Uncategorized

European coreboot conference 2017: Call for Papers

Note the request for SECURITY talks!

We are particularly interested in advances in the application of technology in a particular discipline primarily around coreboot, hardware, firmware, and security. As a result, the conference will be structured around the following topics:
– Free and Open Source hardware and firmware.
– Attacks against current hardware and firmware, like side and covert channel attacks.
– Firmware and hardware reverse engineering.
– coreboot payloads, extensions, and features.
– Advances of coreboot and UEFI on the market.
– Applications of free and open source hardware/firmware in practice.
– State-of-the-art security in embedded devices.

Conference talks, lightning talks, and workshops will be video taped and published afterwards. If a recording is not desired by a speaker or workshop instructor, no recordings will be made (notification in advance of the talk / workshop requested)[…]

https://ecc2017.coreboot.org/

Standard
Uncategorized

coreboot and Intel ME

https://www.coreboot.org/

Standard
Uncategorized

A Life Without Vendors Binary Blobs, part1

This blogpost will be about my first steps with coreboot and libreboot and a life with as few proprietary firmware blobs as possible. My main motivation were the latest headlines about fancy firmware things like Intel ME, Computrace and UEFI backdoors. This post is not intended to be about a as much as possible hardened system or about coreboot/libreboot being more secure, but rather to be able to look into every part of software running on that system if you want to.[…]A followup will involve different payloads like SeaBios or Tiano Core (UEFI) to be tested, maybe I can get even more from this old piece of hardware! So look out for my next blog post about my journey into coreboot! -Jann

https://insinuator.net/2017/08/a-life-without-vendors-binary-blobs/

 

Standard
Uncategorized

Hardened Linux: coreboot and CHIPSEC

A bit more information on Hardened Linux’s use of CHIPSEC, in this case coreboot-centric:

https://firmwaresecurity.com/2017/07/31/hardened-linux-using-chipsec/

“# Enabling some security features at runtime in case of which vendor provided implementation improperly.”

https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/scripts/harbian_fw/fw_hardening_runtime.py

There aren’t many CHIPSEC-based codebases, Hardened Linux is one relatively new one.

Standard
Uncategorized

Google NERF: Non-Extensible Reduced Firmware

 

Open Source Summit North America 2017
September 11-14, 2017 – Los Angeles, CA
Replace Your Exploit-Ridden Firmware with Linux – Ronald Minnich, Google

With the WikiLeaks release of the vault7 material, the security of the UEFI (Unified Extensible Firmware Interface) firmware used in most PCs and laptops is once again a concern. UEFI is a proprietary and closed-source operating system, with a codebase almost as large as the Linux kernel, that runs when the system is powered on and continues to run after it boots the OS (hence its designation as a “Ring -2 hypervisor”). It is a great place to hide exploits since it never stops running, and these exploits are undetectable by kernels and programs. Our answer to this is NERF (Non-Extensible Reduced Firmware), an open source software system developed at Google to replace almost all of UEFI firmware with a tiny Linux kernel and initramfs. The initramfs file system contains an init and command line utilities from the u-root project (http://u-root.tk/), which are written in the Go language.

https://ossna2017.sched.com/event/BCsr/replace-your-exploit-ridden-firmware-with-linux-ronald-minnich-google?iframe=no&w=100%&sidebar=yes&bg=no

https://www.linkedin.com/pulse/open-hardware-servers-step-forward-jean-marie-verdun

https://www.coreboot.org/images/6/66/Denver_2017_coreboot_u-root.pdf

https://firmwaresecurity.com/2017/02/21/u-root-firmware-solution-written-in-go/

https://linuxfr.org/news/un-pas-en-avant-pour-les-serveurs-libres-le-projet-nerf

Standard
Uncategorized

coreboot security slides from REcon available

Digging Into the Core of Boot by Yuriy Bulygin, Oleksandr Bazhaniuk

https://recon.cx/2017/montreal/resources/slides/RECON-MTL-2017-DiggingIntoTheCoreOfBoot.pdf

https://recon.cx/2017/montreal/slides/

See-also the SGX talk…

Standard