CCC has talks on: Open Source Firmware, Sednik UEFI malware, LibreSilicon, Self-Encrypting Drives, and more!
If you’re in the Seattle area and want to see Vincent Zimmer of Intel give a recap of his presentations at the Platform Security Summit and the Open Source Firmware Conference, attend the December DC206 Meeting, the monthly Seattle-area DEF CON user group:
What: December Seattle Locksport and DC206 Meeting
When: Dec 16th (3rd Sundays), 11:00am-~4:00pm
Where: Black Lodge Research
Who: (Vincent, Noah, Zach, Dune, Panic, and the DC206 community)
Open Source IA Firmware
Vincent Zimmer, Intel Corp.
Provide highlights on the open source firmware ecosystem, including
details from the Platform Security Summit and Open Source Firmware
Vincent Zimmer @vincentzimmer is a sr. principal engineer at Intel
Corporation. He leads the UEFI Security Subteam of the UEFI Forum.
The UEFI Forum has specified the date/location of the next plugfest:
Event Date: April 8-12, 2019
Location: Bellevue, WA
[…]Release Date: 2018-10-30[…]
A security vulnerability in HPE Integrated Lights-Out 5 (iLO 5) prior to v1.37 could be locally exploited to bypass the security restrictions for firmware updates.[…]
Alexander Ermolov and Ruslan Zakirov will deliver their «NUClear explotion» talk. A major and most significant approach to UEFI BIOS security is preventing it from being illegitimately modified and the SPI flash memory from being overwritten. Modern vendors use a wide range of security mechanisms to ensure that (SMM BLE / SMM BWP / PRx / Intel BIOS Guard) and hardware-supported verification technologies (Intel Boot Guard). In other words, they do everything just not to let an attacker to place a rootkit into a system. Even the likelihood of execution in the most privileged mode of a processor – System Management Mode (can be achieved through vulnerable software SMI handlers) – is of no interest to adversaries since it does not guarantee they will be able to gain a foothold in a system. A single reboot and an attack must be started anew. However, there is a thing that can make all BIOS security mechanisms inefficient. And this thing is a vulnerable update mechanism implemented by a vendor. Moreover, quite often a legitimate updater adds lots and lots of critical security holes to a system. In this talk, we will speak about how vendors manage to throw all those security flaws together in one system using Intel NUC, a small home PC, as an example. Besides, we will demonstrate how an adversary can compromise BIOS from the userland.
Exciting, there are two workshops at BSidesPDX in Portland Oregon next month:
Detecting Evil Maid Firmware Attacks
UEFI and CHIPSEC development for Security Researchers
PS: If you’re in town, there’s also the Portland Retro Gaming Expo, starting a few days earlier:
France in December!
System Firmware and Device Firmware Updates using Unified Extensible Firmware Interface (UEFI) Capsules
Firmware is responsible for low-level platform initialization, establishing root-of-trust, and loading the operating system (OS). Signed UEFI Capsules define an OS-agnostic process for verified firmware updates, utilizing the root-of-trust established by firmware. The open source FmpDevicePkg in TianoCore provides a simple method to update system firmware images and device firmware images using UEFI Capsules and the Firmware Management Protocol (FMP). This session describes the EFI Development Kit II (EDK II) capsule implementation, implementing FMP using FmpDevicePkg, creating Signed UEFI Capsules using open source tools, and an update workflow based on the Linux Vendor Firmware Service (fwupd.org).
The UEFI Forum is doing a webinar on Firmware Security! I don’t know if GoToMeeting supports this with webinars, but it’d be nice if you could make the audio archive available for those who can’t dial in, or need time to listen to audio to translate to their native language.
Tuesday, July 24 at 9:00 am PT
FIRMWARE SECURITY 101 WEBINAR
The Firmware Security 101 Webinar will feature a panel of firmware security experts representing the Forum, including:
Michael Krau, Industry Communications Working Group Chair
Eric Johnson, American Megatrends, Inc.
