Dell PowerEdge BIOS failure with Intel ME

October 25, 2018 ~ hucktech ~ Leave a comment

Did updating your #PowerEdge BIOS fail, then succeed when you tried a second time? This could be why: https://t.co/LCLDiusUC8 pic.twitter.com/FOUgjUy8U3

— Dell Cares PRO (@DellCaresPRO) October 24, 2018

https://www.dell.com/support/article/us/en/19/sln309027/dell-poweredge-14g-bios-update-fails-on-the-first-attempt-second-attempt-works?lang=en

[…]For servers with greater than 24 days of power on time since the last AC power cycle, the first BIOS update will fail because the Intel Management Engine (ME) fails to enter recovery mode for the BIOS update.[…]

Non-Dell OEMs: please also add this to your QA cycle. 🙂

Dell seeks Vulnerability Researcher

August 24, 2018 ~ hucktech ~ Leave a comment

The Dell Security & Resiliency organization manages the security risk across all aspects of Dell’s business.

Responsible for discovering and exploiting vulnerabilities affecting Dell software and firmware

Developing and maintaining tools to assist in vulnerability research and exploit development

5+ years direct or equivalent experience in areas of vulnerability research, exploit development, reverse engineering and fuzzing

https://jobs.dell.com/job/-/-/375/9088745

Dell seeks Vulnerability Researcher

July 1, 2018 ~ hucktech ~ Leave a comment

Responsible for discovering and exploiting vulnerabilities affecting Dell software and firmware

https://jobs.dell.com/job/-/-/375/8526280

PFSExtractor-RS: Rust port of PFSExtractor: extract contents of Dell BIOS update files in PFS format

April 12, 2018 ~ hucktech ~ Leave a comment

Nikolaj is learning Rust. He just rewrote one C tool to Rust:

A personal note from an experienced C programmer who also happens to be Rust noob-in-training: Rust is worth poking with a stick even if you won't ever use it in production, because it can show new approaches and methods that can be used later in less safe languages.

— Nikolaj Schlej (@NikolajSchlej) April 12, 2018

Here's my first meaningful thing in Rust, a rewrite of PFSExtractor with zlib support and better names for extracted image components.

Nom is pure fun, but it's still a long way for me to unlearn some bad habits from C and start writing in "real" Rust.https://t.co/TFBzVtBb2S pic.twitter.com/oP4i272ufI

— Nikolaj Schlej (@NikolajSchlej) April 12, 2018

https://github.com/LongSoft/PFSExtractor-RS

Dell Sputnik systems disable Secure Boot

February 14, 2018 ~ hucktech ~ Leave a comment

https://t.co/4tSwynJim9 is certainly confusing (Dell ship their Linux systems with UEFI Secure Boot enabled, but set a variable that causes Linux to disable validation)

— Matthew Garrett (@mjg59) February 13, 2018

Wow, that's just… wow. They had to invent a method that's actually more work than just enrolling the UEFI CA credentials that RedHat has already used to sign their UEFI loader.

— Brian Richardson (@Intel_Brian) February 13, 2018

“Dell ship their Sputnik systems with a pre-populated MokSB variable that disables Secure Boot, so this is working as intended on the Fedora side.”

https://bugzilla.redhat.com/show_bug.cgi?id=1544794

Dell releases Redfish-based OpenUSM, has firmware-update feature

December 22, 2017 ~ hucktech ~ Leave a comment

” OpenUSM – Let Docker Containers Manage Your Datacenter
OpenUSM is a suite of tools and utilities which configures and manage the lifecycle of system management. OpenUSM has a capability to perform the following functions:
* BIOS Token Change
* Firmware Update
[…]”

https://github.com/openusm/openusm

http://en.community.dell.com/techcenter/dell_emc_custom_solutions_engineering/b/blog/archive/2017/10/03/dell-emc_2c00_-redfish-and-docker-_3a00_-simplifying-modern-datacenter-management

alt text

System76 to disable Intel ME (Dell as well)

December 2, 2017 ~ hucktech ~ Leave a comment

http://blog.system76.com/post/168050597573/system76-me-firmware-updates-plan

https://github.com/system76/firmware-update

PS: Liliputing has info on a few Dell models that also can have Intel ME disabled.

https://liliputing.com/2017/12/dell-also-sells-laptops-intel-management-engine-disabled.html

OEMs: publish your platform firmware hashes [using codehash.db]

November 25, 2017November 25, 2017 ~ hucktech ~ Leave a comment

Reminder to OEMs: publish the hashes of your platform firmware. Hopefully using codehash.db.

In below twitter thread, Joanna asked Dell support for hashes for their firmware. Eventually, Rick Martinez of Dell got involved, so this is a good example of a conversation on this topic by two who understand the issues.

Dear @Dell, how can I verify authenticity & integrity of the BIOS updates for your XPS laptops you publish on your website?

Please note that publishing hashes on your http-only website is _not_ a solution! For more info, pls see: https://t.co/ZVkI3jTH0Q

Thanks!

