Uncategorized

Apple: new/updated T2 chip and Secure Boot support articles

Re: https://firmwaresecurity.com/2018/07/12/apple-releases-new-systems-with-t2-chip-and-uefi-secureboot/ and

https://firmwaresecurity.com/2017/12/20/apple-kb-article-on-secure-boot/

the latter Apple support article on Secure Boot has been updated recently:

About Secure Boot

https://support.apple.com/en-us/HT208330

Mac computers that have the Apple T2 chip

https://support.apple.com/en-us/HT208862

Standard
Uncategorized

Yubikey Linux FDE UEFI Secure Boot tutorial

YubiKey Full Disk Encryption

Tutorial to create full disk encryption with YubiKey, encrypted boot partition and secure boot with UEFI, using Arch Linux.

This repository contains a step-by-step tutorial to create a full disk encryption setup with two factor authentication (2FA) via YubiKey. It contains:

+ YubiKey encrypted root (/) and home (/home) folder on separated partitions
+ Encrypted /boot partition
+ UEFI Secure boot (self signed boot loader)

https://github.com/sandrokeil/yubikey-full-disk-encryption-secure-boot-uefi

https://sandrokeil.github.io/yubikey-full-disk-encryption-secure-boot-uefi/

 

Standard
Uncategorized

Apple macOS 10.13.6: UEFI SecureBoot support for iMac Pro

Re: https://firmwaresecurity.com/2017/12/13/apple-secure-boot/ and https://firmwaresecurity.com/2017/12/20/apple-kb-article-on-secure-boot/

there is more info on Apple Secure Boot:

https://support.apple.com/en-us/HT208864
https://support.apple.com/en-us/HT208937

Standard
Uncategorized

Geoff Chappell: Secure Boot internals

DRAFT: Take more than your usual care.
SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION

The SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION structure is what a successful call to ZwQuerySystemInformation or NtQuerySystemInformation produces in its output buffer when given the information class SystemSecureBootPolicyFullInformation (0xAB).
Documentation Status

The SYSTEM_SECUREBOOT_POLICY_FULL_INFORMATION structure is not documented.

http://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ex/sysinfo/secureboot_policy_full.htm

 

Standard
Uncategorized

Oracle Solaris 11.4: UEFI Secure Boot on Intel HW

UEFI Secure Boot on Oracle Solaris x86 enables you to install and boot Oracle Solaris on platforms where UEFI Secure Boot is enabled. This feature provides more security by maintaining a chain of trust during boot: digital signatures of the firmware and software are verified before executing the next stage. No break occurs in the chain because of unsigned, corrupt, or rogue firmware or software during the boot process. This feature helps assure that the firmware and software used to boot Oracle Solaris on a hardware platform is correct, and has not been modified or corrupted.

https://docs.oracle.com/cd/E72435_01/html/E72445/grijo.html
https://docs.oracle.com/cd/E37838_01/html/E60974/index.html
https://blogs.oracle.com/solaris/oracle-solaris-114-beta-released
https://github.com/oracle/solaris-userland/tree/master/components/shim
https://www.phoronix.com/scan.php?page=news_item&px=Oracle-Linux-7-Update-4

 

 

Standard