Microsoft Azure: UEFI-based boot VMs available

May 22, 2019 ~ hucktech ~ Leave a comment

Good new, the long awaited UEFI-based boot support for Azure virtual machine is now available in preview. The UEFI-based boot support was added to on-premises Hyper-V since Windows Server 2012 R2, quite long time ago and since then we have been waiting for this on Azure. The new generation (aka generation 2) of Azure virtual machine introduces this support alongside of: […] and off course, support of SecureBoot and vTPM (virtual trusted platform module). Unfortunately, the support for VHDX is still not there. […] Complete list of support and limitations is available here https://docs.microsoft.com/en-us/azure/virtual-machines/windows/generation-2 (side note, it seems the documentation is not completely correct at the time of writing as SecureBoot and vTPM are still listed as unsupported).[…]

https://www.hametbenoit.com/2019/05/21/azure-uefi-based-boot-virtual-machine-now-available-in-preview/

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/generation-2

Microsoft Windows: System Guard Secure Launch and SMM protection

February 25, 2019 ~ hucktech ~ Leave a comment

[I think this documentation is new. Maybe the feature is new as well.]

This topic explains how to configure System Guard Secure Launch and System Management Mode (SMM) protection to improve the startup security of Windows 10 devices. The information below is presented from a client perspective.[…]

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection

Microsoft seeks Director Firmware Development

January 26, 2019 ~ hucktech ~ Leave a comment

The Cloud Server Infrastructure Firmware Development (CSI-FW) team is responsible for server hardware definition, design and development of Server and Rack Infrastructure engineering for Microsoft’s online services. We are seeking a Director for our Firmware Development team. In this role it will be your job to help the firmware development team deliver on its product roadmap and strategy. You are also expected to educate and grow the software engineers on your team as well as help teach the engineers across our organization to see the vision you help us create. The candidate should have strong coding skills, debugging and troubleshooting abilities, with experience in leading and driver development in either Linux Kernel or Windows Kernel. The successful candidate should have experience with some or all of the following: firmware development, driver development, Windows OS development, yocto, UEFI, network sockets, platform initialization, Board Support Packages, peripherals interfaces such as PCIe, I2C, eMMC, SPI, USB, UARTs. OS primitives, memory management, scheduling, interrupts requests, threading and synchronization.

https://careers.microsoft.com/us/en/job/577536/Director-Firmware-Development

Azure IoT automatic device management helps deploying firmware updates at scale

January 15, 2019 ~ hucktech ~ Leave a comment

Azure IoT automatic device management helps deploying firmware updates at scale https://t.co/NXNrqoDhF0

— Joshua R. Poulson (@shirgall) January 15, 2019

Automatic device management in Azure IoT Hub automates many of the repetitive and complex tasks of managing large device fleets over the entirety of their lifecycles. Since the feature shipped in June 2018, there has been a lot of interest in the firmware update use case. This blog article highlights some of the ways you can kickstart your own implementation.

Azure IoT automatic device management helps deploying firmware updates at scale

hdk – (unofficial) Hyper-V® Development Kit

January 12, 2019 ~ hucktech ~ Leave a comment

https://twitter.com/aionescu/status/1083874432215437312

The HDK is an updated version of the HvGdk.h header file published under MSR-LA as part of the Singularity Research Kernel. It has been updated to add the latest definitions, structures and definitions as described in the Microsoft Hypervisor Top-Level Functional Specification (TLFS) 5.0c published June 2018.

https://ionescu007.github.io/hdk/

Microsoft: Introducing Project Mu

December 21, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/10/12/microsoft-project-mu-adaptation-of-tianocores-edk2/ Microsoft has a new document introducing Project Mu:

A slightly more formal introduction: https://t.co/2zmciNuOMw

— Jay (Jeremiah) Cox (@int0x6) December 19, 2018

https://blogs.windows.com/buildingapps/2018/12/19/%e2%80%afintroducing-project-mu/

Introducing the Windows Internals Series: One Windows Kernel

October 18, 2018 ~ hucktech ~ Leave a comment

Today we are kicking off a new series of detailed and technical articles that dive deep into the behind-the-scenes on the development of the Windows OS called Windows Internals. First topic? The Windows Kernel! #Winternals https://t.co/rjZosz0k3P pic.twitter.com/2Q3lYXkpZz

— Brandon LeBlanc (@brandonleblanc) October 17, 2018

https://insider.windows.com/en-us/articles/category/article-categories/windows-internals/

Microsoft: Component Firmware Update (CFU)

October 18, 2018 ~ hucktech ~ Leave a comment

Introducing Component Firmware Update https://t.co/i4fkvULCmM

— Windows Blogs (@windowsblog) October 17, 2018

October 17, 2018 4:02 pm
Introducing Component Firmware Update
By Microsoft Devices Team

