Oracle Solaris 11.4: UEFI Secure Boot on Intel HW

UEFI Secure Boot on Oracle Solaris x86 enables you to install and boot Oracle Solaris on platforms where UEFI Secure Boot is enabled. This feature provides more security by maintaining a chain of trust during boot: digital signatures of the firmware and software are verified before executing the next stage. No break occurs in the chain because of unsigned, corrupt, or rogue firmware or software during the boot process. This feature helps assure that the firmware and software used to boot Oracle Solaris on a hardware platform is correct, and has not been modified or corrupted.

https://docs.oracle.com/cd/E72435_01/html/E72445/grijo.html
https://docs.oracle.com/cd/E37838_01/html/E60974/index.html
https://blogs.oracle.com/solaris/oracle-solaris-114-beta-released
https://github.com/oracle/solaris-userland/tree/master/components/shim
https://www.phoronix.com/scan.php?page=news_item&px=Oracle-Linux-7-Update-4

 

 

dtrace for linux; Oracle does the right thing

dtrace for linux; Oracle does the right thing
Posted on February 14, 2018, 11:13.

[…]This changeset integrates DTrace module sources into the main kernel source tree under the GPLv2 license. Sources have been moved to appropriate locations in the kernel tree. That is right, dtrace dropped the CDDL and switched to the GPL![…]

https://gnu.wildebeest.org/blog/mjw/2018/02/14/dtrace-for-linux-oracle-does-the-right-thing/

Oracle kills off SPARC/Solaris

https://www.theregister.co.uk/2017/08/31/oracle_stops_prolonging_inevitable_layoffs/

https://www.thelayoff.com/t/P23GpT5

https://www.thelayoff.com/t/P2twa2w

Hagfish: UEFI Bootloader for Barrelfish

Barrelfish is a new research operating system being built from scratch and released by ETH Zurich in Switzerland, originally in collaboration with Microsoft Research and now partly supported by HP Enterprise Labs, Huawei, Cisco, Oracle, and VMware. […]

Hagfish is the Barrelfish/ARMv8 UEFI loader prototype: Hagfish (it’s a basal chordate i.e. something like the ancestor of all fishes). Hagfish is a second-stage bootloader for Barrelfish on UEFI platforms, most importantly the ARMv8 server platform. […]

http://www.barrelfish.org/

https://github.com/BarrelfishOS/hagfish

https://github.com/BarrelfishOS/uefi-sdk

RISC-V/LowRISC update

The recent RISC-V workshop is over, presentations are online, videos are not yet online:

http://riscv.org/workshop-jan2016.html
http://riscv.org/

RISC-V and coreboot:
http://riscv.org/workshop-jan2016/Tues1345%20riscvcoreboot.pdf

RISC-V and UEFI:
http://riscv.org/workshop-jan2016/Tues1415%20RISC-V%20and%20UEFI.pdf

There is some post-workshop coverage here:
https://blog.riscv.org/2016/01/3rd-risc-v-workshop-presentations-breakouts/
http://www.lowrisc.org/blog/2016/01/third-risc-v-workshop-day-one/
http://www.lowrisc.org/blog/2016/01/third-risc-v-workshop-day-two/
http://www.adapteva.com/andreas-blog/why-i-will-be-using-the-risc-v-in-my-next-chip/
http://www.eetimes.com/document.asp?doc_id=1328620&

LowRISC, a related project to RISC-V is also making progress. From the below EE Times article:

“The LowRISC project at the University of Cambridge is attracting interest as the likely first source of real development hardware. The team which includes members of the Raspberry Pi project hopes to have first silicon this year and plans to make development boards available in 2017, likely for $50-100.”

http://www.lowrisc.org/

http://www.eetimes.com/document.asp?doc_id=1328620&

I missed this news, it is interesting to see Google, HP, and Oracle getting involved with RISC-V.

http://www.eetimes.com/document.asp?doc_id=1328561&

 

VirtualBox 5.02 released

A few days ago Oracle released a new version of VirtualBox. It is a maintenance release, no huge new features I noticed, but lots of bugfixes, many related to hardware security issues, though no CVEs that I noticed.

https://blogs.oracle.com/virtualization/entry/oracle_vm_virtualbox_5_08

https://www.virtualbox.org/wiki/Changelog

 

DMTF Redfish 1.0 released

Redfish, an IPMI replacement, has shipped the first release of their spec. Quoting the press release:

DMTF Helps Enable Multi-Vendor Data Center Management with New Redfish 1.0 Standard

DMTF has announced the release of  Redfish 1.0, a standard for data center and systems management that delivers improved performance, functionality, scalability and security. Designed to meet the expectations of end users for simple and interoperable management of modern scalable platform hardware, Redfish takes advantage of widely-used technologies to speed implementation and help system administrators be more effective. Redfish is developed by the DMTF’s Scalable Platforms Management Forum (SPMF), which is led by Broadcom, Dell, Emerson, HP, Intel, Lenovo, Microsoft, Supermicro and VMware with additional support from AMI, Oracle, Fujitsu, Huawei, Mellanox and Seagate. The release of the Redfish 1.0 standard by the DMTF demonstrates the broad industry support of the full organization.

http://dmtf.org/standards/redfish
http://dmtf.org/join/spmf

Don’t forget to grab the Redfish “Mockup” as well as the specs and schema.

UEFI 2.5 has a JSON API to enable accessing Redfish. HP was first vendor with systems that supported UEFI 2.5’s new HTTP Boot, a PXE replacement.  Intel checked in HTTP Boot support into TianoCore, so it’s just a matter of time until other vendors have similar products. JSON-based Redfish and HTTP-based booting makes UEFI much more of a “web app”, w/r/t security research, and the need for system administrators to more closely examine how firmware is updated on their systems, to best protect them.
https://firmwaresecurity.com/tag/uefi-http-boot/

VirtualBox 5.0 released

Oracle relased version 5.0 of VirtualBox yesterday. I don’t see any firmware features listed in the press, and I’ve not had a chance to do a code review of the new code yet. It has improved CPU and USB 3.0 support, at minimum.

QEMU is the main platform for running UEFI’s virtual firmware: OVMF. But Xen, KVM, and VirtualBox also support OVMF, to some degree. VirtualBox can also be recompiled with EFI-specific build directives to enable additional UEFI diagnostics.

https://www.oracle.com/corporate/pressrelease/oracle-vm-virtualbox-5-070915.html

https://blogs.oracle.com/virtualization/entry/oracle_vm_virtualbox_5_07

(In somewhat related news, back in March, Oracle’s Linux distro got Secure Boot support.)

https://blogs.oracle.com/wim/entry/secure_boot_support_with_oracle