— Joanna Rutkowska (@rootkovska) November 24, 2017

I have specifically asked about authenticity & integrity, not about trustworthiness/harmfulness. Please re-read my original tweet and the linked article. Thank you. https://t.co/Rq8pDi9Dph

— Joanna Rutkowska (@rootkovska) November 24, 2017

Always willing to have the conversation about how our BIOS updates are authenticated and verified. I even wrote a wp on the subject: https://t.co/iNjIZufby5 #iwork4dell

— Rick Martinez (@rickmartinez06) November 24, 2017

http://en.community.dell.com/techcenter/extras/m/white_papers/20287278

As a user what I would do today is pull .cab here: ftp://ftp.dell.com/catalog/DellSDPCatalogPC.cab (I know, ftp!), verify the cert/signature of the .cab, and verify the hashes for your XPS in the catalog .xml. Not ideal but I promise this is on our radar to improve! #iwork4dell pic.twitter.com/tEYJq3t724

— Rick Martinez (@rickmartinez06) November 24, 2017

It looks like Dell needs to use HTTPS:

Great… But is so sad, that almost all your efforts are in vain. Because there is no https on Dell download website, and any hash or signature is worthless on a plain channel pic.twitter.com/8yWfHttgs5

— Kevin Moraga (@kmoragas) November 24, 2017

Some high-level info about Dell BIOS updates in the paper (2013) linked below. Smbdy can please start gathering all the BIOS updates hashes and publish (e.g. as proposed here: https://t.co/kyyoypGjVo)? Thanks. https://t.co/kodHMaKeVe

— Joanna Rutkowska (@rootkovska) November 25, 2017

https://github.com/rootkovska/codehash.db

Dell seeks firmware architect

October 11, 2017 ~ hucktech ~ Leave a comment

Platform Software Senior Principal Engineer/BIOS Architect (17000X39)

[…]You’ll apply skills and experience across the full cycle of software development (specification development and review, debug and validation) to enable features and capabilitiesof platforms in areas like UEFI drivers, thermal, power management, security, manageability, manufacturability, configurability and embedded controllers.
[…]
* Work with Industry forums for spec development like UEFI, DMTF, PCI Sig, ACPI, etc
* Ability to take ownership of overall UEFI platform design throughout the platform lifecycle
* 12+ years experience in BIOS / firmware SW development
* UEFI Programming expertise
* Low level programming capability -system/motherboard/device/chipset level
* Experience with analyzers and other HW tools to debug complex system SW issues
[…]

https://jobs.dell.com/job/-/-/375/5929831

PFSExtractor: extractor for DellPFS firmware format

September 4, 2017 ~ hucktech ~ Leave a comment

Spent 2 days fixing parent's laptop, SPI flash died, had to replace it.
FW update is in DellPFS format, had to write an extractor for it.

— Nikolaj Schlej (@NikolajSchlej) September 4, 2017

DellPFS format is a bit tricky, so I guessed only the fields needed to rebuild a SPI flash image, use with caution:https://t.co/XoBHO6wsjc

— Nikolaj Schlej (@NikolajSchlej) September 4, 2017

https://github.com/LongSoft/PFSExtractor

PFSExtractor v0.1.0 – extracts contents of Dell firmware update files in PFS format
Usage: PFSExtractor pfs_file.bin

Dell seeks firmware security researcher

August 25, 2017August 25, 2017 ~ hucktech ~ Leave a comment

“[…] Responsible for discovering and exploiting vulnerabilities affecting Dell software and firmware. […]“

https://dell.taleo.net/careersection/2/jobdetail.ftl?job=17000UBM&tz=GMT-05:00&src=JB-11346

Linux OEMs/VARs: use FwUpd

July 3, 2017 ~ hucktech ~ Leave a comment

Firmware updates via #Gnome Software end the need to boot into DOS/Windows. Is #Dell the only vendor doing this? This sets a new bar. pic.twitter.com/U0e268ztU8

— Chris Fisher (@ChrisLAS) July 2, 2017

If you build a Linux-based system, you should be putting your firmware updates on fwupd. Dell is the only vendor currently doing this.

What about: System76, ThinkPenguin, Purism, HP, etc??

Hmm, it looks like System76 might be working on it!

We're working on automated firmware updates. They'll be here by 17.10.

— Carl Richell (@carlrichell) July 2, 2017

Dell PowerEdge 14G firmware updates

June 25, 2017 ~ hucktech ~ Leave a comment

Dell/EMC has a new Tech Note, written by Wei Liu and Seamus Jones, summarizing some of the new firmware security features available in their new server:

Cyber-Resiliency Starts at the Chipset and BIOS

2-page Tech Note covering new BIOS features introduced with PowerEdge 14G servers, offering unique resiliency to malicious intent or user error. The two features highlighted, BIOS Recovery and integration of Intel Boot Guard, respectively, are further demonstration of PowerEdge engineering commitment to ensuring the security and stability of enterprise infrastructures.

http://en.community.dell.com/techcenter/extras/m/white_papers/20444061

RackHD

June 13, 2017 ~ hucktech ~ Leave a comment

https://t.co/eTi7wraDtp
Device mgmt by IPMI, Redfish etc
Can orchestrate from baremetal up, inc firmware and pxe boot

