How Does an Intel Processor Boot?

October 14, 2018 ~ hucktech ~ Leave a comment

When we switch on a computer, it goes through a series of steps before it is able to load the operating system. In this post we will see how a typical x86 processor boots. This is a very complex and involved process. We will only present a basic overall structure. Also what path is actually taken by the processor to reach a state where it can load an OS, is dependent on boot firmware. We will follow example of coreboot, an open source boot firmware.[…]

https://binarydebt.wordpress.com/2018/10/06/how-does-an-x86-processor-boot/

6 new security advisories from Intel

October 10, 2018 ~ hucktech ~ Leave a comment

Intel® Server Boards Firmware Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00179.html

Intel® RAID Web Server 3 Service Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00171.html

Intel® NUC Bios Updater Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html

Intel® NVMe and Intel® RSTe Driver Pack Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html

Intel® Server Board Firmware Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00138.html

Brian on open source firmware

October 3, 2018 ~ hucktech ~ Leave a comment

Brian Richardson of Intel has a new blog post, after the Open Source Firmware Conference, on open source firmware issues:

New @IntelSoftware
blog: "Open Source Firmware: Two Ends of the Spectrum"https://t.co/pd5vWHkZZl pic.twitter.com/zRgQr9Jns7

— Brian Richardson (@Intel_Brian) October 2, 2018

https://software.intel.com/en-us/blogs/2018/10/01/open-source-firmware-two-ends-of-the-spectrum

Vincent on recent UEFI presentations

September 28, 2018 ~ hucktech ~ Leave a comment

Vincent has a new blog post, covering some of his recent tour of speaking engagements, with a bit on UEFI, and even some FSP humor.

http://vzimmer.blogspot.com/2018/09/east-and-further-east.html

Intel releases Slim Bootloader

September 14, 2018 ~ hucktech ~ Leave a comment

Yah Wen is at @osfc_io introducing the Intel® Slim Bootloader, which is live now in github. https://t.co/8hgwtCjbMO @IntelSoftware #firmware pic.twitter.com/nqKpxCaE4R

— Brian Richardson (@Intel_Brian) September 14, 2018

https://github.com/slimbootloader

https://slimbootloader.github.io/introduction/index.html#features

Positive Technologies researcher finds vulnerability enabling disclosure of Intel ME encryption keys

September 13, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/09/12/intel-releases-17-security-advisories/ and

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html

Positive Technologies researcher finds vulnerability enabling disclosure of Intel ME encryption keys https://t.co/mVDNknGXlU #IntelME

— PT Security (@PTsecurity_UK) September 12, 2018

http://blog.ptsecurity.com/2018/09/intel-me-encryption-vulnerability.html

Intel releases 17 security advisories!

September 12, 2018 ~ hucktech ~ 1 Comment

17 Intel security advisories were released yesterday:https://t.co/VePcxty82x https://t.co/9DTRlutCht https://t.co/IBqCnX6mQQ https://t.co/VGFsZa98cR https://t.co/799u5acAey https://t.co/JCOr1HeBzf https://t.co/Yvn0cH0e3d https://t.co/xZqEEHagLt pic.twitter.com/93jG0yKkWW

— Trammell Hudson ⚙ (@qrs) September 12, 2018

Too many for one tweet:https://t.co/FFeMDm8TE5 https://t.co/dM3wzBy9FJ https://t.co/BzJSoCUs8k https://t.co/vIiZXmYUEE https://t.co/2Gfn76fW7m https://t.co/5npwqzyydN https://t.co/eXMoM0uNWe https://t.co/C2S6NlDvpt https://t.co/MxdeUtL9FX pic.twitter.com/C7rOxdmYev

— Trammell Hudson ⚙ (@qrs) September 12, 2018

https://www.intel.com/content/www/us/en/security-center/default.html

Intel® Distribution for Python 2018 for Windows Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00181.html

Intel® Centrino® Wireless-N and Intel® Centrino® Advanced-N products Bluetooth Driver Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00177.html

Intel® NUC Firmware Security Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00176.html

Intel® IoT Developers Kit Permissions Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00173.html

OpenVINO™ Toolkit for Windows Permissions Issue Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00172.html

Intel® Data Migration Software Improper Permissions Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html

Intel® Driver & Support Assistant and Intel® Software Asset Manager Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00165.html

Intel® Extreme Tuning Utility Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html

Intel® Baseboard Management Controller (BMC) firmware Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00149.html

Intel® Server Board TPM Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html

Intel® Data Center Manager SDK Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00143.html

Intel® Platform Trust Technology (PTT) Update Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html

Intel® Active Management Technology 9.x/10.x/11.x/12.x Security Review Cumulative Update Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html

Power Management Controller (PMC) Security Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html

