Video from this CCC talk from Jethro has just showed up on Youtube:
https://events.ccc.de/congress/2015/Fahrplan/events/7245.html
https://github.com/jethrogb/uefireverse
Click to access uefireverse.pdf
Tag: UEFI
Dual-Booting FreeBSD with ZFS along with Windows
PCWelt: UEFI tricks for PCs
Here’s an interesting article for end users, with a handful of tool pointers I haven’t seen before:
http://www.pcwelt.de/ratgeber/BIOS_2.0__10_UEFI-Tricks_fuer_Insider-PC_und_Mainboards-8723414.html
English translation:
Rootkits and Bootkits: new chapter available
An update on this book, the early-access ebook edition has a new chapter on UEFI BIOS vulnerablities — and NoStarch has a 30% off earlybird discount:
Using DHCP to detect if system runs BIOS or UEFI
Here’s an odd blog post, on how to use a network protocol to detect the local system firmware of a system:
http://www.itfaq.dk/2016/07/27/use-dhcp-to-detect-uefi-or-legacy-bios-system-and-pxe-boot-to-sccm/
Reversing DXE drivers
Bruno Pujos has a presentation entitled “Introduction to Reversing DXE drivers” from February of this year.
Click to access lt-2016-02-09-Bruno%20Pujos-RE%20DXE.pdf
If anyone knows where to find Audio or Video of this presentation, PLEASE leave a comment with an URL! Thanks.
EBC adds AArch64 support!
UEFI has a bytecode, the uEfi ByteCode (EBC). It has traditionally been a bytecode used to consolidate all 3 Intel platforms (x86, x64, Itanic), into a single bytecode, so there only needs to be a single driver on the flash, saving flash memory. Unfortunately, it only supported Intel platforms, not ARM, so it was not a universal bytecode for EFI, only a bytecode for Intel systems. Now, someone has ported AArch64 to ARM, so now EBC may now be more interesting!
Import the AArch64 EBC implementation from
https://source.codeaurora.org/external/server/edk2-blue/
Tested with MdeModulePkg/Application/HelloWorld built for EBC.
Would appreciate some reviewing and testing.
Jeff Brasen (1):
MdeModulePkg/EbcDxe: Add AARCH64 EBC VM support
Leif Lindholm (1):
ArmVirtPkg: enable EBC interpreter for AArch64 QEMU
More info:
http://lists.01.org/pipermail/edk2-devel/
FreeBSD UEFI status update
FreeBSD’s quarterly status update is out.
There’s two entries on UEFI, excerpted below:
EFI Refactoring and GELI Support: The EFI bootloader has undergone considerable refactoring to make more use of the EFI API. The filesystem code in boot1 has been eliminated, and a single codebase for filesystems now serves both boot1 and loader. This codebase is organized around the EFI driver model and it should be possible to export any filesystem implementation as a standalone EFI driver without too much effort. Both boot1 and loader have been refactored to utilize the EFI_SIMPLE_FILE_SYSTEM interface. In the loader, this is accomplished with a dummy filesystem driver that is just a translation layer between the loader filesystem interface and EFI_SIMPLE_FILE_SYSTEM. A reverse translation layer allows the existing filesystem drivers to function as EFI drivers. The EFI refactoring by itself exists in a branch on github. Additionally, GELI support has been added using the EFI refactoring. This allows booting from a GELI-encrypted filesystem. Note that the EFI system partition, which contains boot1, must be a plaintext msdosfs partition. This patch adds an intake buffer to the crypto framework, which allows injection of keys directly into a loaded kernel, without the need to pass them through arguments or environment variables. This patch only uses the intake buffer for EFI GELI support, as legacy BIOS GELI support still uses environment variables. EFI GELI support depends on the efize branch. These patches have been tested and used and should be able to handle use by early adopters. Note that the LOADER_PATH variable has been changed to /boot/loader.tst, to facilitate safe testing.
loader.efi has been updated to use an event timer to implement its internal time function. This is needed, as many UEFI implementations do not handle the GetTime runtime service method. This means that loader.efi will now correctly count down before automatically booting.
