Uncategorized

OpenBSD adds sysctl kern.allowkmem to reduce ‘decades of kernel snooping’

“Make a move towards ending 4 decades of kernel snooping. Add sysctl kern.allowkmem (default 0) which controls the ability to open /dev/mem or /dev/kmem at securelevel > 0.  Over 15 years we converted 99% of utilities in the tree to operate on sysctl-nodes (either by themselves or via code hiding in the guts of -lkvm). pstat -d and -v & procmap are affected and continued use of them will require kern.allowkmem=1 in /etc/sysctl.conf.  acpidump (and it’s buddy sendbug) are affected, but we’ll work out a solution soon. There will be some impact in ports.”

http://marc.info/?l=openbsd-cvs&m=147481705211536&w=2

 

Standard
Uncategorized

Filippo Valsorda: reversing OpenBSD FDE passwords

Filippo Valsorda of the CloudFlare Security Team wrote a blog on OpenBSD’s full-disk-encryption, after he lost his password.

So I lost my OpenBSD FDE password
The other day I set up a new OpenBSD instance with a nice RAID array, encrypted with Full Disk Encryption. And promptly proceeded to forget part of the passphrase. […] I did a weak attempt at finding some public bruteforce tool, and found nothing. I say weak because somewhere in the back of my brain, I already wanted to take a peek at the OpenBSD FDE implementation. Very little is documented, and while I do trust OpenBSD, I want to know how my data is encrypted. So this was the “perfect” occasion. […]

https://blog.filippo.io/so-i-lost-my-openbsd-fde-password/
https://github.com/FiloSottile/openbsd-fde-crack
Related info:
http://thiébaud.fr/openbsd_softraid.html

 

Standard
Uncategorized

BSSSD: Trusted Computing for FreeBSD and OpenBSD

Excerpting the recent TCG announcement:

BSSSD: Trusted Computing now available for FreeBSD and OpenBSD: All pieces to utilize Trusted Computing and build Trusted Computing applications on FreeBSD and OpenBSD have been made available by the BSSSD-project.

Software components:
 * TPM device driver for the FreeBSD-kernel
 * TPM device driver for the OpenBSD-kernel
 * TCG Software Stack TrouSerS
 * TrustedGRUB boot-loader
 * TPM-Tools
 * OpenSSL-TPMengine
 * OpenCryptoKi
 * TPM-Emulator
 * TPM-Testsuite

Kernel drivers were developed for the following TPMs:
 * Atmel 97SC3203
 * Broadcom BCM0102
 * Infineon IFX SLB 9635 TT 1.2
 * Intel INTC0102
 * Sinosun SNS SSX35
 * STM ST19WP18
 * Winbond WEC WPCT200
 * TPMemulator

http://bsssd.sourceforge.net/components.html
http://bsssd.sourceforge.net/download.html

BSSSD: Trusted Computing Now Available for FreeBSD and OpenBSD

Standard
Uncategorized

OpenBSD 5.9 released

OpenBSD 5.9 has been released. There are a few firmware-related improvements in this release, such as:
* New efifb(4) driver for EFI frame buffer.
* amd64 can now boot from 32 bit and 64 bit EFI.
* Initial support for hardware reduced ACPI added to acpi(4).

* New asmc(4) driver for the Apple System Management Controller.
* New dwiic(4) driver for the Synopsys DesignWare I2C controller.
* Support for ACPI configured SD host controllers has been added to sdhc(4).
* The sdmmc(4) driver now supports sector mode for eMMC devices, such as those found on some BeagleBone Black boards.
* The ipmi(4) driver now supports OpenIPMI compatible character device.

Full announcement:
http://www.openbsd.org/59.html

Standard
Uncategorized

OpenBSD’s new native hypervisor

Many people are reporting OpenBSD’s new native hypervisor:

More information:

http://undeadly.org/cgi?action=article&sid=20151122214050&mode=expanded

http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/arch/amd64/amd64/vmm.c?rev=1.6

 

Standard