Intel® CSME Assets Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html

INTEL-SA-00086 Detection Tool DLL Injection Issue Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00119.html

Intel: The TPM2 Software Stack: Introducing a Major Open Source Release

September 10, 2018 ~ hucktech ~ Leave a comment

A newly completed Trusted Platform Module 2.0 (TPM2) software stack is being introduced, developed to comply with the most recent Trusted Computing Group (TCG) v1.38 specification and work on any TPM2 implementation. Partnering with key players within the domain of Trusted Computing such as Infineon and Fraunhofer SIT, Intel has made large investments in code improvements and new functionality compared to the previous version. This includes the initialization of the TSS Stack development and the SAPI, TCTI and abrmd layer. Based on this development, Infineon and Fraunhofer SIT enabled the support of the Enhanced System API (ESAPI) layer, which is intended to reduce programming complexity and to simplify the use and integration of the TPM.[…]

https://software.intel.com/en-us/blogs/2018/08/29/tpm2-software-stack-open-source

Tianocore UEFI hackathon

August 29, 2018 ~ hucktech ~ Leave a comment

We're happy to announce the first public TianoCore hack-a-thon as part of @osfc_io 2018, which will be focused on Signed UEFI Capsule Updates.

More Information: https://t.co/DQJmvZesco pic.twitter.com/qi6q47GffA

— tianocore (@tianocore) August 29, 2018

https://github.com/tianocore/tianocore.github.io/wiki/2018-EDK-II-Capsule-Hack-a-thon

“This is the first time Intel has staged a public TianoCore hack-a-thon event.”

Intel ME JTAG PoC for INTEL-SA-00086

August 27, 2018 ~ hucktech ~ Leave a comment

Ready to uncover Intel ME background? Use our PoC to activate JTAG and dump ME ROM https://t.co/PXDCrssolB

— Mark Ermolov (@_markel___) August 27, 2018

Almost year has passed since we reported the INTEL-SA-00086 vulnarability and we have published JTAG activation PoC for Intel ME. You can use JTAG for researching ME core (via DbC debug cable). Step-by-step instructions at https://t.co/TWbgEbrmNm pic.twitter.com/9lCJPYfLBF

— Maxim Goryachy (@h0t_max) August 27, 2018

Vulnerability INTEL-SA-00086 allows to activate JTAG for Intel Management Engine core. We developed our JTAG PoC for the Gigabyte Brix GP-BPCE-3350C platform. Although we recommend that would-be researchers use the same platform, other manufacturers’ platforms with the Intel Apollo Lake chipset should support the PoC as well (for TXE version 3.0.1.1107).[…]

https://github.com/ptresearch/IntelTXE-PoC

a bit more on Intel-SA-00161 (and microcode license update)

August 24, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/08/23/a-bit-more-on-intel-sa-00161/

Intel updated their document today, and revised their microcode license:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html

We have simplified the Intel license to make it easier to distribute CPU microcode updates and posted the new version here: https://t.co/x5JByIv3j9. As an active member of the open source community, we continue to welcome all feedback and thank the community. #IAmIntel

— Imad Sousou (@imadsousou) August 23, 2018

https://01.org/mcu-path-license-2018

Intel microcode license updated to permit redistribution https://t.co/LiQ1lNQyxa

— Hacker News (@newsycombinator) August 24, 2018

binja-i8086: 16-bit x86 architecture pluginfor Binary Ninja

August 21, 2018 ~ hucktech ~ Leave a comment

If you use Binary Ninja and have to look at 8086 binaries, here’s a new plugin that should help:

apropos of nothing: I wrote a 16-bit Intel 8086 plugin for Binary Ninja some time ago and only got around to open-sourcing it now. here it is https://t.co/URBdKCvPLH

— whitequark (@whitequark) August 21, 2018

https://github.com/whitequark/binja-i8086/

Intel: efiwrapper, library which simulates a UEFI firmware implementation

August 21, 2018 ~ hucktech ~ Leave a comment

EfiWrapper is a library which simulate a UEFI firmware implementation. Its first purpose is to run a subset of the Kernelflinger OS loader to run in a non-UEFI environment.

https://github.com/intel/efiwrapper

Created about 2 years ago. Recently updated.

Intel-microcode has license that prevents redistribution

August 21, 2018 ~ hucktech ~ Leave a comment

In case technical issues weren’t enough, the lawyers at Intel have apparently made it more difficult for some open source operating systems to use the latest Intel microcode.

Looks like Debian users aren't getting Intel vulnerability fixes due to licensing problems. https://t.co/ZdP4Y3ryd9

— Enron "Not speculating on Intel" Musk (@stevelord) August 21, 2018

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906158

https://bugs.gentoo.org/664134

Remember the @Intel microcode EULA that we mentioned just prior? Section 3(v) prohibits all third party benchmarking! This license file is distributed with https://t.co/p77wYA43HX , see https://t.co/uya2r1BFPJ for an archive copy. @FSF @FSFe this is why open µcode is important!

