Open Source Firmware Conference 2018, September, Germany

Mission: Change the way of firmware development, collaborate with others and share knowledge. Closed source firmware development has been the de-facto standard for the electronics industry since its inception. This didn’t change even as open-source took off in other areas. Now, with changing use cases and tighter security requirements, it’s more important than ever to take open-source firmware development to the next level.

https://osfc.io/

 

Intel ME at CCC

It appears PTSecurity may have a GUI Debugger for Intel ME??

The “Minix Inside” stickers look great, click on the tweet from frdnd.

Hoping CCC staff does the great job they do ever year and get the videos for these events online quickly! 😉

https://twitter.com/frdnd/status/942984718613610496

https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8762.html

https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8782.html

PS: Of course, this isn’t all that is happening at CCC. There are multiple other interesting talks, eg:

 

https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9111.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9056.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9205.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8725.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9207.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8920.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8950.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9237.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9202.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9195.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8784.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8831.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9159.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/9058.html
https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8956.html

 

European coreboot conference 2017: Call for Papers

Note the request for SECURITY talks!

We are particularly interested in advances in the application of technology in a particular discipline primarily around coreboot, hardware, firmware, and security. As a result, the conference will be structured around the following topics:
– Free and Open Source hardware and firmware.
– Attacks against current hardware and firmware, like side and covert channel attacks.
– Firmware and hardware reverse engineering.
– coreboot payloads, extensions, and features.
– Advances of coreboot and UEFI on the market.
– Applications of free and open source hardware/firmware in practice.
– State-of-the-art security in embedded devices.

Conference talks, lightning talks, and workshops will be video taped and published afterwards. If a recording is not desired by a speaker or workshop instructor, no recordings will be made (notification in advance of the talk / workshop requested)[…]

https://ecc2017.coreboot.org/

European coreboot conference 2017

OEMs: please note!

Carl-Daniel Hailfinger posted an announcement to the upcoming European coreboot conference 2017 to the coreboot-announce list:

We are currently planning to host a coreboot conference in Germany with 2 days of talks and an additional 2 days of hacking. The date will probably either be October 19-22 or October 26-29, i.e. directly before or after Embedded Linux Conference Europe and LinuxCon Europe. Ticket prices haven’t been decided yet and depend on the location and venue availability. The location will be either in Bonn or Bochum. Both Bochum and Bonn offer a variety of interesting activities for conference participants. Bochum is reachable by public transport from Frankfurt Airport within 120 minutes, from Dusseldorf Airport within 40 minutes and from Cologne Airport within 80 minutes. Bonn is reachable by public transport from Frankfurt Airport within 70 minutes, from Dusseldorf Airport within 70 minutes and from Cologne Airport within 30 minutes.
YOUR ACTION NEEDED!
Please fill out the application and subscribe to the newsletter if you are planning to join us!
https://www.coreboot.org/events/ecc2017

Full announcement:
https://www.coreboot.org/pipermail/coreboot-announce/2017-January/000024.html

Coreboot Conference 2017 announced!

European Coreboot Conference 2017
Location: Germany

We are currently planning to  host a coreboot conference with 2 days of talks and an additional 2 days of hacking. Sometime in October 2017 in Bonn or Bochum, Germany.
The dates will probably either be October 19-22 or October 26-29,  i.e. directly before or after Embedded Linux Conference Europe and LinuxCon Europe.
Ticket prices haven’t been decided yet and depend on the location and venue availability.  Add your email address to be sent an invite to the conference when it is announced.

https://www.coreboot.org/events/ecc2017

 

33rd CCC

The 33rd Chaos Communication Congress (CCC) takes place in December in Germany. There are MANY great presentations, and CCC is great at making video archives available. Here’s a sample of a few of the presentations, starting with Trammell’s lecture on Heads:

Bootstraping a slightly more secure laptop
Trammell Hudson
https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8314.html

What could possibly go wrong with <insert x86 instruction here>?: Side effects include side-channel attacks and bypassing kernel ASLR
Clémentine Maurice and Moritz Lipp
https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8044.html

Untrusting the CPU: A proposal for secure computing in an age where we cannot trust our CPUs anymore
jaseg
https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8014.html

Virtual Secure Boot: Secure Boot support in qemu, kvm and ovmf
Gerd Hoffmann
https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8142.html

Full schedule:
https://fahrplan.events.ccc.de/congress/2016/Fahrplan/schedule.html
https://events.ccc.de/congress/2016/wiki/Main_Page

IAEA Director: German Nuclear Plant Experienced Cyber Attack

STUXXNET is old news, apparently. As reported by SANS, a year ago a nuclear power plant, probably in Germany, was attacked by malware.