The Microsoft Devices Team is excited to announce the release of an open-source model for Component Firmware Update for Windows system developers – Component Firmware Update (CFU). With CFU, you can easily deliver firmware updates for through Windows Update by using CFU drivers.[…]

https://blogs.windows.com/buildingapps/2018/10/17/introducing-component-firmware-update/

Microsoft Project Mu: adaptation of TianoCore’s EDK2

October 12, 2018 ~ hucktech ~ 1 Comment

https://github.com/Microsoft/mu_plus

https://github.com/Microsoft/mu_basecore

6 repos: https://github.com/topics/projectmu

https://microsoft.github.io/mu/faq/

https://microsoft.github.io/mu/

Project Mu is a modular adaptation of TianoCore’s edk2 tuned for building modern devices using a scalable, maintainable, and reusable pattern. Mu is built around the idea that shipping and maintaining a UEFI product is an ongoing collaboration between numerous partners. For too long the industry has built products using a “forking” model combined with copy/paste/rename and with each new product the maintenance burden grows to such a level that updates are near impossible due to cost and risk.

Project Mu also tries to address the complex business relationships and legal challenges facing partners today. To build most products it often requires both closed-source, proprietary assets as well as open source and industry standard code. The distributed build system and multi-repository design allow product teams to keep code separate and connected to their original source while respecting legal and business boundaries.

Project Mu originated from building modern Windows PCs but its patterns and design allow it to be scaled down or up for whatever the final product’s intent. IoT, Server, PC, or any other form factor should be able to leverage the content.

Microsoft Open Enclave SDK

October 11, 2018 ~ hucktech ~ Leave a comment

https://openenclave.io/sdk/

What is Open Enclave SDK?
Confidential computing is an ongoing effort to protect data throughout its lifecycle at rest, in transit and now in use. With the use of Trust Execution Environments, customers can build applications that protect data from outside access while in use. Open Enclave SDK is an open source SDK targeted at creating a single unified enclaving abstraction for developer to be build Trusted Execution Environment (TEEs) based applications. As TEE technology matures and as different implementations arise, the Open Enclave SDK is committed to supporting an API set that allows developers to build once and deploy on multiple technology platforms, different environments from cloud to hybrid to edge, and for both Linux and Windows.

Microsoft's OpenEnclave SDK is now open source https://t.co/8OZ3q70nIj

— Felix Schuster (@flxflx) October 10, 2018

https://twitter.com/aionescu/status/1050093156560039936

We’re excited to announce the public preview of Azure Confidential Computing, which includes new a VM type with Intel SGX and an SDK for building confidential apps, ushering in a new era of cyber security: https://t.co/JxlEUOrj8N

— Mark Russinovich (@markrussinovich) October 10, 2018

Protect data in use with the public preview of Azure confidential computing

Microsoft Ephemeral OS: limited public preview

October 5, 2018 ~ hucktech ~ Leave a comment

Check out the limited preview of #Azure Ephemeral OS Disk, a new type of OS disk providing local disk performance and faster boot and reset time: https://t.co/rSF9gO523p pic.twitter.com/j46TBnLxCF

— Microsoft Azure (@Azure) October 5, 2018

Last week at Microsoft Ignite, we launched Ultra SSD, a new industry leading high-performance disk type for IO intensive workloads. Adding to that, today we are delighted to share the limited preview of Ephemeral OS Disk, a new type of OS disk created directly on the host node, providing local disk performance and faster boot/reset time. Ephemeral OS Disk is supported for all virtual machines (VM) and virtual machine scale sets (VMSS). This offering is based on your feedback to provide a lower cost, higher performant OS disk for stateless applications, which enable them to quickly deploy the VMs and reset them to its original state.[…]

https://azure.microsoft.com/en-us/blog/ephemeral-os-disk-limited-public-preview/

Announcing Ultra SSD – the next generation of Azure Disks technology (preview)

Microsoft Bitlocker countermeasures and Thunderbolt DMA protection

September 8, 2018 ~ hucktech ~ Leave a comment

Both Secure Launch (a.k.a. DRTM, System Guard, Intel TXT) & DMA Guard on display in the screenshots on the updated BitLocker Countermeasures doc: https://t.co/7qYQSvsekD

— Jay (Jeremiah) Cox (@int0x6) September 6, 2018

https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-countermeasures

Regarding Thunderbolt DMA attacks… my co-conspiratators have published the following: https://t.co/ycM3JdsWWl

— Jay (Jeremiah) Cox (@int0x6) September 8, 2018

https://docs.microsoft.com/en-us/windows/security/information-protection/kernel-dma-protection-for-thunderbolt