Tim Lewis, Insyde Software
Vincent Zimmer, Intel
The panelists will outline the major challenges currently facing platform security, how the UEFI Forum and UEFI specification address these challenges and finally, how you can join us in the battle to protect firmware from outside threats. The webinar is open to the public and attendees will get the chance to participate in a live Q&A session.
Registration for this free, one-hour webcast will open in the next couple of weeks.
More details are available:
iSecCon 2018: Intel Security Conference 2018
Intel Ronler Acres 4 (RA4), 2501 NW Century Blvd
Hillsboro, OR, United States, December 4-5, 2018
* Rodrigo Branco (BSDaemon), Chief Security Researcher, Intel Corporation (STrategic Offensive Research & Mitigations – STORM, IPAS)
* Deepak K Gupta, Security Researcher, Intel Corporation (Windows OS Group)
* Marion Marschalek, Senior Security Researcher, Intel Corporation (STrategic Offensive Research & Mitigations – STORM, IPAS)
* Martin Dixon, Chief Security Architect, Intel Corporation (IPAS)
* Vincent Zimmer, Senior Principal Engineer, Intel Corporation (Software and Services Group)
* Matt Miller, Partner, Microsoft Corporation
* Cesar Cerrudo, CTO, IOActive
* Thomas Dullien (“Halvar Flake”), Staff Engineer, Google Project Zero
* Shay Gueron, Senior Principal Engineer, Amazon Web Services (AWS)
Hardware has long been viewed as a trusted party supporting the whole computer system and is often treated as an abstract layer running instructions passed through the software layer. Historically, cybersecurity community believed that the integrated circuit (IC) supply chain is well protected. However, the IC supply chain, which is now spread around the globe, has become more vulnerable to attacks than before. The heavy reliance on third-party resources/services breeds security concerns and invalidates the illusion that attackers cannot easily access the isolated IC supply chain. Formal methods have been proven to be effective in security verification on hardware code. Trustworthy hardware is also under development for the construction of the root-of-trust. The intrinsic properties of existing and emerging devices, MOSFET, memristor, spintronics, etc. are leveraged for security primitives and applications. Another trend in the hardware security area is the development of security enhanced hardware infrastructure for system level protection. The goal is to provide a fully operational software and hardware platform that ensures secure design, manufacturing, and deployment of modern computer systems.
Asian Hardware Oriented Security and Trust Symposium (AsianHOST) aims to facilitate the rapid growth of hardware security research and development in Asia and South Pacific areas. AsianHOST highlights new results in the area of hardware and system security. Relevant research topics include techniques, tools, design/test methods, architectures, circuits, and applications of secure hardware. AsianHOST 2017 invites original contributions related to, but not limited by, the following topics.
KVM Forum 2018: Call For Participation
October 24-26, 2018
KVM Forum is an annual event that presents a rare opportunity for developers and users to meet, discuss the state of Linux virtualization technology, and plan for the challenges ahead. We invite you to lead part of the discussion by submitting a speaking proposal for KVM Forum 2018. […] This year, KVM Forum is joining Open Source Summit in Edinburgh, UK. Selected talks from KVM Forum will be presented on Wednesday October 24 to the full audience of the Open Source Summit. Also, attendees of KVM Forum will have access to all of the talks from Open Source Summit on Wednesday.[…]
Closing Keynote: Betraying the BIOS: Where are the limits of AV for modern UEFI Firmware?
For UEFI firmware, the barbarians are at the gate — and the gate is open. On the one hand, well-intentioned researchers are increasingly active in the UEFI security space; on the other hand, so are attackers. Information about UEFI implants — by HackingTeam and state-sponsored actors alike — hints at the magnitude of the problem, but are these isolated incidents, or are they indicative of a more dire lapse in security? Just how breachable is the BIOS? In this presentation, I’ll explain UEFI security from the competing perspectives of attacker and defender. I’ll cover topics including how hardware vendors have left SMM and SPI flash memory wide open to rootkits; how UEFI rootkits work, how technologies such as Intel Boot Guard and BIOS Guard (and the separate Authenticated Code Module CPU) aim to kill them; and weaknesses in these protective technologies. There are few public details; most of this information has been extracted by reverse engineering.