Uncategorized

MicroPython for UEFI and Intel MicroPython-based UEFI test framework released

Re: https://firmwaresecurity.com/2018/03/20/intel-implementing-micropython-as-a-uefi-test-framework/

MicroPython for UEFI systems is available, see Brian’s edk2-devel list posting and the Tianocore wiki for more details:

https://lists.01.org/pipermail/edk2-devel/2018-August/028339.html

https://github.com/tianocore/edk2-staging/tree/MicroPythonTestFramework

https://github.com/tianocore/edk2-staging/tree/MicroPythonTestFramework/MicroPythonPkg

https://github.com/tianocore/edk2-staging/tree/MicroPythonTestFramework/MpyTestFrameworkPkg

https://micropython.org/

Standard
Uncategorized

Intel updates 2 security whitepapers

https://software.intel.com/sites/default/files/managed/7c/4a/Managed-Runtime-Speculative-Execution-Side-Channel-Mitigations.pdf

https://software.intel.com/sites/default/files/managed/4e/a1/337879-analyzing-potential-bounds-Check-bypass-vulnerabilities.pdf

Standard
Uncategorized

SMM disabling and verification techniques

3mdeb points out that there is a patent by Intel with information focused on disabling Intel SMM.

Don’t click on this link if you’re an engineer and are not allowed to view patent information.

 

https://patents.google.com/patent/US20170168844

Standard
Uncategorized

IA32-doc: Intel Manual definitions in C and YAML

IA32-doc:: put as many definitions from the Intel Manual into machine-processable format (in this case: yaml) as possible.

TODO

  • ? OriginalNames – preserve case-sensitivity (BIOS, x2APIC, ToPA, …)
  • ? Add final Reserved field to bitfields
  • ? Possibility to split into multiple .h
  • ?? Add doxygen main page
  • ??? Add AMD
  • Find what else is missing
  • Fix 32/64 bitfields for MSR registers
  • Add possibility for bitfields to have both UINT32/UINT64 members

https://github.com/wbenny/ia32-doc

 

Standard
Uncategorized

Tianocore Security Advisories page updated

Re: https://firmwaresecurity.com/2018/07/11/intel-releases-a-dozen-new-security-advisories/

at least one of these recent Intel bugs should also be in the Tianocore Security Advisories list, and at least one of them was just added to it:

https://legacy.gitbook.com/book/edk2-docs/security-advisory/details

eg:

https://edk2-docs.gitbooks.io/security-advisory/content/untested-memory-not-covered-by-smm-page-protection.html

Standard
Uncategorized

Intel-SA-00112: Q1’18 AMT 9.x/10.x/11.x Security Review Cumulative Update

Re: https://firmwaresecurity.com/2018/07/11/intel-releases-a-dozen-new-security-advisories/

In an effort to continuously improve the robustness of the Intel® Converged Security Management Engine (Intel® CSME), Intel has performed a security review of its Intel® CSME with the objective of continuously enhancing firmware resilience. As a result, Intel has identified security vulnerabilities that could potentially place affected platforms at risk.[…]

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html

 

Standard
Uncategorized

Intel releases a DOZEN new security advisories!

I’ve only seen them release 1 or 2 at a time, a dozen new advisories in a day is a LOT:

https://www.intel.com/content/www/us/en/security-center/default.html

Insecure Handling of BIOS and AMT Passwords
EDK II Untested memory not covered by SMM page protection
Platform firmware included insecure handling of certain UEFI variables
Intel® Quartus® Prime Pro
Firmware Authentication Bypass
Intel® Quartus Family of Tools Privilege Escalation Vulnerability
Insufficient Input Validation in Intel® VTune Amplifier, Intel® Advisor and Intel® Inspector products before version 2018 Update 3 potentially allows an unprivileged user to trigger a Denial of Service via local vector
BMC Firmware Vulnerability Intel Server Boards, Compute Modules and Systems
Insufficient Input Validation in Bleach module in Intel® Distribution for Python (IDP) version IDP 2018 Update 2 potentially allows an unprivileged user to bypass URI sanitization and cause a Denial of Service via local vector
Intel® Converged Security Management Engine (Intel® CSME) 11.x issue
Intel® Optane™ memory module update
Intel Q1’18 Intel® Active Management Technology 9.x/10.x/11.x Security Review Cumulative Update

Standard