Linux UEFI firmware updates via LVFS at Linaro Connect

System Firmware and Device Firmware Updates using Unified Extensible Firmware Interface (UEFI) Capsules

Firmware is responsible for low-level platform initialization, establishing root-of-trust, and loading the operating system (OS). Signed UEFI Capsules define an OS-agnostic process for verified firmware updates, utilizing the root-of-trust established by firmware. The open source FmpDevicePkg in TianoCore provides a simple method to update system firmware images and device firmware images using UEFI Capsules and the Firmware Management Protocol (FMP). This session describes the EFI Development Kit II (EDK II) capsule implementation, implementing FMP using FmpDevicePkg, creating Signed UEFI Capsules using open source tools, and an update workflow based on the Linux Vendor Firmware Service (

UEFI Forum: Firmware Security 101 Webinar

The UEFI Forum is doing a webinar on Firmware Security! I don’t know if GoToMeeting supports this with webinars, but it’d be nice if you could make the audio archive available for those who can’t dial in, or need time to listen to audio to translate to their native language.

Tuesday, July 24 at 9:00 am PT


The Firmware Security 101 Webinar will feature a panel of firmware security experts representing the Forum, including:

Michael Krau, Industry Communications Working Group Chair

Eric Johnson, American Megatrends, Inc.
Tim Lewis, Insyde Software
Vincent Zimmer, Intel

The panelists will outline the major challenges currently facing platform security, how the UEFI Forum and UEFI specification address these challenges and finally, how you can join us in the battle to protect firmware from outside threats. The webinar is open to the public and attendees will get the chance to participate in a live Q&A session.

Registration for this free, one-hour webcast will open in the next couple of weeks.

iSecCon 2018: Intel Security Conference 2018


More details are available:

iSecCon 2018: Intel Security Conference 2018
Intel Ronler Acres 4 (RA4), 2501 NW Century Blvd
Hillsboro, OR, United States, December 4-5, 2018

* Rodrigo Branco (BSDaemon), Chief Security Researcher, Intel Corporation (STrategic Offensive Research & Mitigations – STORM, IPAS)
* Deepak K Gupta, Security Researcher, Intel Corporation (Windows OS Group)
* Marion Marschalek, Senior Security Researcher, Intel Corporation (STrategic Offensive Research & Mitigations – STORM, IPAS)
* Martin Dixon, Chief Security Architect, Intel Corporation (IPAS)
* Vincent Zimmer, Senior Principal Engineer, Intel Corporation (Software and Services Group)
* Matt Miller, Partner, Microsoft Corporation
* Cesar Cerrudo, CTO, IOActive
* Thomas Dullien (“Halvar Flake”), Staff Engineer, Google Project Zero
* Shay Gueron, Senior Principal Engineer, Amazon Web Services (AWS)

Asian Hardware Oriented Security and Trust Symposium (AsianHOST)

Hardware has long been viewed as a trusted party supporting the whole computer system and is often treated as an abstract layer running instructions passed through the software layer. Historically, cybersecurity community believed that the integrated circuit (IC) supply chain is well protected. However, the IC supply chain, which is now spread around the globe, has become more vulnerable to attacks than before. The heavy reliance on third-party resources/services breeds security concerns and invalidates the illusion that attackers cannot easily access the isolated IC supply chain. Formal methods have been proven to be effective in security verification on hardware code. Trustworthy hardware is also under development for the construction of the root-of-trust. The intrinsic properties of existing and emerging devices, MOSFET, memristor, spintronics, etc. are leveraged for security primitives and applications. Another trend in the hardware security area is the development of security enhanced hardware infrastructure for system level protection. The goal is to provide a fully operational software and hardware platform that ensures secure design, manufacturing, and deployment of modern computer systems.

Asian Hardware Oriented Security and Trust Symposium (AsianHOST) aims to facilitate the rapid growth of hardware security research and development in Asia and South Pacific areas. AsianHOST highlights new results in the area of hardware and system security. Relevant research topics include techniques, tools, design/test methods, architectures, circuits, and applications of secure hardware. AsianHOST 2017 invites original contributions related to, but not limited by, the following topics.


Open Source Firmware Conference (OSFC) CfP open!

The Call for Papers is open for the Open Source Firmware Conference:

KVM Forum 2018: Call For Participation

KVM Forum 2018: Call For Participation
October 24-26, 2018
Edinburgh, UK

KVM Forum is an annual event that presents a rare opportunity for developers and users to meet, discuss the state of Linux virtualization technology, and plan for the challenges ahead. We invite you to lead part of the discussion by submitting a speaking proposal for KVM Forum 2018. […] This year, KVM Forum is joining Open Source Summit in Edinburgh, UK. Selected talks from KVM Forum will be presented on Wednesday October 24 to the full audience of the Open Source Summit. Also, attendees of KVM Forum will have access to all of the talks from Open Source Summit on Wednesday.[…]

Alex keynoting at CARO’18, Portland in May!

