HP QuickLook: EFI PIM for MS Outlook

July 30, 2015 ~ hucktech ~ Leave a comment

In business-class HP systems, they include various pre-OS tools. In addition to “HP System Diagnostics”, some older HP laptops (and perhaps desktops, but hopefully not servers) include “HP QuickLook”, a UEFI Pre-OS application which is a PIM (Personal Information Manager) for Microsoft Outlook (email, calendar, tasks, contacts).

From an HP PDF entitled “HP Business Notebook Computer EFI Guidelines”, also in below URLs:

—-snip—-
The HP EFI partition includes the following applications, which are accessible during computer startup:
* HP QuickLook or later versions (select models)
* <…omitted…>

QuickLook is a personal information manager (PIM) viewer for Microsoft(R) Outlook 2003 and 2007. QuickLook captures Microsoft Outlook email, calendar, task, and contact information, and then displays it without starting the operating system and without launching Microsoft Outlook. QuickLook can access cached Outlook information at the press of a single button, whether the computer is off or in Hibernation.
—snip—-

That’s rather scary. UEFI Pre-OS office applications. I’m not sure if it is a UEFI Application which gets run when you press the button, or if it is a UEFI RunTime Service, that is always running and only provides UI when button is pressed.

Plus, the EFI System Partition (ESP) is a FAT32-based partition, no file system-level security. Granted, a Unix-based system could mount the volume in such a way to help protect the contents, but on a Windows-based platform the user will have full read-write access to the HP .EFI executables.

It looks like there is a 2010-era HP QuickLook 3.2, perhaps later versions. I am not sure if this software is on modern HP UEFI systems, I don’t see it anymore on some docs, it may no longer be used, I’m not sure.

So, some business-class HP systems can be attacked via email network protocols, with added system complexity of being surrounded by a firmware suspend-resume! Network and content-media attacks are both options for this application. System administrators should check if this is installed on any modern systems, and consider the security risks -vs- the convenience this offers. Hiding inside corrupted HP PIM pre-OS app/service would be a great place for malware to hang out, or gain foothold via “a single button, whether the computer is off or in Hibernation”.

http://h20564.www2.hp.com/hpsc/swd/public/detail?swItemId=ob_70686_2&swEnvOid=4054

http://h20564.www2.hp.com/hpsc/swd/public/detail?swItemId=ob_79720_1&swEnvOid=4059

OSCON post-conference proceedings

July 25, 2015 ~ hucktech ~ Leave a comment

OSCON2015, the O’Reilly Open Source Convention, just ended. In addition to Matthew’s TPM CloudOS talk, there were a few other interesting talks:

Building a trustworthy computer
Matthew Garrett (CoreOS)
As we become more and more reliant on our computers, attackers become more and more sophisticated. How can we build a computer that’s resilient to some of the more subtle attacks such as firmware modification?
http://cdn.oreillystatic.com/en/assets/1/event/129/Building%20a%20trustworthy%20computer%20Presentation.odp

Closed devices powered by open source software? The IoT Paradox.
Peter Hoddie (Marvell)
The Internet of Things is built on open source software, and yet the devices are far from open. This isn’t the future that free and open source contributors have been working toward. It’s a disappointment for the Open Source Community, but we can lead the way to freedom, transparency, and collaboration in IoT. And we must—to avert impending frustration for increasingly savvy consumers.
http://cdn.oreillystatic.com/en/assets/1/event/129/Closed%20devices%20powered%20by%20open%20source%20software_%20The%20IoT%20Paradox_%20Presentation.pdf

Hacking smart electronics
Robert Gallup (XOBXOB)
Prototypes allow us to see, touch, feel, and refine ideas and designs. Starting from zero, this hands-on workshop explores smart hardware prototyping using a micro-controller and basic electronic components. You’ll connect LEDs, buttons, and knobs, then program a micro-controller to define behavior. Through this you’ll better understand the tools and process of designing smart, connected products.
http://cdn.oreillystatic.com/en/assets/1/event/129/Hacking%20smart%20electronics%20Presentation.zip
http://robertgallup.github.io/get/OSCONCourseware.zip