https://www.freebsd.org/news/status/report-2016-04-2016-06.html
Howto Triple Boot Linux/Windows/MacOSX on a UEFI system
I have just completed an installation of OS X, Windows 10 and Ubuntu 16.0.4 LTS on a single 1Tb HDD on an Asus P8Z77i-Deluxe. It is amazing how easy it is today to Multiboot these 3 OS’s on UEFI systems […]
http://www.tonymacx86.com/threads/guide-multibooting-uefi.197352/
FWTS 16.07.00 released
Ivan Hu of Canonical announced the release of FirmWare Test Suite 16.07.00:
New Features:
* acpi: method: add _FIT test
* acpi: pcct: add ACPI PCCT test
* opal/prd_info: Add OPAL Processor Recovery Diagnostics
* olog: olog.json: Add OPAL skiboot errors for olog scan
* Add klog checking for errors from drivers/acpi/tables.c
* klog: data.json: Add klog checking for kernel NUMA errors from drivers/acpi/numa.c
* klog: data.json: Add klog checking for kernel EC errors from drivers/acpi/ec.c
* klog: data.json: Add klog checking for errors from drivers/acpi/acpi_cmos_rtc.c
* klog: data.json: Add klog checking for errors from drivers/acpi/nfit.c
* klog: data.json: Add klog checking for errors from drivers/acpi/pci_root.c
* klog: data.json: Add klog checking for errors from drivers/acpi/pci_mcfg.c
* klog: data.json: Add klog checking for errors from drivers/acpi/cppc_acpi.c
* klog: data.json: Add klog checking for errors from drivers/acpi/battery.c
* klog: data.json: Add klog checking for errors from drivers/acpi/processor_idle.c
* klog: data.json: Add klog checking for errors from drivers/acpi/sleep.c
* klog: data.json: Add klog checking for errors from drivers/acpi/acpica/rsmisc.c
* klog: data.json: Add klog checking for errors from drivers/acpi/evged.c
* efi: enable module loading to load legacy or new efi driver
* acpi: madt: Add support for ACPI 6.0a
* acpi: madt: Add support for ACPI 6.1
* uefi: update reset type to uefi 2.6
* acpi: dbg2: Add missing debug port types
See the full release notes for list of bugfixes.
http://fwts.ubuntu.com/release/fwts-V16.07.00.tar.gz
https://launchpad.net/~firmware-testing-team/+archive/ubuntu/ppa-fwts-stable
https://wiki.ubuntu.com/FirmwareTestSuite/ReleaseNotes/16.07.00
https://launchpad.net/ubuntu/+source/fwts
UDKToolbox
https://github.com/smwikipedia/UDKToolbox
UDKToolbox is “An toolbox to help adopt Visual Studio for UEFI development.”
It looks like Visual UEFI may soon be getting some competition…
Zoidberg
There’s a handful of EFI-centric OS projects out there. Last time I looked there were 4. Now there’s one more, Zoidberg, a multitasking kernel for UEFI:
https://github.com/GarethNelson/Zoidberg
new EDK2-Bugs mailing list and Tianocore bugzilla server
On the EDK2-Devel list, Mike Kenney of Intel announced the creation of the Tianocore Bugzilla Server, and the new EDK2-bugs mailing list, which tracks changes to the bug database. The Tianocore project is going to migrate from the Github bug database to their own Bugzilla-based one. The announcement mentions a special case for UEFI security issues:
There is one special Product type on the Bugzilla server called “Tianocore Security Issues”. If you believe you have discovered a security issue, then you must enter the issue using the “Tianocore Security Issues” Product. The issue will be evaluated to determine if it really is a security issue or not. NOTE: Never any security issue details in email.