Closing Keynote: Betraying the BIOS: Where are the limits of AV for modern UEFI Firmware?
Alex Matrosov

For UEFI firmware, the barbarians are at the gate — and the gate is open. On the one hand, well-intentioned researchers are increasingly active in the UEFI security space; on the other hand, so are attackers. Information about UEFI implants — by HackingTeam and state-sponsored actors alike — hints at the magnitude of the problem, but are these isolated incidents, or are they indicative of a more dire lapse in security? Just how breachable is the BIOS? In this presentation, I’ll explain UEFI security from the competing perspectives of attacker and defender. I’ll cover topics including how hardware vendors have left SMM and SPI flash memory wide open to rootkits; how UEFI rootkits work, how technologies such as Intel Boot Guard and BIOS Guard (and the separate Authenticated Code Module CPU) aim to kill them; and weaknesses in these protective technologies. There are few public details; most of this information has been extracted by reverse engineering.




Linaro Connect Vancouver BC: CfP open


Call for Proposals: opened 8 May 2018
Deadline to submit proposals: ends 23 July 2018

PS: Resources from last Linaro Connect:

Model checking boot code from AWS data centers

Model checking boot code from AWS data centers

This paper describes our experience with symbolic model checking in an industrial setting. We have proved that the initial boot code running in data centers at Amazon Web Services is memory safe, an essential step in establishing the security of any data center. Standard static analysis tools cannot be easily used on boot code without modification owing to issues not commonly found in higher-level code, including memory-mapped device interfaces, byte-level memory access, and linker scripts. This paper describes automated solutions to these issues and their implementation in the C Bounded Model Checker (CBMC). CBMC is now the first source-level static analysis tool to extract the memory layout described in a linker script for use in its analysis.

Platform Security Summit

Platform Security Summit
May 23-24, 2018 · Fairfax, VA

Day 1 topics include:
* Incentives, policy and software ecosystems
* Hypervisor requirements and use cases
* Boot integrity and firmware security

Day 2 topics include:
* Hypervisor-based products
* Operating system boot integrity
* Hypervisor research and development

Open Source Software and the Department of Defense David A. Wheeler
A Model of Agent Authority: Interpretation, Trust, and the Role of Rules Tim Clancy
SecureView Overview Kevin Pearson
Enterprise Scale Separation VMM Systems Myong Kang
TrenchBoot: Unified Approach to Harness Boot Integrity Technologies Daniel Smith
Dell Firmware Security: Past, Present, and Future Justin Johnson
Endpoint Resiliency in an Age of Advanced Persistent Threats Jim Mann
Firmware is the new Software Trammell Hudson
Open-Source Host Firmware Directions Vincent Zimmer
A penny per visit adds up real fast: designing effective defenses against an adversary that makes more money than your entire company does Michael Tiffany
Xen Security Weather Report 2018 Lars Kurth
Crucible: Tailoring Xen to support Critical Systems Ryan Thibodeaux
Introduction to the Bareflank Hypervisor and OpenXT Rian Quinn
XenTT: Deterministic System Analysis in Xen Anton Burtsev
Bear – A Resilient Operating System Stephen Kuhn
Anti-Evil Maid with UEFI and Xen Brendan Kerrigan
TPM 2.0 Software Stack: Usability, Privacy and Security Philip Tricca
STM PE Eugene Myers
Magrana Server John Shackleton
The meta-virtualization Layer of OpenEmbedded Bruce Ashfield
Improving the security of QEMU as a device emulator in Xen Paul Durrant

4th annual CfP open

Maxim and Dmitry speaking on Intel ME at CONFidence

May in Portland: Teardown: new hardware conference by CrowdSupply

[…] You can think of Teardown as live-action Crowd Supply, but with fewer cardboard boxes and packing peanuts. We’ll be bringing together hardware aficionados from around the world to celebrate, inspect, create, and, of course, tear down hardware. There will be long-time Crowd Supply creators and backers, as well as people we’re meeting for the first time. There will be hardware, art, food, drink, puzzles, workshops, tutorials, talks, music, field trips, and friends. Most of all, there will be ideas and projects to explore and inspire.[…]

HardwareCon 2018: hardware startup conference

Linux Foundation has an article on HardwareCon by the event founder:

There is one talk that has ‘security’ in it’s title: ” Cloud Platforms and the Product Management Lifecycle: Cloud Costs, Data Analytics and Security”. I guess this is better than previous hardware startup events, which were 100% security-free. Still, there is not enough security content in these hardware startup events. 😦