Vincent has a new blog post, covering some of his recent tour of speaking engagements, with a bit on UEFI, and even some FSP humor.
Intel® Distribution for Python 2018 for Windows Advisory
Intel® Centrino® Wireless-N and Intel® Centrino® Advanced-N products Bluetooth Driver Advisory
Intel® NUC Firmware Security Advisory
Intel® IoT Developers Kit Permissions Advisory
OpenVINO™ Toolkit for Windows Permissions Issue Advisory
Intel® Data Migration Software Improper Permissions Advisory
Intel® Driver & Support Assistant and Intel® Software Asset Manager Advisory
Intel® Extreme Tuning Utility Advisory
Intel® Baseboard Management Controller (BMC) firmware Advisory
Intel® Server Board TPM Advisory
Intel® Data Center Manager SDK Advisory
Intel® Platform Trust Technology (PTT) Update Advisory
Intel® Active Management Technology 9.x/10.x/11.x/12.x Security Review Cumulative Update Advisory
Power Management Controller (PMC) Security Advisory
Intel® CSME Assets Advisory
INTEL-SA-00086 Detection Tool DLL Injection Issue Advisory
A newly completed Trusted Platform Module 2.0 (TPM2) software stack is being introduced, developed to comply with the most recent Trusted Computing Group (TCG) v1.38 specification and work on any TPM2 implementation. Partnering with key players within the domain of Trusted Computing such as Infineon and Fraunhofer SIT, Intel has made large investments in code improvements and new functionality compared to the previous version. This includes the initialization of the TSS Stack development and the SAPI, TCTI and abrmd layer. Based on this development, Infineon and Fraunhofer SIT enabled the support of the Enhanced System API (ESAPI) layer, which is intended to reduce programming complexity and to simplify the use and integration of the TPM.[…]
“This is the first time Intel has staged a public TianoCore hack-a-thon event.”
Vulnerability INTEL-SA-00086 allows to activate JTAG for Intel Management Engine core. We developed our JTAG PoC for the Gigabyte Brix GP-BPCE-3350C platform. Although we recommend that would-be researchers use the same platform, other manufacturers’ platforms with the Intel Apollo Lake chipset should support the PoC as well (for TXE version 220.127.116.117).[…]
Intel updated their document today, and revised their microcode license:
If you use Binary Ninja and have to look at 8086 binaries, here’s a new plugin that should help:
EfiWrapper is a library which simulate a UEFI firmware implementation. Its first purpose is to run a subset of the Kernelflinger OS loader to run in a non-UEFI environment.
Created about 2 years ago. Recently updated.
In case technical issues weren’t enough, the lawyers at Intel have apparently made it more difficult for some open source operating systems to use the latest Intel microcode.
PS: AMD is apparently still blocked at technical issues:
An Intel response to a question about SGX support on Celadon (Intel’s flavor of Android, tuned for Intel systems):
“By now there is no plan to support SGX for Android. Hope it clarifies.”
MicroPython for UEFI systems is available, see Brian’s edk2-devel list posting and the Tianocore wiki for more details:
3mdeb points out that there is a patent by Intel with information focused on disabling Intel SMM.
Don’t click on this link if you’re an engineer and are not allowed to view patent information.
IA32-doc:: put as many definitions from the Intel Manual into machine-processable format (in this case: yaml) as possible.
- ? OriginalNames – preserve case-sensitivity (BIOS, x2APIC, ToPA, …)
- ? Add final Reserved field to bitfields
- ? Possibility to split into multiple .h
- ?? Add doxygen main page
- ??? Add AMD
- Find what else is missing
- Fix 32/64 bitfields for MSR registers
- Add possibility for bitfields to have both UINT32/UINT64 members
at least one of these recent Intel bugs should also be in the Tianocore Security Advisories list, and at least one of them was just added to it:
In an effort to continuously improve the robustness of the Intel® Converged Security Management Engine (Intel® CSME), Intel has performed a security review of its Intel® CSME with the objective of continuously enhancing firmware resilience. As a result, Intel has identified security vulnerabilities that could potentially place affected platforms at risk.[…]
I’ve only seen them release 1 or 2 at a time, a dozen new advisories in a day is a LOT:
Insecure Handling of BIOS and AMT Passwords
EDK II Untested memory not covered by SMM page protection
Platform firmware included insecure handling of certain UEFI variables
Intel® Quartus® Prime Pro
Firmware Authentication Bypass
Intel® Quartus Family of Tools Privilege Escalation Vulnerability
Insufficient Input Validation in Intel® VTune Amplifier, Intel® Advisor and Intel® Inspector products before version 2018 Update 3 potentially allows an unprivileged user to trigger a Denial of Service via local vector
BMC Firmware Vulnerability Intel Server Boards, Compute Modules and Systems
Insufficient Input Validation in Bleach module in Intel® Distribution for Python (IDP) version IDP 2018 Update 2 potentially allows an unprivileged user to bypass URI sanitization and cause a Denial of Service via local vector
Intel® Converged Security Management Engine (Intel® CSME) 11.x issue
Intel® Optane™ memory module update
Intel Q1’18 Intel® Active Management Technology 9.x/10.x/11.x Security Review Cumulative Update