Uncategorized

Android 8.0 and Project Treble

https://www.linux.com/news/2017/9/android-oreo-adds-linux-kernel-requirements-and-new-hardening-features

https://source.android.com/devices/architecture/kernel/modular-kernels#core-kernel-requirements

“The Android 8.0 release includes Project Treble, a major re-architect of the Android OS framework designed to make it easier, faster, and less costly for manufacturers to update devices to a new version of Android. Treble is for all new devices launching with Android 8.0 and beyond (the new architecture is already running on the Developer Preview for Pixel phones).[…]”

Standard
Uncategorized

Google Pawn: Intel firmware dumping tool!

Exciting, Google has a new tool that helps dump the UEFI/BIOS into a rom.bin, like FlashROM and CHIPSEC! Pawn is written in C++/C, Apache-licensed, requires Linux and GCC toolchain. Given 2014-2017 copyright, it has been around for YEARS, only went public 3 months ago, and I just noticed it today. See below, I am still looking for “Bishop”…

Pawn BIOS Dumping Tool
Copyright 2014-2017 Google Inc.
Disclaimer: This is not an official Google product (experimental or otherwise), it is just code that happens to be owned by Google.
Pawn is a tool to extract the BIOS firmware from Intel-based workstations and laptops. The name is a play on an internal tool that is also named after a chess piece.
[…]
sudo .build/pawn bios_image.bin
You can then use other tools like UEFITool to process the firmware image further.

https://github.com/google/pawn

What/where is Pawn’s companion utility, Bishop?? From pawn.cc comments:

Pawn, a companion utility to Bishop (go/bishop) to extract BIOS firmware from corp machines.

If you find it, please leave a Comment.

https://github.com/google?utf8=%E2%9C%93&q=Bishop&type=&language=

https://github.com/search?q=topic%3Afirmware-tools+org%3Agoogle&type=Repositories

 

Standard
Uncategorized

Android 8.0 (“Oreo”) security changes

https://android-developers.googleblog.com/2017/08/introducing-android-8-oreo.html

https://developer.android.com/about/versions/o/android-8.0-changes.html#security-all

https://developer.android.com/topic/security/index.html

https://developer.android.com/about/versions/o/index.html

 

Standard
Uncategorized

Dorian Cussen’s Android Security Reference

I just noticed this Android Security Reference. It has a few pages on boot phase:

https://github.com/doridori/Android-Security-Reference

https://github.com/doridori/Android-Security-Reference/blob/master/boot/verified_boot.md

https://github.com/doridori/Android-Security-Reference/blob/master/boot/bootloader.md

https://github.com/doridori/Android-Security-Reference/blob/master/boot/boot_process.md

http://kodroid.com/

Standard
Uncategorized

Trust Issues: Exploiting TrustZone TEEs

by Gal Beniamini, Project Zero

Mobile devices are becoming an increasingly privacy-sensitive platform. Nowadays, devices process a wide range of personal and private information of a sensitive nature, such as biometric identifiers, payment data and cryptographic keys. Additionally, modern content protection schemes demand a high degree of confidentiality, requiring stricter guarantees than those offered by the “regular” operating system. In response to these use-cases and more, mobile device manufacturers have opted for the creation of a “Trusted Execution Environment” (TEE), which can be used to safeguard the information processed within it. In the Android ecosystem, two major TEE implementations exist – Qualcomm’s QSEE and Trustonic’s Kinibi (formerly <t-base). Both of these implementations rely on ARM TrustZone security extensions in order to facilitate a small “secure” operating system, within which “Trusted Applications” (TAs) may be executed. In this blog post we’ll explore the security properties of the two major TEEs present on Android devices. We’ll see how, despite their highly sensitive vantage point, these operating systems currently lag behind modern operating systems in terms of security mitigations and practices. Additionally, we’ll discover and exploit a major design issue which affects the security of most devices utilising both platforms. Lastly, we’ll see why the integrity of TEEs is crucial to the overall security of the device, making a case for the need to increase their defences. […]

 

https://googleprojectzero.blogspot.com/2017/07/trust-issues-exploiting-trustzone-tees.html

Standard
Uncategorized

Google NERF: Non-Extensible Reduced Firmware

 

Open Source Summit North America 2017
September 11-14, 2017 – Los Angeles, CA
Replace Your Exploit-Ridden Firmware with Linux – Ronald Minnich, Google

With the WikiLeaks release of the vault7 material, the security of the UEFI (Unified Extensible Firmware Interface) firmware used in most PCs and laptops is once again a concern. UEFI is a proprietary and closed-source operating system, with a codebase almost as large as the Linux kernel, that runs when the system is powered on and continues to run after it boots the OS (hence its designation as a “Ring -2 hypervisor”). It is a great place to hide exploits since it never stops running, and these exploits are undetectable by kernels and programs. Our answer to this is NERF (Non-Extensible Reduced Firmware), an open source software system developed at Google to replace almost all of UEFI firmware with a tiny Linux kernel and initramfs. The initramfs file system contains an init and command line utilities from the u-root project (http://u-root.tk/), which are written in the Go language.

https://ossna2017.sched.com/event/BCsr/replace-your-exploit-ridden-firmware-with-linux-ronald-minnich-google?iframe=no&w=100%&sidebar=yes&bg=no

https://www.linkedin.com/pulse/open-hardware-servers-step-forward-jean-marie-verdun

https://www.coreboot.org/images/6/66/Denver_2017_coreboot_u-root.pdf

https://firmwaresecurity.com/2017/02/21/u-root-firmware-solution-written-in-go/

https://linuxfr.org/news/un-pas-en-avant-pour-les-serveurs-libres-le-projet-nerf

Standard