CVE-2018-3266: Oracle Solaris Verified Boot vuln

October 17, 2018 ~ hucktech ~ Leave a comment

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Verified Boot). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris.

https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

https://nvd.nist.gov/vuln/detail/CVE-2018-3266

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3266

Current Exploit Price (≈) 3.9 $5k-$25k

https://vuldb.com/?id.125643

Cisco: Self-Encypting Drive firmware issue

July 2, 2018July 4, 2018 ~ hucktech ~ Leave a comment

“A drive firmware issue on select Self-Encrypting Drives (SEDs) might cause an operational issue for some Unified Computing System (UCS) servers and HyperFlex clusters.”

https://www.cisco.com/c/en/us/support/docs/field-notices/702/fn70234.html?emailclick=CNSemail

https://www.theregister.co.uk/2018/07/02/cisco_ucs_hyperflex_disk_firmware_problem_could_kill_clusters/

Oracle Solaris 11.4: UEFI Secure Boot on Intel HW

February 26, 2018 ~ hucktech ~ Leave a comment

Solaris UEFI Secure Boot now available for preview in #solaris114beta. Secure or Verified Boot checks signed firmware & software end-to-end from @Intel hardware, UEFI firmware, GRUB boot manager, & Solaris kernel. I worked on it with Ann Lai in 2016 before I left @OracleSolaris.

— (((Dan Anderson))) (@_Dan_Anderson) February 24, 2018

UEFI Secure Boot on Oracle Solaris x86 enables you to install and boot Oracle Solaris on platforms where UEFI Secure Boot is enabled. This feature provides more security by maintaining a chain of trust during boot: digital signatures of the firmware and software are verified before executing the next stage. No break occurs in the chain because of unsigned, corrupt, or rogue firmware or software during the boot process. This feature helps assure that the firmware and software used to boot Oracle Solaris on a hardware platform is correct, and has not been modified or corrupted.

https://docs.oracle.com/cd/E72435_01/html/E72445/grijo.html
https://docs.oracle.com/cd/E37838_01/html/E60974/index.html
https://blogs.oracle.com/solaris/oracle-solaris-114-beta-released
https://github.com/oracle/solaris-userland/tree/master/components/shim
https://www.phoronix.com/scan.php?page=news_item&px=Oracle-Linux-7-Update-4

I guess it's official, then. We've accidentally written the first stage bootloader and initial verification chain for a major commercial UNIX®. https://t.co/rj1B6ngs8Y

— Farce Majeure 🌹 (@vathpela) February 25, 2018

At this point @vathpela deserves far more credit than I do

— Matthew Garrett (@mjg59) February 24, 2018

dtrace for linux; Oracle does the right thing

February 14, 2018 ~ hucktech ~ Leave a comment

DTRACE FOR LINUX; ORACLE DOES THE RIGHT THING
That is right, dtrace dropped the CDDL and switched to the GPL!https://t.co/XSotKWxU9Q

— Alec Muffett (@AlecMuffett) February 14, 2018

dtrace for linux; Oracle does the right thing
Posted on February 14, 2018, 11:13.

[…]This changeset integrates DTrace module sources into the main kernel source tree under the GPLv2 license. Sources have been moved to appropriate locations in the kernel tree. That is right, dtrace dropped the CDDL and switched to the GPL![…]

https://gnu.wildebeest.org/blog/mjw/2018/02/14/dtrace-for-linux-oracle-does-the-right-thing/

Oracle kills off SPARC/Solaris

September 3, 2017 ~ hucktech ~ Leave a comment

For those unaware, Oracle laid off ~ all Solaris tech staff yesterday in a classic silent EOL of the product. https://t.co/ibs2REGRmj

— Simon Phipps (@webmink) September 2, 2017

If you haven't started moving off Solaris/SPARC years ago it's definitely time to start now.

— John Bellone (@johnbellone) September 3, 2017

https://www.theregister.co.uk/2017/08/31/oracle_stops_prolonging_inevitable_layoffs/

https://www.thelayoff.com/t/P23GpT5

https://www.thelayoff.com/t/P2twa2w

Hagfish: UEFI Bootloader for Barrelfish

July 24, 2017 ~ hucktech ~ Leave a comment

Barrelfish is a new research operating system being built from scratch and released by ETH Zurich in Switzerland, originally in collaboration with Microsoft Research and now partly supported by HP Enterprise Labs, Huawei, Cisco, Oracle, and VMware. […]

Hagfish is the Barrelfish/ARMv8 UEFI loader prototype: Hagfish (it’s a basal chordate i.e. something like the ancestor of all fishes). Hagfish is a second-stage bootloader for Barrelfish on UEFI platforms, most importantly the ARMv8 server platform. […]

http://www.barrelfish.org/

https://github.com/BarrelfishOS/hagfish

https://github.com/BarrelfishOS/uefi-sdk

VirtualBox 5.0.14 released

February 1, 2016 ~ hucktech ~ Leave a comment

Oracle VM @virtualbox 5.0.14 Available!https://t.co/lHbx6J2cMr pic.twitter.com/3IrOWopNHg

— Oracle Sys Dev (@OracleSysDev) January 20, 2016

5.0.14 is a maintenance release. The prior release, 5.0.12, had a fix to their EFI support.

