Tag: UEFI

uefi-tool-debug: freeware (no source): a little tool used to check your uefi system

~ hucktech ~ Leave a comment

NOTE: this is a binary-only project, no source code. As always, be very careful running 3rd party ISV freeware. This binary may include malware. 🙂

https://github.com/qyqgit/uefi-tool-debug

a little tool used to check your uefi system. 一个简单的小工具用来访问uefi系统的各种资源。刚接触这方面的东西,希望有疏漏错误的地方多多交流指正,谢谢。

 

 

Don’t buy System76 hardware and expect to get firmware updates from the LVFS

~ hucktech ~ 2 Comments

Re: https://firmwaresecurity.com/2018/01/29/linux-oems-support-fwupd-org/

This is a good example of how vendors have vendor-centric tools. Windows Update supports updating firmware, but most Windows OEMs don’t use it. LVFS supports updating firmware on Linux, but most Linux OEMs don’t use it. Sad for users. It seems a bit worse now that UEFI supposedly has a common interface to update firmware, there’s still a problem with UEFI firmware updates. 😦

tl;dr: Don’t buy System76 hardware and expect to get firmware updates from the LVFS

System76 and the LVFS

 

 

Lenovo LEN-20241: System x Secure Boot Vulnerability

~ hucktech ~ Leave a comment

System x Secure Boot Vulnerability
Lenovo Security Advisory: LEN-20241
Potential Impact: Booting unauthenticated code
Severity: High
Scope of Impact: Lenovo-only
CVE Identifier: CVE-2017-3775

Lenovo internal testing discovered some System x server BIOS/UEFI versions that, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code. Lenovo ships these systems with Secure Boot disabled by default, because signed code is relatively new in the data center environment, and standard operator configurations disable signature checking. Apply the BIOS/UEFI update appropriate for your model described in the product impact section below. If you are relying on Secure Boot, you may want to control physical access to systems prior to applying the updates.[…]

https://support.lenovo.com/us/en/solutions/len-20241

Lenovo Patches Arbitrary Code Execution Flaw

Fruct20: UEFI BIOS and Intel ME attack vectors and vulnerabilities

~ hucktech ~ Leave a comment

UEFI BIOS and Intel Management Engine Attack Vectors and Vulnerabilities
Alexander Ogolyuk, Andrey Sheglov, Konstantin Sheglov
Saint Petersburg National Research University of Information Technologies, Mechanics and Optics
St. Petersburg, Russia

We describe principles and implementation details of UEFI BIOS attacks and vulnerabilities, suggesting the possible security enhancement approaches. We describe the hidden Intel Management Engine implementation details and possible consequences of its security possible discredit. Described breaches in UEFI and Intel Management Engine could possibly lead to the invention of “invulnerable” malicious applications. We highlight the base principles and actual state of Management Engine (which is a part of UEFI BIOS firmware) and its attack vectors using reverse engineering techniques.

From conclusion:
* Disable all SMM code (if possible by patching or other methods)
* Disable any external firmware components (PCI boot)
* Disable S3 Bootscript (after sleep mode)
* SMI transaction Monitor extensive usage (to find malicious SMI calls)
* Enable Secure Boot mode
* Enable BIOS password
* Extensive reverse engineering of vendor’s firmware samples to find and report vulnerabilities
* Code reviews (of open sourced UEFI based systems like Tiano-Core)

Click to access Ogo.pdf

Click to access Ogo.pdf

https://www.fruct.org/program20

Click to access FRUCT20_Program.pdf

AMI Adds TPM Support on Arm-based Systems Running Aptio® V UEFI Firmware

~ hucktech ~ Leave a comment

AMI has announced support for TPM on Arm®-based systems running AMI’s flagship Aptio® V UEFI Firmware. […] Previously, AMI only provided TPM support for x86 platforms. With the growing need to extend TPM support for additional platforms, AMI has added TPM support for Arm-based systems currently running AMI’s Aptio® V UEFI firmware. The added TPM support for Arm-based systems includes features specifically for the Arm architecture such as TPM driver support within Arm® TrustZone® technology and Linux OS support. The Arm TrustZone TPM Firmware can be accessed by the BIOS and OS via the Command Response Buffer interface using Secure Monitor calls. Other generic features supported by TPM include cryptographic algorithms and measurement of SecureBoot variables.[…]

https://ami.com/en/news/press-releases/american-megatrends-adds-tpm-support-on-armbased-systems-running-aptio-v-uefi-firmware/

 

Duo on Apple firmware security (and new EFIgy release)

~ hucktech ~ 1 Comment

Nice article on latest Apple changes to firmware security, T2 processor, Secure Boot, etc, are discussed here. Maybe one day Apple will create a similar whitepaper.

https://duo.com/blog/apple-imac-pro-and-secure-storage

http://efigy.io/

EFI-RPM-macros: helps packaging of EFI code into Red Hat RPMs

~ hucktech ~ Leave a comment

efi-rpm-macros provides a set of RPM macros for use in EFI-related packages.

The following variables are meaningful on the make command line:

EFI_ESP_ROOT the directory where the EFI System Partition is mounted
EFI_ARCHES the rpm arches %efi will match on
EFI_VENDOR the vendor name for your EFI System Partition directory

The following rpm macros are set:

%efi the arches that EFI packages should be built on, suitable for use with %ifarch
%efi_vendor the vendor name for your EFI System Partition directory
%efi_esp_root the directory where the EFI system Partition is mounted
%efi_esp_efi the full path to \EFI on the EFI System Partition
%efi_esp_boot the full path to \EFI\BOOT on the EFI System Partition
%efi_esp_dir the full path to your vendor directory on the EFI System Partition
%efi_arch the EFI architecture name, e.g. x64
%efi_arch_upper the EFI architecture name in upper case, e.g. X64

https://github.com/rhboot/efi-rpm-macros

 

Patrick Georgi on UEFI memory mapping

~ hucktech ~ Leave a comment

Patrick of Coreboot has a blog post on UEFI!

UEFI memory mapping

Recently I got into UEFI (TianoCore) development. One of UEFI’s properties is that a part of it survives the OS load and remains resident to provide a limited set of firmware services to the OS.[…]

UEFI memory mapping

See-also:

https://blogs.coreboot.org/blog/author/patrickgeorgi/

 

GetSecureBootPolicy.ps1: Partially-completed Secure Boot policy parser

~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/03/31/geoff-chappell-secure-boot-internals/

https://twitter.com/mattifestation/status/987393518803927042

https://twitter.com/mattifestation/status/987394786029068288

https://github.com/mattifestation/BCD

Click on above URL or remove spaces in below URL (WordPress mangles Github Gist URLs…)

https://gist. github.com/mattifestation /f1e160bc970c8a7b82355d7e5946901b