The director of the United Nation’s (UN’s) International Atomic Energy Agency (IAEA) said that an unnamed nuclear power plant suffered a cyberattack within the last three years. Yukiya Amano said that the targeted plant was not forced to shut down operations, and that “This issue of cyber attacks on nuclear-related facilities or activities should be taken very seriously.” Amano said that IAEA is helping nuclear facilities around the word improve cyber and physical security.
 
The director of IAEA is most likely referring to the incident involving a Korea Hydro & Nuclear Power (KHNP) plant, but recent discoveries in Germany of aged malware infections on plant process control equipment is also troubling. The nuclear industry has been well positioned to defend against Internet-borne, non-targeted, threats based because they adopted secure network architectures early, but they are now struggling to address human-enabled (e.g. infected USBs) and highly targeted cyber threats. The next step for the industry will be to transform its cyberdefense strategies from prevention-focused to a more active defense. Active defense is based on the assumption that intrusions will occur, and effective defense focuses on rapid detection of failures along with rapid collapse of free-time available to attackers.

http://www.scmagazine.com/iaea-director-cyberattack-against-a-nuclear-power-plant-occurred-years-ago/article/548192/

http://in.reuters.com/article/nuclear-cyber-idINKCN12A1P1

https://threatpost.com/nuclear-power-plant-disrupted-by-cyber-attack/121216/

http://www.hlregulation.com/2016/10/13/iaea-cautions-on-cybersecurity-risks-to-nuclear-power-plants/

I wonder what malware was used, was it firmware-centric? Is ‘critical infrastructure’ really secured any better than COTS consumer devices? Do they use Intel x64 systems with UEFI-based blogs than can be tested with CHIPSEC?

October 7-9, Berlin: coreboot.berlin event!

On the coreboot-announce list, Peter Stuge just announced the coreboot.berlin event happening NEXT WEEKEND, October 7-9:

SHORT NOTICE: coreboot.berlin next weekend, Oct. 7-9
Hello all, I’m happy to *finally* have the information and registration page online:
https://coreboot.berlin/
Yes, it’s very late, but I hope that we will still be a good number of people meeting up next weekend. Quick feedback helps me make sure that everyone will get food. If you are interested in attending, but unable to register at the Community Registration Fee cost then please get in touch with me, so that we can try to work something out. Thank you very much, and hope to see you in Berlin on the 7:th!

https://www.coreboot.org/pipermail/coreboot-announce/2016-September/000023.html

https://coreboot.berlin/

coreboot conference 2015 announced

What: coreboot conference 2015
When: October 9-11 2015 (after ELC-E)
Where: Bonn, Germany

Carl-Daniel Hailfinger announced the 2015 coreboot conference on the coreboot-announce list today. Excerpted announcement follows, see below URL for full details:

This conference and developer meeting is geared towards manufacturers of hardware (processors, chipsets, mainboards and servers/ laptops/ tablets/ desktops/ appliances) as well as developers of firmware with an interest in coreboot and the possibilities it offers as well as (potential) coreboot users. Both professionals and hobbyists are invited. The date of the coreboot conference is Friday October 9 to Sunday October 11, 2015. This is scheduled directly after Embedded Linux Conference Europe to make travel arrangements easier for people attending both events.
Call for presentations: We are looking for interesting talks/presentations about coreboot related topics for the first (and possibly second) day of the conference.
Call for discussion topics and development suggestions: We hope to stimulate discussion and foster new ideas as well as explore ways to improve code, development and deployment.
Call for profiles: This is the chance to tell others what you’re doing, what you can offer and in what area you’d like to collaborate.
Call for developers: If you want to do development all day, every day, just come and do it.

More Info:
http://www.coreboot.org/pipermail/coreboot-announce/2015-September/000021.html
http://coreboot.org/coreboot_conference_Bonn_2015

October coreboot conference in Germany

There’s a coreboot conference being planned for this October in Bonn, Germany.  Carl-Daniel Hailfinger posted an entry on this in the coreboot blog yesterday. The audience is not only developers, but manufacturers of processors, chipsets, mainboards and servers/laptops/tablets/desktops with an interest in coreboot and the possibilities it offers.

“The preliminary plans are to coordinate the exact date of the conference to be before or after Embedded Linux Conference Europe, scheduled for October 5-7 in Dublin, Ireland. Planned duration is 3-4 days. This means we can either use the time window from Thursday Oct 1 to Sunday Oct 4, or from Thursday Oct 8 to Monday Oct 12.”

The conference needs to know if you’re going to attend, so they can plan the event. Look at the blog post for how to contact them.

http://blogs.coreboot.org/blog/2015/08/04/coreboot-conference-in-europe-october-2015/
http://doodle.com/bw52xs4fc7pxte6d