the RISC-V Raven-3 presentation to be made in the last session at HotChips by Yunsup Lee.  UC Berkeley will again be sponsoring a table at HotChips to promote RISC-V, so please drop by if you’ll be there and want to chat about RISC-V uptake.

Hot Chips is a symposium on High Performance Chips, sponsored by the IEEE Technical Committee on Microprocessors and Microcomputers, in cooperation with ACM SIGARCH. The RISC-V presentation is on the “Raven” processor:

Raven: A 28nm RISC-V Vector Processor with Integrated Switched-Capacitor DC-DC Converters and Adaptive Clocking
by: Yunsup Lee, Brian Zimmer, Andrew Waterman, Alberto Puggelli, Jaehwa Kwak, Ruzica Jevtic, Ben Keller, Stevo Bailey, Milovan Blagojevic, Pi-Feng Chiu, Henry Cook, Rimas Avizienis, Brian Richards, Elad Alon, Borivoje Nikolic and Krste Asanovic, University of Berkeley

The EE Times blog article, by Kevin Krewell of Tirias Research, gives a good overview of all the vendors presenting at HotChips, focusing on the traditional ones (Intel, ARM, AMD, etc.), and calls RISC-V an “odd duck”. 🙂

The last session on Tuesday is traditionally the main “big” processor session. […] The odd duck in the session is an implementation of UC Berkeley RISC-V Vector Processor. Last year the Berkeley contingent showed off RISC-V instruction set in the break area, but now with a real chip, they made it to inside the auditorium. It’s not too often you see a chip design of this integration and complexity coming from academia. What started as a project to give universities a royalty-free and extendable CPU architecture to build on, has gained traction, especially in India and Asia for development purposes.”

RISC-V and Open Hardware aside, there are many other interesting presentations at Hot Chips 2015, including talks from Intel, ARM, AMD, and others. There are a handful of other Open Hardware/Maker-related talks, eg: Adapteva is talking about their Kickstarted chip, and Univerisity of Wisconson’s MIAOW project, an OpenGL API-compatible GPGPU.

ORConf 2015 announced

What: ORConf 2015
When: October 9-11, 2015
Where: Geneva, Switzerland
Who: Open Hardware OEMs/IHVs/ODMs/IBVs/ISVs
Why: NDAs, IP licensing fees, firmware blobs, non-ownership

Here’s the announcement from the lowRISC announcement mailing list:

Please join us October 9th-11th in Geneva, Switzerland for ORConf 2015 [1]. The event is kindly being hosted by CERN at the IdeaSquare. Last year’s ORConf was home to the first public talk on lowRISC and we’re pleased this year it will also be hosting a series of lowRISC and RISC-V discussions, serving as a European lowRISC and RISC-V workshop. ORConf has in recent years grown to cover a range of open source hardware topics beyond the original OpenRISC focus. Expect presentations and discussion on free and open source IP projects, implementations on FPGA and in silicon, verification, EDA tools, licensing and embedded software, to name a few. The event will run from 13:00 until 18:30 on Friday, 09:30 until 19:30 on Saturday, and from 09:30 until 15:30 on Sunday. Friday will consist primarily of breakout sessions, planning, and discussion regarding lowRISC. If you are already contributing or your are thinking of getting involved and want to learn more, you are very welcome to join us. If you would like to present, please do submit a proposal either via the link at the ORConf website or to me at We hope to see many of you there – please register here: [2]. If you haven’t been to the blog for a while and are wondering what’s been going on in the world of RISC-V and lowRISC, you may be interested in our summary of the presentations at the second RISC-V workshop [3].


LowRISC is related to RISC-V, both are Open Source Hardware ISAs, which IMO is needed for Open Source Hardware (and Free Hardware), else we’ll always have to deal with NDAs, IP licensing fees, and — on most platforms — closed-source firmware blobs, and not knowing what the system is actually doing behind the scenes. I hope the Linux Foundation, FreeBSD Foundation, Open Source Hardware Foundation, the Free Software Foundation (for Free Hardware) and other related groups plan on using CrowdSupply — or other crowdfunding source — to fund lowRISC/RISC-V-based hardware. You can’t expect change from the top, Microsoft and Apple drive the ISAs and have zero incentive to reduce NDAs, IP licensing fees and firmware blobs. I hope that in a few years Purism starts using RISC-V (or lowRISC, or OpenRISC) for their systems!

OpenRISC is a “Free Hardware” ISA, a GPL-based instruction set that has been around for a while. This conference is apparently open to other topics beyond OpenRISC, such as the newer BSD-licensed lowRISC and RISV-V peers. I don’t know why, but I’m guessing that OpenRISC hasn’t gotten more traction is due to hardware’s community’s fear of GPL, or they were just too early to market. It might be nice for the FSF to help OpenRISC more than they have, since it is the only GPL ISA, pehaps the heart of their Free Hardware? Then again, BSD-based RISC-V/lowRISC can easily be GPL’ed.

Note that the Call for Papers is open, there’s time to submit a talk…