Introduction to developing embedded Linux device drivers
Nick Gudman (Hewlett Packard)
Learning to develop device drivers can be intimidating, but Linux makes it simpler than ever to write your own device driver. Using a simple driver for a monochromatic character display as a guide, we will briefly explore important topics for developing embedded Linux device drivers.
http://cdn.oreillystatic.com/en/assets/1/event/129/Introduction%20to%20developing%20embedded%20Linux%20device%20drivers%20Presentation.odp

Ironic: A modern approach to hardware provisioning
Devananda van der Veen (HP Cloud)
Ironic is a modern tool for hardware provisioning. Combining a RESTful API, scalable control plane, and pluggable hardware drivers, Ironic installs operating systems efficiently and repeatably on diverse hardware. We will demonstrate Ironic with Ansible, install, build, and deploy a machine image, and discuss the project’s architecture, history, and goals. Deep knowledge is not required.
http://cdn.oreillystatic.com/en/assets/1/event/129/Ironic_%20A%20modern%20approach%20to%20hardware%20provisioning%20Presentation.pdf

Raspberry Pi hacks
Ruth Suehle (Red Hat), Tom “spot” Callaway (Red Hat)
Ruth Suehle and Tom Callaway, authors of _Raspberry Pi Hacks_ (O’Reilly, December 2013) offer technical tips for makers, hackers, and tinkerers who want to take advantage of the Raspberry Pi. You’ll learn universally useful things, like how to add a power switch, followed by a show-and-tell of fun things that Ruth and Tom as well as many others have built.
http://cdn.oreillystatic.com/en/assets/1/event/129/Raspberry%20Pi%20hacks%20Presentation.pdf

Using open source tools to secure containers and clouds
Derek Thurston (Booz Allen Hamilton)
Is your cloud secure? Is your cloud of containers secure? Security should be built-in from Day Zero, and not layered in as an afterthought. What open source tools are out there now to help you in your quest to not be on the front page of the news? How are all of the latest hacks happening, and how can we put tools in place to prevent these from happening again?
http://cdn.oreillystatic.com/en/assets/1/event/129/Using%20open%20source%20tools%20to%20secure%20containers%20and%20clouds%20Presentation.ppt

I’m sure there’re some other gems too, the above list is what caught my eye… Mr. O’Reilly, please make the video — or at least audio — publicly-available too, don’t just for post-conference proceedings!

http://www.oscon.com/open-source-2015/public/schedule/proceedings

Spring Plugfest presentations uploaded

June 2, 2015June 2, 2015 ~ hucktech ~ Leave a comment

The PDFs of the presentations from last months’ UEFI Forum plugfest have been uploaded to uefi.org.

http://www.uefi.org/learning_center/presentationsandvideos
(scroll about half-way through the page, after the Youtube videos…)

* System Prep Applications – Powerful New Feature in UEFI 2.5 – Kevin Davis (Insyde Software)
* Filling UEFI/FW Gaps in the Cloud – Mallik Bulusu (Microsoft) and Vincent Zimmer (Intel)
* PreBoot Provisioning Solutions with UEFI – Zachary Bobroff (AMI)
* An Overview of ACPICA Userspace Tools – David Box (Intel)
* UEFI Firmware – Securing SMM – Dick Wilkins (Phoenix Technologies)
* Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot – Gabe Stocco, Scott Anderson and Suhas Manangi (Microsoft)
* Porting a PCI Driver to ARM AArch64 Platforms – Olivier Martin (ARM)
* Firmware in the Data Center: Goodbye PXE and IPMI. Welcome HTTP Boot and Redfish! – Samer El-Haj-Mahmoud (Hewlett Packard)
* A Common Platforms Tree – Leif Lindholm (Linaro)

This’ll be a very short blog, as I’m busy reading 9 new PDFs… 🙂 I’ll do blogs on some these specific presentations in the coming days.