For full details, see Mike’s post:
http://article.gmane.org/gmane.comp.bios.edk2.devel/14844
More info:
https://tianocore.acgmultimedia.com
https://lists.01.org/mailman/listinfo/edk2-bugs
Hmm, No posts yet to the new list, at least nothing has been archived, yet there are 39 bugs in the database, I would have expected at least 39 posts in the archives…. The Tianocore Security Advisory list never seemed to work. The Intel Security Advisories list never seemed to work. Let’s hope the EDK2-bugs list works…
https://tianocore.acgmultimedia.com/buglist.cgi?bug_status=__open__&no_redirect=1&order=Importance&query_format=specific
https://lists.01.org/pipermail/edk2-bugs/
CP/M for UEFI
“CP/Mega88 – CP/M for UEFI: CP/Mega88 is an i8080 emulator running on ATmega88, and on which CP/M can run. Also, it can be built as a UEFI application that can run on x86_64 platforms without any operating system. You can try running CP/M on POSIX environment, or EFI firmware.”
AMI_SMI_Dump
New tool: ami_smi_dump.py:
Extract SW SMI handlers information from SMRAM dump of Skylake based AMI Aptio V firmware.
Hmm, WordPress renders Github gist pages to be unviewable. Remove the SPACE character after the TLD in the below URL to make it work. Or click on the links in the Twitter links.
https://gist.github.com /Cr4sh/db43cc6687e737d982d3d1c56472c6b9
Intel on UEFI’s coreboot payload package
Lee Leahy and Vincent Zimmer of Intel gave a presentation on the coreboot payload package of UEFI:
EDK-II & CorebootPayloadPkg: Lee Leahy, Vincent Zimmer
new EFI search features added to CHIPSEC
There’s a stream of new of checkins added to CHIPSEC, these last few weeks.
Enterprise: a UEFI boot loader for Linux
‘Enterprise’ is the name of a UEFI boot loader that is meant to boot 1 or more Linux ISOs off a USB thumbdrive. The last release was back in 2015, but there is recent Github code activity. SevenBits created ‘Enterprise’, in addition to ‘Mac Linux USB Loader’, which sets up a bootable USB with Enterprise.
Enterprise (named after the Starship Enterprise from Star Trek) is an EFI program that is designed to assist in booting Linux distributions from USB sticks on UEFI-based PCs and Macs, something that is continously regarded as being near to impossible due to quirks in vendors’ EFI implementations and really quite poor support from Linux distributions. Using Enterprise, you can create bootable USB drives that boot on a UEFI-based computer without needing rEFIt or rEFInd to be installed. Originally designed to compliment ‘Mac Linux USB Loader’, Enterprise can also be used on its own to boot Linux on a variety of UEFI-based PCs and Macs. The purpose of Enterprise is as the first stage in a two-stage booting process for ‘Mac Linux USB Loader’-created USB drives. Enterprise is a custom UEFI boot manager designed to load Linux distributions, even those without UEFI booting support, directly from ISO files on UEFI-based computers. Enterprise provides an easy-to-use and simplistic interface that automates many of the tasks necessary to boot distributions of Linux from an ISO file. Enterprise supports booting multiple distributions, so you can have more than one distribution per USB stick and multiple configurations for each distribution. Enterprise requires a configuration file telling it about which distributions it should load. This configuration file is created automatically when you use tools like Mac Linux USB Loader, though it is possible to write your own file and configure Enterprise as one would configure other boot managers such as GRUB, gummiboot, and syslinux, albeit much more simply. Enterprise is under the LGPL; it pulls in code from other software projects (namely, gummiboot). It is written in portable C, and can be compiled to run on both 32-bit and 64-bit EFI firmware types.
https://www.sevenbits.tk/
https://github.com/SevenBits/Enterprise
https://sevenbits.github.io/Mac-Linux-USB-Loader/
post-1.2.3-CHIPSEC updates
CHIPSEC has had a few updates since the recent 1.2.3 release, see commit history and recent Tweet:
UEFITool NE A31.0 released
Nikolaj apparently never stops coding. 🙂 Changelog:
New feature release this time: added “Hex view…” action (Ctrl/Cmd + D) and dialog to preview the selected tree item without extracting it to FS. #56
Now the dialog is modal, but if anyone needs to open more than one, it can be implemented later. The feature uses QHexEdit2 library made by Simsys, big thanks.
https://github.com/LongSoft/UEFITool/releases/tag/NE.A31.0
Also see Nikolaj’s comments re: my last post, clarifying Qt usage in UEFITool, which my post was not clear on:
Firmware Security 
You must be logged in to post a comment.