UEFI keylogger prototype
Tag: UEFI
Uldk: UEFI lightweight dev kit
Does not appear to be ready for use yet.
UEFI lightweight development kit
a set of libs including a GUI framework to simplify developing uefi programs
vs2015 project
under developing....
https://github.com/unsccaptain/Uldk
efi_i2c_signal
i2ctool is used to measure I2C signal, the tool run on DOS/UEFI to trigger I2C R/W
https://github.com/kalicodextu/efi_i2c_signal
Red Hat Satellite GRUB UEFI PXE script
Satellite 6 TFTP boot file legacy grub conversion script
This script is used to convert the tftp boot files (found in /var/lib/tftpboot/pxelinux.cfg/) which are automatically generated by Satellite 6 into the old legacy grub format. Why is this useful? Recently I encountered some HP servers which have an additional 10GbE card in one of the PCI-E slots on the machine which is used for the PXE boot. Unfortunately this additional interface only supports UEFI boot and not classic bios boot. By default Satellite 6 uses the shim image for UEFI but this doesn’t work with the older Linux kernel used by RHEL6.X. If this script is executed on a capsule or satellite server which has TFTP enabled, it will automatically replace the boot files using the old format which gives a successful boot for RHEL6.
https://github.com/RedHat-Consulting-UK/sat6-efi-converter
EFIlib
There is a new UEFI library available, a few days old.
“Most structures and function prototypes defined, from UEFI spec 2.6”
https://github.com/JeppeSRC/EFILib
I’m guessing, but I expect EFilib is going to be used in a new UEFI C/asm bootloader called SuperPotato, by the same author. But for now, SuperPotato is still vaporware.
Secure Boot for VMWare
https://twitter.com/rcpyksl/status/860219589451366400
Secure Boot for ESXi 6.5 – Hypervisor Assurance
Mike Foley
I’ve talked about how vSphere has been moving towards a “secure by default” stance over the past few years. This can clearly be seen in the new vSphere 6.5 Security Configuration Guide where the number of “hardening” steps are growing smaller with every release. In this blog post we will go over another “secure by default” feature of vSphere 6.5 that provides hypervisor assurance, Secure Boot for ESXi. One of the coolest things in 6.5, in my opinion, is the adoption of Secure Boot for ESXi. Now, you might say “But my laptop has had Secure Boot since Windows 8, what’s the big deal?” Well, the “big deal” is that we’ve gone beyond the default behavior of Secure Boot and we now leverage the capabilities of the UEFI firmware to ensure that ESXi not only boots with a signed bootloader validated by the host firmware but that it also ensures that unsigned code won’t run on the hypervisor. Best of all, it’s simple to implement! Let’s dive in![…]
https://blogs.vmware.com/vsphere/2017/05/secure-boot-esxi-6-5-hypervisor-assurance.html
another UEFI Pong game
more on Intel AMT story
Time for IBVs and OEMs to start issuing Intel AMT reports, not just from Intel. Lenovo has one:
https://support.lenovo.com/us/en/product_security/len-14963
https://downloadcenter.intel.com/download/26754/INTEL-SA-00075-Mitigation-Guide
(I hope no FUD is coming from this blog. However, I can see why people would merge two background technologies they have no control over. For example:
Microsoft Windows 10 UEFI training video
Micosoft has a training video for network administrators that includes some UEFI security topics:
Intel ATR’s UEFI whitelist database
Thanks to a friend for pointing this out to me, something I had not noticed.
Intel ATR has a new github project which hosts the whitelist database that CHIPSEC uses:
https://github.com/advanced-threat-research/efi-whitelist
VMWare and UEFI Secure Boot
Stephen J. Bigelow has an article in TechTarget.com on VMWare and Secure Boot:
VMware vSphere 6.5 takes an extra security step, building on UEFI secure boot with added cryptographic validation to all ESXi components. VMware vSphere 6.5 added numerous features designed to improve the security of virtual machines both at rest and…[…]
You’ll have to give TechTarget.com your email address to read the article. 😦
http://searchvmware.techtarget.com/answer/How-does-ESXi-secure-boot-improve-vSphere-security
UEFI-targetting fork of TinyCC
My tinycc fork: hopefully, better OSX support, EFI targets, and ???. This tree adds:
* some bare minimum OSX support.
* support for generating X64, IA32 (untested) and ARM (untested) UEFI images.
fs0:\> foo.efi
Hello from a TinyCC compiled X64 UEFI binary!
fs0:\>
https://github.com/andreiw/tinycc
https://bellard.org/tcc/
Readers of this blog will recognize Andrei as one of the two porters of UEFI to OpenPOWER.
