Linux Power Management summit

Juri Lelli of Red Hat announced the OSPM-Summit 2018, on the Linux-(pm,acpi,pci,rt-user,kernel) lists. Edited version of that announcement below.

Power Management and Scheduling in the Linux Kernel II edition (OSPM-summit 2018)
April 16-18, 2018
Scuola Superiore Sant’Anna
Pisa, Italy

Deadline for submitting topics/presentations is 9th of December 2017.

Focus: Power management and scheduling techniques to reduce energy consumption while meeting performance and latency requirements are still receiving considerable attention from the Linux Kernel development community. After the success of the first edition, II edition of the Power Management and Scheduling in the Linux Kernel (OSPM) summit aims at replicating such focused discussions, understanding what has been achieved and what instead still remains to be addressed. The summit is organised to cover three days of discussions and talks. Topics:

* Power management techniques
* Real-time and non real-time scheduling techniques
* Energy awareness
* Mobile/Server power management real-world use cases (successes and failures)
* Power management and scheduling tooling (configuration, integration, testing, etc.)
* Tracing
* Recap lightning talks (what has been achieved w.r.t. I edition?)


Full announcement:


FOSDEM 2018 CfP: Hardware Enablement Devroom

FOSDEM is happening in Brussels, Belgium in early February.

FOSDEM Hardware Enablement Devroom Call for Participation

In this devroom we want to discuss topics surrounding hardware enablement. Subjects can range from the firmware running on the bare metal machine, drivers and plumbing all the way to the user interface. We welcome a board range of presentations, including but not limitied to technical talks, state of union summaries as well as discussions that facilitate the collaboration between community members, software vendors and OEMs. A particular emphasis will be given to talks covering a significant part of the software stack involved in hardware enablement, with an obvious focus on using open source throughout the whole stack.

Topics & Examples
* UX design to enable users to use their HW effectively
* Firmware:
– coreboot
– flashrom
– UEFI EDK2 (Tianocore)
– Security
– Lockdown of platform using firmware
– Updating
* Secure Boot
* Hardware testing / certification
* Thunderbolt 3 security modes
* Gaming input devices (keyboards, mice, piper)
* Biometric authentication
* Miracast or controlling remote devices
* Why vendors should facilitate upstream development


There are many more devrooms, as well:



Hardware startup events continue to ignore security

ATOMS 2017 by Hardware Club is happening in Paris, for hardware startups.

ATOMS is a one-day event combining a series of:
* Highly specialised talks about IoT, robotics, automation, investment in hardware
* Panels and fireside chats with hardware founders
* With a range of speakers drawn from top VCs, startups and corporate partners

* Creating strategic competitive advantage by leveraging crowdsourcing and community
* Navigating the VC landscape
* Capital efficiency & the use of capital
* How to build things with purpose
* From B2C to B2B: why all hardware founders should be B2B entrepreneurs
* Getting into mass production
* Why design matters
* Building communities that last


To date, I have NEVER seen a security presentation listed at a hardware startup event. 😦 I guess the default security presentation is “Build hardware with no thought for security, watch your products become part in the next botnet attack, get mocked by Internet of Shit, get sued by your customers, watch your business fail.“? Hardware Club: PLEASE add a security talk!



Insyde Software security updates for Windows 10

Hurray, UEFI vendors focusing on security! 🙂

Insyde® Software Highlights Strategies to Strengthen Firmware Security at the Fall UEFI Plugfest

Company’s Chief Technology Officer to Present at The UEFI Forum Plugfest in Taipei, Taiwan

[…]In related UEFI-security news, Insyde Software announced its full compliance with the latest firmware security updates needed by Microsoft’s upcoming Windows® release. The Windows 10 Fall Creators Update adds new requirements that include improved support for TPMs (Trusted Platform Modules) and new functionality for Secure Boot BIOS update, all of which is fully supported by InsydeH2O® UEFI BIOS.[…]



European Coreboot Conference 2017: some presentations online

Multiple PDFs from the European Coreboot Conference 2017, are already online, linked off their individual event pages, eg:


And hopefully we can watch videos of the other presentations soon:

PS: The Coreboot event is happening in Europe nearly the same time the UEFI event is happening in Asia. I with those two firmware communities would sync their events and host them adjacently.


SMM presentation at ACSA2017

Co-processor-based Behavior Monitoring: Application to the Detection of Attacks Against the System Management Mode

Ronny Chevalier, Maugan Villatel, David Plaquin, Guillaume Hiet

Highly privileged software, such as firmware, is an attractive target for attackers. Thus, BIOS vendors use cryptographic signatures to ensure firmware integrity at boot time. Nevertheless, such protection does not prevent an attacker from exploiting vulnerabilities at runtime. To detect runtime attacks, we propose an event-based behavior monitoring approach that relies on an isolated co-processor. We instrument the code executed on the main CPU to send information about its behavior to the monitor. This information helps to resolve the semantic gap issue. Our approach is generic. It can monitor different targets (e.g., firmware, kernel, or hypervisor) and does not depend on a specific model of the behavior. In this work, we apply this approach to detect attacks targeting the System Management Mode (SMM), a highly privileged x86 execution mode executing firmware code at runtime. We use the control-flow of the code as a model of its behavior. We instrument two open-source firmware implementations: EDK II and coreboot. We evaluate the ability of our approach to detect state-of-the-art attacks and its runtime execution overhead by simulating an x86 system coupled with an ARM Cortex A5 co-processor. The results show that our solution detects intrusions from the state of the art, without any false positives, while remaining acceptable in terms of performance overhead in the context of the SMM (i.e., less than the 150 µs threshold defined by Intel).