Seattle firmware presentation at DC206 Meeting this Sunday

Many cities have “DC<areacode>” groups, the local DEF CON community. The Seattle-area DC206 group is having it’s monthly meeting this Sunday, and is firmware-centric, in case you are in the Seattle-area.

An Introduction To Pulling Software From Flash via I2C, SPI and JTAG
by Matt DuHarte

This beginners talk is as jargon free as possible and a great introduction to the world inside all those little devices that make up our world.  Not every device we have makes it easy to see the software they run.  How do you analyze the firmware of a device that does not have a display or even a serial port?  Simple – pull the software directly from the flash on the device.  A new generation of simple and inexpensive hardware devices make it fast and easy.  This talk will introduce just enough of the protocols involved, the devices used to pull a firmware image and the software we use to modify the images and put them back. Following the talk there will be a hands on area for watching demonstrations and you to try your hand at pulling images off various devices.

Matt DuHarte is the Security Lead at a major networking hardware manufacturer but is still a software guy.  Matt is an avid BSides presenter in hardware topics like USB hacking and embedded electronics. He started doing electronics as a kid, later for a UGA and now does it because it is fun.  He is a firm believer that password brute forcing is for wimps and that it is easier to open the case, attach a few wires and ask hardware nicely in their own language to spill their secrets. Hardware likes him, except FPGAs, they say his timing is off.


What: October DC206 Meeting
When: October 16, 1pm-3pm
Where: Black Lodge Research (17725 NE 65th St, A-155; Evans Business Park, Building A); Redmond, WA 98052 USA


UEFI Forum plugfest videos online

The PDFs of the presentations were uploaded earlier, now the videos are online on YouTube.

The presentations are all very interesting. The Microsoft talk gives more background on clarifying the “Secure Boot” golden keys being leaked. Style points go to that speaker with his ‘golden key’ necklace. 🙂





UEFI plugfest in Seattle next week

(Next week’s plugfest will be the same week Intel is supposed to release their SMM updates.)


I’ll be attending this event, maybe I’ll see a few of you there. 🙂



UEFI Fall plugfest schedule announced

More details for this:

The details for the Fall UEFI Forum plugfest have been announced:

Out of Band BIOS Remote Management – AMI
This session will provide an overview of Out of Band BIOS remote management. The REST protocol, which allows for operations with server processes staging Out Of Band requests, can be layered on the platform interface with an integrated baseboard management controller (BMC) or with remote servers. UEFI provides extensive networking support for the pre-boot environment, including secure communication protocols like HTTPS. Checking for staged Out Of Band requests provides a highly manageable solution applicable to a variety of platform with or without a BMC.

Innovative Software Tools & Methods to Profile, Test and Optimize UEFI Firmware Improving Test Coverage and Debug Results – Kevin Davis, VP of Kernel Engineering, Insyde Software
How effective are your test tools for analyzing UEFI firmware applications? Learn how using key x86 processor capabilities and UEFI executable analysis, like Insyde’s tools can report exactly which lines of code were executed during boot.

Microsoft Security Built on UEFI Security 2.n (P1 and P2)
Attend this interactive session to learn about: The Hardware Security Test Interface (HSTI) v2, Customized Deployment of UEFI Secure Boot, including user mode, audit mode and deployment mode, Device Guard  and Credential Guard, VSM (Virtualization enabled by default), WSMT (Windows SMM Security Mitigations Table)

UEFI Network and Security Update – Vincent Zimmer, Sr. PE, Intel Corporation
How does the UEFI Forum evolve new capabilities for networking and security?  From business requirements to use-cases, threat models, and adjacent industry efforts, the Forum has evolved the footprint of capabilities in this area. This session will provide a brief history of features for networking and security, future areas of application and a depiction of how these technologies are evolving.

Update on TPM 2.0 Firmware Requirements – Dick Wilkins, Ph.D.  Phoenix Technologies Ltd.
As a follow-up to the last session at the UEFI Plugfest in Taipei, “The TPM 2.0 Specs Are Here, Now What?” the Trusted Computing Group (TCG) PC Client Working Group has incorporated several changes in their specifications, requiring updates to the functionality and the addition of new features. The updated TCG specifications will be ready for public review soon. Join this session to learn more about the upcoming enhancements and new requirements for these specifications.

More info:


Hardware security at Security B-Sides Seattle

This month is B-Sides Seattle, and there are 3 hardware workshops (Attacking USB, JTAG, and Arduino) one by Joe (SecurelyFitz) and two by Matt (CryptoMonkey):


I think I heard Matt say this was the last time he was offering this  Attacking USB training…

Note that Joe also has training at CanSecWest and Black Hat, in addition to B-Sides Seattle..


U-Boot and UEFI at Seattle Hardware Startups event

The January 2016 Seattle Hardware Startups event will be firmware focused, hosted by our local group, the Pacific NorthWest FirmWare Hackers (PNWFWH), topics will be on U-Boot and UEFI, Meetup announcement below. If you are in the Seattle area later this month, drop by!

Seattle Hardware Startup: Kirkland Edition

Thursday, Jan 28, 2016, 6:00 PM

Nytec Innovation Center
416 6th Street South Kirkland, WA

28 Members Attending

Welcome to 2016!This month we are welcoming Pacific NorthWest FirmWare Hackers. PNWFHW meets randomly at various places, speaking on development and security topics of modern system firmware (UEFI, U-Boot, core boot, etc.). I am pleased to have them lead an event for us.Speakers: 1. The first speaker is Emergency Mexican (his DEF CON goon nym)….

Check out this Meetup →

What: Seattle Hardware Startup: Kirkland Edition
When: Thursday, January 28, 2016, 6:00 PM to 8:00 PM
Where: Nytec Innovation Center, 416 6th Street South, Kirkland, WA

This month we are welcoming Pacific NorthWest FirmWare Hackers. PNWFHW meets randomly at various places, speaking on development and security topics of modern system firmware (UEFI, U-Boot, core boot, etc.). I am pleased to have them lead an event for us.


1. The first speaker is Emergency Mexican (his DEF CON goon nym). He works at a local hardware startup working on ARM32 systems. He’ll be speaking on using building custom payloads with the U-Boot boot loader.

2. The second speaker is Vincent Zimmer, a senior principal engineer at Intel, working on UEFI. Vincent chairs the UEFI Forum network and security subteams. Vincent will talk about the latest updates in the UEFI specifications for security and networking. He’ll also discuss open source community updates.

Please RSVP early so we call the pizza man and make proper arrangements.

PS: Did you know that January 15th is Hardware Freedom Day?