More information:
https://blogs.oracle.com/virtualization/entry/oracle_vm_virtualbox_5_013
https://www.virtualbox.org/
https://www.virtualbox.org/wiki/Changelog

RISC-V/LowRISC update

January 11, 2016January 11, 2016 ~ hucktech ~ Leave a comment

The recent RISC-V workshop is over, presentations are online, videos are not yet online:

http://riscv.org/workshop-jan2016.html
http://riscv.org/

RISC-V and coreboot:

Click to access Tues1345%20riscvcoreboot.pdf

RISC-V and UEFI:

Click to access Tues1415%20RISC-V%20and%20UEFI.pdf

There is some post-workshop coverage here:
https://blog.riscv.org/2016/01/3rd-risc-v-workshop-presentations-breakouts/
http://www.lowrisc.org/blog/2016/01/third-risc-v-workshop-day-one/
http://www.lowrisc.org/blog/2016/01/third-risc-v-workshop-day-two/
http://www.adapteva.com/andreas-blog/why-i-will-be-using-the-risc-v-in-my-next-chip/
http://www.eetimes.com/document.asp?doc_id=1328620&

LowRISC, a related project to RISC-V is also making progress. From the below EE Times article:

“The LowRISC project at the University of Cambridge is attracting interest as the likely first source of real development hardware. The team which includes members of the Raspberry Pi project hopes to have first silicon this year and plans to make development boards available in 2017, likely for $50-100.”

http://www.lowrisc.org/

http://www.eetimes.com/document.asp?doc_id=1328620&

I missed this news, it is interesting to see Google, HP, and Oracle getting involved with RISC-V.

"Google, HP, Oracle Join RISC-V" https://t.co/Cw8y8W0zOA #instant #feedly

— ladore (@ladore) January 2, 2016

http://www.eetimes.com/document.asp?doc_id=1328561&

VirtualBox 5.02 released

August 27, 2015 ~ hucktech ~ Leave a comment

A few days ago Oracle released a new version of VirtualBox. It is a maintenance release, no huge new features I noticed, but lots of bugfixes, many related to hardware security issues, though no CVEs that I noticed.

https://blogs.oracle.com/virtualization/entry/oracle_vm_virtualbox_5_08

.@Oracle has just released Oracle VM VirtualBox 5.0.2 to improve stability & fix regressions http://t.co/zh0OXEbwBf #virtualization

— Oracle IT Infrastructure (@Infrastructure) August 25, 2015

https://www.virtualbox.org/wiki/Changelog

DMTF Redfish 1.0 released

August 4, 2015 ~ hucktech ~ Leave a comment

Redfish, an IPMI replacement, has shipped the first release of their spec. Quoting the press release:

DMTF Helps Enable Multi-Vendor Data Center Management with New Redfish 1.0 Standard

DMTF has announced the release of Redfish 1.0, a standard for data center and systems management that delivers improved performance, functionality, scalability and security. Designed to meet the expectations of end users for simple and interoperable management of modern scalable platform hardware, Redfish takes advantage of widely-used technologies to speed implementation and help system administrators be more effective. Redfish is developed by the DMTF’s Scalable Platforms Management Forum (SPMF), which is led by Broadcom, Dell, Emerson, HP, Intel, Lenovo, Microsoft, Supermicro and VMware with additional support from AMI, Oracle, Fujitsu, Huawei, Mellanox and Seagate. The release of the Redfish 1.0 standard by the DMTF demonstrates the broad industry support of the full organization.

http://dmtf.org/standards/redfish
http://dmtf.org/join/spmf

Don’t forget to grab the Redfish “Mockup” as well as the specs and schema.

UEFI 2.5 has a JSON API to enable accessing Redfish. HP was first vendor with systems that supported UEFI 2.5’s new HTTP Boot, a PXE replacement. Intel checked in HTTP Boot support into TianoCore, so it’s just a matter of time until other vendors have similar products. JSON-based Redfish and HTTP-based booting makes UEFI much more of a “web app”, w/r/t security research, and the need for system administrators to more closely examine how firmware is updated on their systems, to best protect them.
https://firmwaresecurity.com/tag/uefi-http-boot/

VirtualBox 5.0 released

July 10, 2015 ~ hucktech ~ Leave a comment

Oracle relased version 5.0 of VirtualBox yesterday. I don’t see any firmware features listed in the press, and I’ve not had a chance to do a code review of the new code yet. It has improved CPU and USB 3.0 support, at minimum.

QEMU is the main platform for running UEFI’s virtual firmware: OVMF. But Xen, KVM, and VirtualBox also support OVMF, to some degree. VirtualBox can also be recompiled with EFI-specific build directives to enable additional UEFI diagnostics.

https://www.oracle.com/corporate/pressrelease/oracle-vm-virtualbox-5-070915.html

https://blogs.oracle.com/virtualization/entry/oracle_vm_virtualbox_5_07

(In somewhat related news, back in March, Oracle’s Linux distro got Secure Boot support.)

https://blogs.oracle.com/wim/entry/secure_boot_support_with_oracle