Uncategorized

IBM on attacking Android Custom Boot Modes

IBM’s SecurityIntelligence has a story on attacking Android’s Custom Boot Modes.

Android Vulnerabilities: Attacking Nexus 6 and 6P Custom Boot Modes
By Roee Hay
Co-authored by Michael Goberman.

In recent months, the X-Force Application Security Research Team has discovered several previously undisclosed Android vulnerabilities. The November 2016 and January 2017 Android Security Bulletins included patches to one high-severity vulnerability, CVE-2016-8467, in Nexus 6 and 6P. Our new paper, “Attacking Nexus 6 & 6P Custom Bootmodes,” discusses this vulnerability as well as CVE-2016-6678.[…]

https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/

Standard
Uncategorized

Talos FlexVer technology -vs- Evil Maids

Talos has a new post on their use of FPGAs on their OpenPower-based workstation.

https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation/updates/talos-fpga-functions-and-responsibilities-part-2

https://firmwaresecurity.com/2016/09/02/talos-secure-workstation-coreboot-power8/

 

Standard
Uncategorized

OpenPOWER code added to FWTS

Deb McLemore of IBM has submitted multiple updates to FWTS, the FirmWare Test Suite, adding a lot more support for OpenPOWER OPAL firmware.

opal: pci_info: Add OPAL PCI Info validation
opal: mem_info: Add OPAL MEM Info validation
opal: cpu_info: Add OPAL CPU Info validation
devicetree: dt_sysinfo: Add OPAL firmware version checks
olog: olog.json: Update OPAL skiboot errors to check on olog scan

There is a lot of useful diagnostic information in this code, example:
“You are running in manufacturing mode. This mode should only be enabled in a factory during manufacturing.”

More information:
https://lists.ubuntu.com/mailman/listinfo/fwts-devel

Standard
Uncategorized

Stewart on compiling your IBM S822LC’s firmware

Stewart Smith of IBM has a new blog post on how to compile your own firmware for the OpenPOWER-based IBM S822LC:

[…] IBM (my employer) recently announced  the new S822LC for HPC POWER8+NVLINK NVIDIA P100 GPUs server. The “For HPC” suffix on the model number is significant, as the S822LC is a different machine. What makes the “for HPC” variant different is that the POWER8 CPU has (in addition to PCIe), logic for NVLink to connect the CPU to NVIDIA GPUs.[…]

Compiling your own firmware for the S822LC for HPC

Standard
Uncategorized

Talos Secure Workstation: coreboot + POWER8

New potential product on CrowdSupply with a NICE set of features (…and I wonder how secure it will be):

* Blob-free operation
* Fully libre (open-source) IBM OPAL primary firmware w/ PetitBoot interface
* Fully libre (open-source) OpenBMC secondary (IPMI / OoBM) firmware
* NO signing keys preventing firmware modification

https://www.crowdsupply.com/raptorcs/talos

Standard
Uncategorized

SeaBIOS TPM support improved

Stefan Berger of IBM submitted a 6-part patch to the SeaBIOS project, updating it’s TPM support, his patch comment follows:

This series of patches extends the TPM2 code to extend the BIOS related PCRs 0-7 in all available banks. This prevents that these PCRs remain untouched and filled with bogus values by applications. For example, the SHA1 hash is extended into the SHA256 bank. The value that is extended into this bank is essentially a SHA1 with zero bytes used for filling it to the size of a sha256 hash. This is done for all PCR banks of the TPM2 where these PCRs are available. In v2 of this series I also extended the log functions for logging the additional hashes. So there are more patches now.

For more information, see the full patch sent to the SeaBIOS list:
https://www.coreboot.org/mailman/listinfo/seabios

Standard
Uncategorized

fuzzing OpenPOWER firmware

Stewart Smith of IBM has an interesting new blog post about using afl to fuzz OpenPOWER’s firmware:

Fuzzing Firmware – afl-fuzz + skiboot

Standard