Uncategorized

TPM microconf at 2017 Linux Plumbers Conference

Matthew Garrett has announced a TPM microconference at the upcoming Linux Plumbers Conference:

I’m pleased to say that after the success last year, there will be another TPM microconference at this year’s Linux Plumbers Conference. The current schedule has this taking place on Wednesday the 13th of September, so just under 4 weeks from now. We have a list of proposals for discussion at http://wiki.linuxplumbersconf.org/2017:tpms but please feel free to add more! I intend to finalise the schedule by the end of next week, so please do so as soon as you can. For those of you who weren’t there, the Linux Plumbers conference is an event dedicated to bringing together people working on various infrastructural components (the plumbing) of Linux. Microconferences are 3 hour long events dedicated to a specific topic, with the focus on identifying problems and having enough people in the room to start figuring out what the solutions should be – the format is typically some short presentations coupled with discussion.

From James Bottomley’s comments on the LPC entry on this microconf:

Following on from the TPM Microconference last year, we’re pleased to announce there will be a follow on at Plumbers in Los Angeles this year. The agenda for this year will focus on a renewed attempt to unify the 2.0 TSS; cryptosystem integration to make TPMs just work for the average user; the current state of measured boot and where we’re going; using TXT with TPM in Linux and using TPM from containers.

http://wiki.linuxplumbersconf.org/2017:tpms

http://www.linuxplumbersconf.org/2017/trusted-platform-module-microconference-accepted-into-the-linux-plumbers-conference/

Full text of Matthew’s email:
https://lists.sourceforge.net/lists/listinfo/linux-ima-devel

Standard
Uncategorized

eventstat for Linux

Colin Ian King just tweeted about eventstat. But his tweets are protected, so you have to login to Twitter and Follow him in order to see them.

Eventstat periodically dumps out the current kernel event state. It keeps track of current events and outputs the change in events on each output update. The tool requires sudo to run since it needs to write to /proc/timer_stats to start and stop the event monitoring.

http://kernel.ubuntu.com/~cking/eventstat/

https://github.com/ColinIanKing/eventstat

https://launchpad.net/~colin-king/+snap/eventstat

Maybe there’ll be a blog post on it shortly, as well.

http://smackerelofopinion.blogspot.co.uk/

 

Standard
Uncategorized

Hardened Linux and firmware

I recently noticed Hardened Linux, because they were calling CHIPSEC. I just noticed they have some informational pages with info on Intel ME/AMT/UEFI and other technologies:

https://github.com/hardenedlinux/firmware-anatomy

https://github.com/hardenedlinux/firmware-anatomy/blob/master/hack_ME/firmware_security.md

https://github.com/hardenedlinux/firmware-anatomy/tree/master/hack_ME

https://github.com/hardenedlinux/firmware-anatomy/blob/master/hack_ME/me_info.md

https://hardenedlinux.github.io/about3/

https://hardenedlinux.github.io/system-security/2017/07/31/firmware_chipsec.html

https://translate.google.com/translate?hl=enu&u=https://hardenedlinux.github.io/system-security/2017/07/31/firmware_chipsec.html

 

Standard
Uncategorized

UEFI BoF at LPC

UEFI Forum member Harry Hsiung of Intel will be presenting a Birds of a Feather presentation titled “The State of UEFI Technology.” The session will cover the latest UEFI specifications and variables, as well as features like HTTP Boot, Wi-Fi, Bluetooth, NVDIMM, Secure Boot and capsule update. Attendees will also learn about the latest UEFI SCT updates and other tests like the Linux UEFI Validation (LUV) and the Linux Firmware Test Suite (FWTS).

http://www.uefi.org/events/upcoming

http://www.uefi.org/node/3738

https://www.linuxplumbersconf.org/2017/

Standard
Uncategorized

GRSecurity sues Bruce Perens over GPL issues

Below Register article has a link to the PDF of the court case.

Posted on June 28, 2017 by Bruce
Warning: Grsecurity: Potential contributory infringement and breach of contract risk for customers
It’s my strong opinion that your company should avoid the Grsecurity product sold at grsecurity.net because it presents a contributory infringement and breach of contract risk.[…]

https://perens.com/blog/2017/06/28/warning-grsecurity-potential-contributory-infringement-risk-for-customers/

[…]Defendant is a computer programmer, known for his creation of the Open Source Definition and co-founder of the Open Source Initiative. This action arises from Defendants’ abusive and false claims made on a blog post 1 (“Posting”), on Defendant’s website, http://www.perens.com (the “Website”), regarding Plaintiff’s business, which has resulted in substantial harm to Plaintiff’s reputation, goodwill, and future business prospects.[…]

https://www.theregister.co.uk/AMP/2017/08/03/linux_kernel_grsecurity_sues_bruce_perens_for_defamation/

https://grsecurity.net/

Standard
Uncategorized

archlinux-fde-uefi

A collection of brief guides for installing Arch Linux with LUKS full disk encryption over a UEFI based system. While I was further exploring the linux universe seeking the answer to the meaning of life, I met a challenge of never matched difficulty: full disk encryption using LUKS over a UEFI based system. Many are the guides available on the web but none of them fullfilled my thirst for knowledge, as some were for older non-GPT installs or a bit too vague for a first time approach of the argument. Therefore, here I share with you what I’ve learned during my journey… BTRFS as well!

https://github.com/archmirak/archlinux-fde-uefi

Standard
Uncategorized

UEFI-Boot

[[
CORRECTION:
It is not a boot loader, is a few bash shell scripts, that calls the efibootmgr to configure UEFI with Linux kernel, presuming a Ubuntu-based system.

I should have read the code before calling the code a boot loader. Mea culpa.
]]

UEFI-Boot is a new UEFI-centric, Linux-centric bootloader that lets you “Boot Linux directly from UEFI firmware (without any bootloader)”:

UEFI Boot – is a small and simple project aimed to organize the loading of linux kernel via UEFI firmware (without any bootloader). The synchronization of UEFI boot options with installed kernel versions is triggered via /etc/kernel/postinst.d and /etc/kernel/postrm.d kernel triggers.

https://github.com/slytomcat/UEFI-Boot

Standard