Andrea on Avionics security

April 14, 2017 ~ hucktech ~ Leave a comment

Several of you asked for these slides, now uploaded.

Real-life experiences in avionics security assessment: https://t.co/At9XlH0jRV

— Andrea Barisani (@AndreaBarisani) April 13, 2017

https://github.com/abarisani/abarisani.github.io/tree/master/research/avionics

Click to access iotday_avionics.pdf

F-Secure acquires Inverse Path

February 18, 2017 ~ hucktech ~ Leave a comment

A big day for us, we are proud to announce that Inverse Path is now part of F-Secure.https://t.co/UZp6F9jpmD https://t.co/7caYQSwZQ9

— Andrea Barisani (@AndreaBarisani) February 16, 2017

“Helsinki, Finland – February 16, 2017: Cyber security company F-Secure has acquired privately-held company Inverse Path, an industry leader in providing security services to the avionics, automotive, and industrial control sectors. Inverse Path’s expertise in hardware security and the safety of critical embedded systems strengthens F-Secure’s position as a service provider for businesses in critical sectors with challenging IT infrastructure.[…]”

https://www.f-secure.com/en/web/press_global/news/news-archive/-/journal_content/56/1075444/1906310

http://inversepath.com/usbarmory.html

I wish all OEMs thought like Inverse Path…

February 5, 2016 ~ hucktech ~ Leave a comment

Idea: you send us secure boot pubkey hashes, we fuse them on your ordered USB armory, from that moment to your door nobody else can use it.

— Andrea Barisani (@AndreaBarisani) February 4, 2016

“Idea: you send us secure boot pubkey hashes, we fuse them on your ordered USB armory, from that moment to your door nobody else can use it.”

We need OEMs that build machines like this, and the Stateless Laptop of Invisible Things Lab.

USB Armory security

October 26, 2015 ~ hucktech ~ Leave a comment

Two stories, 1 post:

1) USB Armory, an Open Source Hardware-based ARM device by Inverse Path, has secured it’s boot sequence, and uses the term “Secure Boot”, not to be confused by UEFI Secure Boot, and have finished documenting it:

secure and verified USB armory boot tested and documented, looking forward to demo it at @t2_fi for the 1st time!

https://t.co/uxrebRosJC

— Andrea Barisani (@AndreaBarisani) October 26, 2015

Excerpt, just of the disclaimer, since it is a serious one:

IMPORTANT DISCLAIMER: enabling secure boot functionality on the USB armory SoC, unlike similar features on modern PCs, is an irreversible action that permanently fuses verification keys hashes on the device. This means that any errors in the process or loss of the signing PKI will result in a bricked device incapable of executing unsigned code. This is a security feature, not a bug. The activation and use of the secure boot functionality is therefore at your own risk and must be approached with care.

https://github.com/inversepath/usbarmory/wiki/Secure-boot

2) A second USB Armory story:

https://twitter.com/Yann2192/status/658590304392650752

WordPress.com processes URLs I include in text, including embedding the entire docment of git.github-based URLs, I have to split this URL in have, you’ll have to recombine it, sorry (alternately, click on the URL inside the Twitter ‘box’ above):
https://gist.github.com/
yann2192/f989143c86567237460e

Open Hardware updates

September 3, 2015 ~ hucktech ~ Leave a comment

One problem with being a small hardware vendor is keeping supply in stock. Bunnie Studios’s Novena, or Purism’s Librem, or Inverse Path’s USB Amoury, all IMO 3 leaders of the Open Hardware movement, are all currently in stock, or are restocking, or have a few left. Novena has a handful of laptops remaining, Librem v2 has a few days remaining for current funding program, and USB Armory is getting restocked. To paraphrase an open source term, for open hardware use: “Buy early, buy often.” 🙂

A limited # of @novenakosagi laptops by @bunniestudios are now available http://t.co/SHsXkzzXCk #openhardware pic.twitter.com/QGoZuZ3NYT

— Crowd Supply (@crowd_supply) September 2, 2015

The Librem 15 #privacy laptop keeps on raising funds! $510K! 16 more days to order: http://t.co/utSfskzkqg … … pic.twitter.com/RniD9esiUu

— Purism (@Puri_sm) September 1, 2015

The USB armory is back for pre-order! A new batch will be available November 2015.https://t.co/q2sLLQkFTF pic.twitter.com/y9WwEbirmU

— Andrea Barisani (@AndreaBarisani) September 3, 2015

RMS blesses Crowd Supply for Open Hardware OEM use

July 25, 2015 ~ hucktech ~ Leave a comment

Crowd Supply, the crowfunding platform for Open Hardware OEMs, was blessed this week by RMS and the FSF. Crowd Supply has helped new hardware startups and “Micro OEMs” like Bunnie Studios’ Novena, Purism’s Librem, and Inverse Path’s USB Armory.

“The FSF has selected Crowd Supply as its preferred crowdfunding platform, and will recommend Crowd Supply to hardware and software creators looking to crowdfund, sell or purchase products online. And third, Crowd Supply and the FSF will work together to promote and launch new software and hardware products that adhere to FSF’s guiding principles, with the first project to be announced soon.”

I am *VERY* eager to see more startups creating Open Hardware-based systems! I am looking forward to a few years from now when RISC-V-based devices start showing up on CrowdSupply…!

Going further, the FSF and Linux Foundation need to proactively start building the missing components, not waiting for Intel/ARM and OEMs to create Open Hardware, there’s little motivation for them to change their ways and their IP policies. The FSF needs to — first define, then… — fund Free Hardware, if they’re going in a separate direction from OSHWA’s Open Hardware. Personally, I wish the FSF would partner with OSHWA and focus on Open Hardware, instead of splintering the few non-closed hardware resources/efforts/funds.

More Information:
https://www.crowdsupply.com/free-software-foundation-endorses-crowd-supply-for-respecting-users-software-freedom
http://www.fsf.org/news/fsf-endorses-embedded-gnu-linux-distro-proteanos-as-fully-free
http://arstechnica.com/information-technology/2015/07/founder-of-gnu-bestows-blessing-upon-open-source-crowdfunding-site/