SpeculationControl: PowerShell script

August 18, 2018 ~ hucktech ~ Leave a comment

I created a github repo for the SpeculationControl PowerShell script: https://t.co/zkk8jUUvZ8

— Matt Miller (@epakskape) August 17, 2018

SpeculationControl is a PowerShell script that summarizes the state of configurable Windows mitigations for various speculative execution side channel vulnerabilities, such as CVE-2017-5715 (Spectre variant 2) and CVE-2017-5754 (Meltdown). For an explanation on how to interpret the output of this tool, please see Understanding Get-SpeculationControlSettings PowerShell script output.[…]

https://github.com/Microsoft/SpeculationControl

https://support.microsoft.com/en-us/help/4074629/understanding-the-output-of-get-speculationcontrolsettings-powershell

ChromeBook CampFire?

August 13, 2018 ~ hucktech ~ Leave a comment

Chromebooks may get Apple Boot Camp-like Windows 10 dual boot with "Campfire" https://t.co/jY64vUO9M5 pic.twitter.com/42ujxCgXxo

— XDA (@xdadevelopers) August 12, 2018

https://twitter.com/coolstarorg/status/1028677996578660352

Everything we know about Campfire, Google’s secretive project to get Windows 10 running on Chromebooks.[…]

https://www.xda-developers.com/chromebooks-chrome-os-windows-10-dual-boot-apple-boot-camp-campfire/

Microsoft Blackhat speculative execution slides posted

August 11, 2018 ~ hucktech ~ Leave a comment

Slides posted for the #BHUSA presentation by @anders_fogh & @CTurtE on systematizing and mitigating speculative execution side channels vulnerabilities: https://t.co/4OoqLupyRT

— Matt Miller (@epakskape) August 10, 2018

Click to access us-18-Fogh-Ertl-Wrangling-with-the-Ghost-An-Inside-Story-of-Mitigating-Speculative-Execution-Side-Channel-Vulnerabilities.pdf

Detours now open source

August 10, 2018 ~ hucktech ~ Leave a comment

Nice to see that Microsoft has open-sourced Detours!

Wasn’t aware of that Detours for x64/ARM64 was open sourced. Could be handy or a good reference implementation to make your own. CC @brucedang https://t.co/dAz6ujxjGA

— Satoshi Tanda (@standa_t) August 10, 2018

https://github.com/Microsoft/Detours

https://github.com/microsoft/Detours/wiki

Microsoft announces the public preview of Windows 10 IoT Core Services

July 20, 2018 ~ hucktech ~ Leave a comment

https://twitter.com/daniel_bilar/status/1020105534417133568

https://blogs.windows.com/windowsexperience/2018/07/18/microsoft-announces-the-public-preview-of-windows-iot-core-services-today/

https://docs.microsoft.com/en-gb/windows/iot-core/commercialize-your-device/iotcoreservicesoverview

Microsoft Surface Pro 2 TPM firmware update issues

July 13, 2018 ~ hucktech ~ Leave a comment

Win10 Defender running on Surface Pro 2 says the TPM chip needs a firmware update. Microsoft hasn't shipped one — and hasn't committed to shipping one. Should security-conscious/BitLocker folks with four-year-old SP2 machines just dump them? https://t.co/hTScI85zbc

— Ask Woody https://infosec.exchange/@askwoody (@AskWoody) July 13, 2018

https://www.computerworld.com/article/3289630/microsoft-windows/surface-pro-2-owners-wonder-will-microsoft-ship-tpm-firmware-that-works.html

Microsoft: C++ Developer Guidance for Speculative Execution Side Channels

July 11, 2018 ~ hucktech ~ Leave a comment

Updated: Microsoft C++ developer guidance for speculative execution side channels in response to the great research by Vladimir Kiriansky & Carl Waldspurger on Bounds Check Bypass Store (BCBS). https://t.co/M8lHLl0ody

— Matt Miller (@epakskape) July 11, 2018

https://docs.microsoft.com/en-us/cpp/security/developer-guidance-speculative-execution

Windows: new feature using IOMMU to block DMA access for Thunderbolt devices when machine is locked

June 12, 2018 ~ hucktech ~ Leave a comment

The latest version of Windows apparently has new protections against PCILeech and related attacks:

#WindowsInsider How cool is this — Windows insider preview has a new security feature which uses the IOMMU to block DMA access for thunderbolt devices when your machine is locked. @int0x6 #pcileech pic.twitter.com/bj9pnF1YXb

— David Weston (DWIZZZLE) (@dwizzzleMSFT) June 12, 2018

Totally awesome – a shiny settings toggle switch to enable! Must Try 😀 But I'll miss my DMA attacks 😢

— Ulf Frisk (@UlfFrisk) June 12, 2018