— Raptor Engineering (@RaptorEng) August 21, 2018

PS: AMD is apparently still blocked at technical issues:

AMD still has not uploaded the latest microcode updates to the Linux firmware repository [1]. It’s time AMD takes security seriously. See the analysis in Mike’s comment from August 20th [2]. @AMD

[1]: https://t.co/936epQGXgl
[2]: https://t.co/TObiV3kjtL

— Paul Menzel (@pmenzel_molgen) August 20, 2018

https://github.com/pcengines/apu2-documentation/issues/75

No SGX on Intel Android

August 20, 2018 ~ hucktech ~ Leave a comment

An Intel response to a question about SGX support on Celadon (Intel’s flavor of Android, tuned for Intel systems):

“By now there is no plan to support SGX for Android. Hope it clarifies.”

https://lists.01.org/pipermail/celadon/2018-August/001280.html

hvpp: lightweight C++ Intel x64/VT-x hypervisor for Windows

August 18, 2018 ~ hucktech ~ Leave a comment

I hope I'm not too late to the party, but here's my take at hypervisors – meet hvpp, the simple x64/VT-x hypervisor for Windows.https://t.co/zLB2Vypirk

Repo includes example which shows CPUID interception and hiding of user-mode hooks via EPT.

— Petr Beneš (@PetrBenes) August 17, 2018

https://github.com/wbenny/hvpp

MicroPython for UEFI and Intel MicroPython-based UEFI test framework released

August 10, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/03/20/intel-implementing-micropython-as-a-uefi-test-framework/

MicroPython for UEFI systems is available, see Brian’s edk2-devel list posting and the Tianocore wiki for more details:

https://lists.01.org/pipermail/edk2-devel/2018-August/028339.html

https://github.com/tianocore/edk2-staging/tree/MicroPythonTestFramework

https://github.com/tianocore/edk2-staging/tree/MicroPythonTestFramework/MicroPythonPkg

https://github.com/tianocore/edk2-staging/tree/MicroPythonTestFramework/MpyTestFrameworkPkg

https://micropython.org/

Intel updates 2 security whitepapers

August 1, 2018 ~ hucktech ~ Leave a comment

The #Intel "Analyzing potential bounds check bypass vulnerabilities" white paper has been updated to 002https://t.co/6xeAM9o567 pic.twitter.com/ImbGTS0IqF

— InstLatX64 (@InstLatX64) August 1, 2018

The #Intel "Managed Runtime Speculative Execution Side Channel Mitigations" white paper has been updated to 002https://t.co/dn82ACIKxe pic.twitter.com/Cgg563iC9m

— InstLatX64 (@InstLatX64) August 1, 2018

https://software.intel.com/sites/default/files/managed/7c/4a/Managed-Runtime-Speculative-Execution-Side-Channel-Mitigations.pdf

https://software.intel.com/sites/default/files/managed/4e/a1/337879-analyzing-potential-bounds-Check-bypass-vulnerabilities.pdf

SMM disabling and verification techniques

August 1, 2018 ~ hucktech ~ Leave a comment

3mdeb points out that there is a patent by Intel with information focused on disabling Intel SMM.

Don’t click on this link if you’re an engineer and are not allowed to view patent information.

If you really want to get rid of SMM there should be plenty of opportunities according to this US Patent – System management mode disabling and verification techniques – #smm #firmware #security https://t.co/1E8L0O1sXv

— 3mdeb (@3mdeb_com) August 1, 2018

https://patents.google.com/patent/US20170168844

IA32-doc: Intel Manual definitions in C and YAML

July 15, 2018July 15, 2018 ~ hucktech ~ Leave a comment

So, I did this: https://t.co/tc0CErrVjo

If you ever wanted to write your own hypervisor, experiment with SGX, perf. counters, fiddle with CPUID or MSRs, just include this file and you're good to go. https://t.co/49ZzQXcQPW

No more tiring copy-paste-editing from Intel Manual.

— Petr Beneš (@PetrBenes) July 14, 2018

IA32-doc:: put as many definitions from the Intel Manual into machine-processable format (in this case: yaml) as possible.

TODO

? OriginalNames – preserve case-sensitivity (BIOS, x2APIC, ToPA, …)
? Add final Reserved field to bitfields
? Possibility to split into multiple .h
?? Add doxygen main page
??? Add AMD
Find what else is missing
Fix 32/64 bitfields for MSR registers
Add possibility for bitfields to have both UINT32/UINT64 members

https://github.com/wbenny/ia32-doc