NVIDIA seeks Embedded Firmware Security Lead

We are looking for an engaged individual with an ability to assimilate complex software designs in order to identify security vulnerabilities and advocate for solutions. The applicant should demonstrate ability to use formal methods such as threat models and attack-trees to support appropriate architectural decisions.You should understand and be able to mentor others in security fundamental and principles of design. This includes testing techniques and a familiarity with static code analysis, dynamic analysis, fuzzing, negative testing and other techniques. Experience with secure code quality practices and tooling to support quick engagements and rapid analysis – static analysis tools (Coverity, Checkmarx, or similar), dynamic scanning (Rapid 7, AppSider, or similar), Fuzzing (AFL, Peach, or similar) and code coverage (Bullseye, LDRA, etc). 


coreboot now supports Ada




“Add minimal GNAT run time system (RTS)
Add a stripped-down version of libgnat. This is somehow comparable to libgcc but for Ada programs. It’s licensed under GPLv3 but with the runtime library exception. So it’s totally fine to link it with our GPLv2 code and keep it under GPLv2.”

WIP: SPARK: Add driver for Intel GMA initialization
This is derived from an experimental branch, which was started to support Haswell. It supports many processors in the Core architecture line starting with the Ironlake graphics (found first in Nehalem). But I had to strip off the FDI (connection between processor and chipset) configuration during refactoring, so not everything is working again yet. Also, after the refactoring, I started to work with SPARK 2014. While the code is SPARK 2014 compliant, it’s pretty much unannotated. Absence of runtime errors is automatically provable (with one exception), though. What currently should work: Virtually everything but VGA on Haswell and Broadwell. eDP on Ivy Bridge (maybe Sandy Bridge and Nehalem, too, but untested). Other connectors would need FDI configuration on these older processors. Integration is most WIP: Configuration is static and hardcoded currently (see HW.GFX.GMA.Config). There is one package with an interface to C (HW.GFX.GMA.Coreboot) that’s hardcoded to bring up an eDP on Ivy Bridge. There’s another interface in HW.GFX.GMA: Update_Outputs() which supports two different, runtime selectable outputs[…]