Debian Live images now include UEFI support
Steve McIntyre gave an update on Debian official images to the debian-(cd, devel-announce,live,cloud) mailing lists. There’s a UEFI update on Debian Live images:
Live images – now including UEFI support
After a hiatus, weekly builds of live images for testing are now happening again. These cover amd64 and i386, and there is a separate image for each of the common desktop environments. Thanks to great work by Neil Williams, Iain Learmonth and Ana Custura on new tools (vmdebootstrap and live-wraper), these also include support for UEFI booting as a new feature. Please help test the images and give feedback:
http://get.debian.org/cdimage/weekly-live-builds/
See Steve’s message to the above-listed lists for the full post.
https://lists.debian.org/msgid-search/20170428012707.GJ28360@einval.com
Debian 9 defers UEFI Secure Boot support
From the latest “Bits from the Release Team” message, it appears that Debian 9 will probably defer Secure Boot support to later.
Secure Boot
At a recent team meeting, we decided that support for Secure Boot in the forthcoming Debian 9 “stretch” would no longer be a blocker to release. The likely, although not certain outcome is that stretch will not have Secure Boot support. We appreciate that this will be a disappointment to many users and developers. However, we need to balance that with the limited time available for the volunteer teams working on this feature, and the risk of bugs being introduced through rushed development. It’s possible that Secure Boot support could be introduced at some point in stretch’s lifetime.
Full message:
https://lists.debian.org/debian-devel-announce/2017/04/msg00013.html
https://wiki.debian.org/SecureBoot
https://wiki.debian.org/UEFI
Windows 10 new preboot security features
There’s a few new preboot-related features in recent builds of Microsoft Windows, excerpt of some of them below.
New features in Windows 10, version 1511:
* Credential Guard: Enable Credential Guard without UEFI lock. You can enable Credential Guard by using the registry. This allows you to disable Credential Guard remotely. However, we recommend that Credential Guard is enabled with UEFI lock. You can configure this by using Group Policy.
* Bitlocker: DMA port protection. You can use the DataProtection/AllowDirectMemoryAccess MDM policy to block DMA ports when the device is starting up. Also, when a device is locked, all unused DMA ports are turned off, but any devices that are already plugged into a DMA port will continue to work. When the device is unlocked, all DMA ports are turned back on.
* Bitlocker: New Group Policy for configuring pre-boot recovery. You can now configure the pre-boot recovery message and recover URL that is shown on the pre-boot recovery screen. For more info, see the Configure pre-boot recovery message and URL section in “BitLocker Group Policy settings.”
* New BCD events: Event ID 4826 has been added to track the following changes to the Boot Configuration Database (BCD): DEP/NEX settings, Test signing, PCAT SB simulation, Debug, Boot debug, Integrity Services, Disable Winload debugging menu
* New PNP events: Event ID 6416 has been added to track when an external device is detected through Plug and Play. One important scenario is if an external device that contains malware is inserted into a high-value machine that doesn’t expect this type of action, such as a domain controller.
* TPM: Key Storage Providers (KSPs) and srvcrypt support elliptical curve cryptography (ECC).
* TPM: The following sections describe the new and changed functionality in the TPM for Windows 10: Device health attestation, Microsoft Passport support, Device Guard support, Credential Guard support […]
https://docs.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-1507-and-1511
https://technet.microsoft.com/en-us/windows/release-info
Maze game for UEFI
There’s one UEFI-based game I have not mentioned: Maze, by Tim Lewis. He’s got multiple blog posts on how the code works. He just relicensed it to BSD:
https://uefi.blogspot.com/2017/04/maze-game-source-code.html
https://uefi.blogspot.com/search/label/Maze
https://svn.code.sf.net/p/syslibforuefi/code/trunk/
Look at the game/games tags for other UEFI-based games.
20+ China-based companies join UEFI Forum
They could have at least included the list of the 20+ companies in the press release. ;-(
In anticipation of the first China-based UEFI event in ten years, over 20 new members in China joined the UEFI Forum—indicating significant interest in UEFI technology in the greater China region. Additionally, in attendance from the region were prominent member companies including H3C and Inspur, Lenovo, Loongson Technology Corporation Limited, and Sugon.
http://finance.yahoo.com/news/20-china-based-companies-join-020000847.html
CHIPSEC whitelist gets updated
Rescatux adds new UEFI rescue options
Adrian announced Rescatux 0.41b, with new UEFI rescue options:
(*) Change UEFI Boot order
(*) Create UEFI Boot Entry
(*) Fake Microsoft Windows UEFI.
(*) Hide Microsoft Windows UEFI
(*) Reinstall Microsoft Windows UEFI boot entries
Adrian has a thread on the debian-efi list, asking for feedback on these features. Excerpt of announcement below, see the full announcement on the debian-efi list.
Rescatux 0.41b1 released with UEFI rescue options
* Rescatux introduction
Rescatux is a GNU/Linux rescue cd (and eventually also Windows) but it is not like other rescue disks. Rescatux comes with Rescapp. Rescapp is a nice wizard that will guide you through your rescue tasks.[…]
* Rescatux 0.41b1 released
Last week I released Rescatux 0.41b1 with a bunch of new UEFI rescue options. I just wanted to share with you some technical details about those options so that I can get some feedback from you.[…]
http://wiki.rescatux.org/wiki/Main_Page
ALT Linux Rescue also has the option to boot either into their Linux or into their provided UEFI Shell. I wish more Linux distirbutions provided features like this.
Firmware Security 
You must be logged in to post a comment.