Uncategorized

FreeBSD 11.2R released, with speculative execution and UEFI updates

The latest version of FreeBSD is out, and has a few speculative execution and UEFI changes, including:

https://www.freebsd.org/releases/11.2R/relnotes.html

[arm64] The bsdinstall(8) installer has been updated to default to UEFI-only boot. [r322254]
(Sponsored by The FreeBSD Foundation)

The efibootmgr(8) utility has been added, which is used to manipulate the EFI boot manager. [r332126]
(Sponsored by Netflix)

https://www.freebsd.org/cgi/man.cgi?query=efibootmgr&sektion=8&manpath=freebsd-release-ports

The cpucontrol(8) utility has been updated to include a new flag, -e, which is used to re-evaluate reported CPU features after applying firmware updates. [r327871]
Note: The cpucontrol(8) -e flag should only be used after microcode update have been applied to all CPUs in the system, otherwise system instability may be experienced if processor features are not identical across the system.

https://www.freebsd.org/cgi/man.cgi?query=cpucontrol&sektion=8&manpath=freebsd-release-ports

FreeBSD-SA-18:03.speculative_execution 14 March 2018.  Speculative Execution Vulnerabilities
Note: This advisory addresses the most significant issues for FreeBSD 11.x on amd64 CPUs. We expect to update this advisory to include i386 and other CPUs.

https://www.freebsd.org/security/advisories/FreeBSD-SA-18:03.speculative_execution.asc

Standard
Uncategorized

PS4 4.55 BPF Race Condition Kernel Exploit Writeup

PS4 4.55 BPF Race Condition Kernel Exploit Writeup
Cryptogenic Update PS4 4.55 BPF Race Condition Kernel Exploit Writeup

Note: While this bug is primarily interesting for exploitation on the PS4, this bug can also potentially be exploited on other unpatched platforms using FreeBSD if the attacker has read/write permissions on /dev/bpf, or if they want to escalate from root user to kernel code execution. As such, I’ve published it under the “FreeBSD” folder and not the “PS4” folder.[…]

https://github.com/Cryptogenic/Exploit-Writeups/blob/master/FreeBSD/PS4%204.55%20BPF%20Race%20Condition%20Kernel%20Exploit%20Writeup.md

Standard
Uncategorized

FreeBSD bhyve UEFI support improved

MFC: r316746 Add UEFI support to vmrun.sh

Adds:
-E: Use UEFI mode
-f: path to UEFI firmware image (default: path to uefi-edk2-bhyve package)
-F: UEFI framebuffer size (default: w=1024,h=768)
-L: IP to listen for VNC connections on (default: 127.0.0.1)
-P: Port to listen for VNC connections on (default: 5900)
-T: Enable tablnet device (for VNC)
-v: Wait for VNC client before booting VM

https://svnweb.freebsd.org/base?view=revision&revision=329178

 

Standard
Uncategorized

FreeBSD UEFI boot loader updates

FreeBSD 11.0-stable just cane out, with 2 changes to the UEFI boot loader:

* The UEFI boot loader has been updated for build reproducibility. [r305845] (Sponsored by The FreeBSD Foundation)

* The EFI loader has been updated to support TFTPFS, providing netboot support without requiring an NFS server. [r307632] (Sponsored by Gandi.net)

 

https://www.freebsd.org/relnotes/11-STABLE/relnotes/article.html

Standard
Uncategorized

dual-booting FreeBSD or Windows

Kevin Bowling has an article that shows how to setup a UEFI system to work with FreeBSD — including ZFS on root — and another UEFI OS like Windows.

https://www.freebsdnews.com/2017/01/23/freebsd-uefi-root-zfs-windows-dual-boot-kevin-bowling/

https://bsdmag.org/freebsd_uefi_root/

I’m not sure if this article is an improved version of or just a rebroadcast of:

http://kev009.com/wp/2016/07/freebsd-uefi-root-on-zfs-and-windows-dual-boot/

 

Standard
Uncategorized

FreeBSD 11.0 RC released

The first release candidate of FreeBSD 11.0-STABLE is out. Below, excerpted from their release notes, is an excerpt of some of the changes:

Initial support for the ARM AArch64 architecture has been added. [r280259] (Sponsored by The FreeBSD Foundation)

Initial ACPI support has been added for FreeBSD/aarch64. [r284273] (Sponsored by The FreeBSD Foundation)

The uefisign(8) utility has been added. [r279315] (Sponsored by The FreeBSD Foundation)

Support for bzipfs has been added to the EFI loader. [r279950]

The mkimg(1) utility has been updated to support the MBR EFI partition type. [r276893] (Sponsored by The FreeBSD Foundation)

The gpart(8) utility has been updated to include a new attribute for GPT partitions, lenovofix, which when set, which works around BIOS compatibility issues reported on several Lenovo ™ laptops. [r285594] (Sponsored by ScaleEngine, Inc.)

[arm] The arm boot loader, ubldr, is now relocatable. In addition, ubldr.bin is now created during build time, which is a stripped binary with an entry point of 0, providing the ability to specify the load address by running go ${loadaddr} in u-boot. [r282731]

Support for the “Virtual Interrupt Delivery” feature of Intel® VT-x is enabled if supported by the CPU. This feature can be disabled by running sysctl hw.vmm.vmx.use_apic_vid=0. Additionally, to persist this setting across reboots, add hw.vmm.vmx.use_apic_vid=0 to /etc/sysctl.conf. [r260410]

Support for “Posted Interrupt Processing” is enabled if supported by the CPU. This feature can be disabled by running sysctl hw.vmm.vmx.use_apic_pir=0. Additionally, to persist this setting across reboots, add hw.vmm.vmx.use_apic_pir=0 to /etc/sysctl.conf. [r260532]

Support for running a FreeBSD/amd64 Xen guest instance as PVH guest has been added. PVH mode, short for “Para-Virtualized Hardware”, uses para-virtualized drivers for boot and I/O, and uses hardware virtualization extensions for all other tasks, without the need for emulation. [r267536] (Sponsored by Citrix Systems R&D)

The bhyve(8) hypervisor has been updated to support AMD® processors with SVM and AMD-V hardware extensions. [r273375]

The Hyper-V™ drivers have been updated with several enhancements: [r282212] (Sponsored by Microsoft Open Source Technology Center)

A new device control utility, devctl(8) has been added, which allows making administrative changes to individual devices, such as attaching and detaching drivers, and enabling and disabling devices. The devctl(8) utility uses the new devctl(3) library. [r278320]

The pciconf(8) utility has been updated to use the PCI ID database from the misc/pciids package, if present, falling back to the PCI ID database in the FreeBSD base system. [r287522]

The acpi(4) subsystem has been updated to version 20150818. [r287168]

ACPICA has been updated to version 20160527. [r300879]

Firmware for Intel® Centrino™ Wireless-N 105 devices has been added to the base system. [r260552]

The stack protector has been upgraded to the “strong” level, elevating the protection against buffer overflows. While this significantly improves the security of the system, extensive testing was done to ensure there are no measurable side effects in performance or functionality. [r288669]

An issue that could cause a system to hang when entering ACPI S3 state (suspend to RAM) has been corrected in the acpi(4) and pci(4) drivers. [r274386]

Full relnotes:
https://www.freebsd.org/releases/11.0R/relnotes.html
http://www.freebsd.org/news/newsflash.html#event20160813:01

Standard