— Brett johnson (@BrettJohnson008) May 24, 2017

RackHD is a technology stack created for enabling hardware management and orchestration, to provide cohesive APIs to enable automated infrastructure. In a Converged Infrastructure Platform (CIP) architecture, RackHD software provides hardware management and orchestration (M&O). It serves as an abstraction layer between other M&O layers and the underlying physical hardware. Developers can use the RackHD API to create a user interface that serves as single point of access for managing hardware services regardless of the specific hardware in place.

https://github.com/RackHD/RackHD

http://rackhd.io/

Dell Inspiron 20-3052 BIOS update concerns

May 18, 2017 ~ hucktech ~ Leave a comment

If you have this Dell, be careful about the current update, multiple users have the problem. Quoting the Register article:

As one forum wag noted: “Some send out ‘WannaCry’, others send out BIOS upgrades”.

https://www.theregister.co.uk/2017/05/18/dell_bios_update_borks_pcs/

http://en.community.dell.com/support-forums/desktop/f/3514/t/20012309?pi21953=1

http://en.community.dell.com/support-forums/desktop/f/3514/p/19435778/20050222

PS: These are nice references from Dell’s support wiki:

http://en.community.dell.com/support-forums/desktop/w/desktop/3624.beep-codes-and-psa-diagnostic-chart

http://en.community.dell.com/support-forums/desktop/w/desktop/3634.extremely-long-psa-code-chart

Dell iDRAC CVE-2016-5685, bash vulnerability (old news)

March 14, 2017 ~ hucktech ~ Leave a comment

Dell Idrac7 Firmware 2.30.30.30 Remote Code Execution Vulnerability https://t.co/ygaIsZkYMp

— arX IT Security (@arX_corp) March 14, 2017

http://www.securiteam.com/securitynews/5XP3B0UKUU.html

SecuriTeam confused me by reposting a 2016 Dell iDDRAC vulnerability today, but I don’t see anything new. Just in case you weren’t aware of this issue, and you have a Dell system, here’s info on this older vulnerability, see the last link for a PDF-based response from the Dell iDRAC team.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5685
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5685
http://www.securityfocus.com/bid/94585
http://en.community.dell.com/techcenter/extras/m/white_papers/20443326

“Dell iDRAC team’s response to Common Vulnerabilities and Exposures (CVE) ID CVE-2016-5685 [16 November 2016]
Summary: an authenticated user could gain Bash shell access through a string injection.
Dell Response: update to the latest iDRAC firmware, which remediates this potential vulnerability.”

MonitorDarkly: Dell monitor on-screen-display exploit

December 12, 2016 ~ hucktech ~ Leave a comment

Executing code on (Dell, …) monitors via HDMI, USB or DisplayPort https://t.co/HCE5Whq5ly

— Nicolas Grégoire (@Agarri_FR) December 9, 2016

There's a tiny "PC" *inside* your monitor! And they're hjackable! Here's an exploit for Dell https://t.co/02gfmOd9Yk pic.twitter.com/hfVIVjyYnP

— Senrio (@XipiterSec) August 12, 2016

“This repo contains the exploit for the Dell 2410U monitor. It contains utilities for communicating with and executing code on the device. The research presented here was done in order to highlight the lack of security in “modern” on-screen-display controllers. Please check out our Recon 0xA presentation (included) for a detailed description of our research findings and process.[…]”

https://github.com/redballoonshenanigans/monitordarkly

William’s intro to Intel CHIPSEC

May 10, 2016 ~ hucktech ~ Leave a comment

William Leara has a new blog post which is an introduction to CHIPSEC. It is a nice introduction to CHIPSEC, if you have never used it before, this is a great way to get started.

http://www.basicinputoutput.com/2016/05/a-tour-of-intel-chipsec.html

List of UEFI vendors who care about security

May 6, 2016 ~ hucktech ~ Leave a comment

Which UEFI vendors care — or at least may care — about security? The list (alphabetically) is shorter than you might expect:

AMD
AMI
Apple
Dell
Hewlett Packard Enterprises
HP Inc.
Insyde Software
Intel Corp.
Lenovo
Microsoft
Phoenix Technologies

Nobody else. If your vendor is not listed above, ask them why you should purchase a UEFI-based system from them.

The above list is from the list of vendors who have feedback mechanisms listed on the UEFI Forum’s security contact page.

http://uefi.org/security

William Leara reviews UEFI Tool

February 16, 2016 ~ hucktech ~ Leave a comment

William Leara, a firmware engineer at Dell, has a new blog post on Nikolaj Schlej’s UEFI Tool. He shows how to use it, starting with using Intel’s Flash Programing Tool (FPT) to acquire a BIOS image. Lots of screenshots of the various menu UI components of this GUI tool.

“It is extremely useful for interrogating and manipulating the components of a UEFI BIOS image. Download it and give it a test drive today!”

Full post:
http://www.basicinputoutput.com/2016/02/uefitool.html