Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Features:
* UEFI 2.x support for PCs, and it also works on Macs with 64-bit EFI (e.g. MacBook Pro Late 2013)
* Loads and executes kernels compiled as native 64-bit UEFI applications (like the Linux kernel)
* Passes user-written commands (from a plain UTF16 text file) to loaded EFI applications
* Allows arbitrary placement of itself in addition to kernel images on the EFI system partition
* Fits on a floppy diskette, and some systems can actually boot it from a floppy
* Minimal UEFI development environment tuned for Windows, Mac, and Linux included in repository (1)
https://github.com/KNNSpeed/UEFI-Stub-Loader
As the tweet mentions, there is a disparity for OS-level access to UEFI runtime services.
nuefil is yet another Rust UEFI libraray.
It is based on the UEFI libaray of Redox.
A freshly-created Github project:
https://github.com/BenjaminYou/UEFIPayload
UEFI Payload (UefiPayloadPkg) aims to be an upgrade to CorebootModulePkg and CorebootPayloadPkg. Features:
– Supporting Slim Bootloader in addition to Coreboot
– Source level configuration using .ini format
– User Extension using simple “C” codes
– Platform support library for adding platform specific codes
Re: https://firmwaresecurity.com/2018/01/29/boot2snow-uefi-bootloader-for-snowflake-rust-based-os/
The Snowflake OS has a new UEFI library:
https://github.com/SnowFlakeOS/libuefi-rs
Re: https://firmwaresecurity.com/2018/06/27/uefi-forum-firmware-security-101-webinar/
I just noticed that the video of this webinar is now online. Nice, you don’t have to register for it, thanks.
https://www.uefi.org/node/3877
This script provides commands to sign a designated list of kernel modules and loads them via modprobe into the linux kernel. This was built to specfically address the issue of having to re-sign and reload kernel modules after upgrading the linux kernel, so they are not rejected by UEFI Secure Boot. (e.g. virtualbox kernel modules). As an example, this script is defaulted to load virtualbox kernel modules and will look for the private key and x509 cert in a specific directory. Please change these values inside the script as needed.[…]
https://github.com/plyint/sb-kmod-signload.sh
Teddy Reed has updated his UEFI Firmware Parser project. The first update this year!
This UEFI application calls an entry point provided by a proxy loader protocol installed on the image handle.
The c-efi project provides the protocol constants and definitions of the UEFI Reference Specification as native C11 code. The scope of this project is limited to those protocol definitions. The protocols are not actually implemented. As such, this project serves as base for any UEFI application that needs to interact with UEFI, or implement (parts of) the UEFI specification. Additionally to providing a C library, this project also serves as documentation base for UEFI programming in C. It provides target-triples for UEFI, bootstrap helpers, and a bunch of documentation how to get started.
https://github.com/c-util/c-efi
https://github.com/tnishinaga/aarch64-uefi-llvm_helloworld
UEFI HelloWorld application with clang + lld + gnu-efi(header only)
This is a nonstandard build environment for UEFI, using GNU-EFI with clang (not efi-clang) on ARM not Intel. Last time I looked, GNU-EFI was Intel-centric and GCC-centric, so this is impressive.
https://github.com/tianocore/tianocore.github.io/wiki/2018-EDK-II-Capsule-Hack-a-thon
“This is the first time Intel has staged a public TianoCore hack-a-thon event.”
This new hello-world UEFI application project is interesting in that it uses Meson to build UEFI binaries.
https://github.com/flihp/tpm2-uefi
This is an implementation of a TCTI module for use with the TCG TPM2 Software Stack (TSS2) in the UEFI environment. This library is built as a static archive libtss2-tcti-uefi.a suitable for linking with UEFI applications.
android-efi is a simple x86 EFI bootloader for Android™ boot images. It accepts the partition GUID and/or path of an Android boot image on the command line, loads the kernel, ramdisk and command line and finally hands over control to the kernel.
System Firmware and Device Firmware Updates using Unified Extensible Firmware Interface (UEFI) Capsules
Firmware is responsible for low-level platform initialization, establishing root-of-trust, and loading the operating system (OS). Signed UEFI Capsules define an OS-agnostic process for verified firmware updates, utilizing the root-of-trust established by firmware. The open source FmpDevicePkg in TianoCore provides a simple method to update system firmware images and device firmware images using UEFI Capsules and the Firmware Management Protocol (FMP). This session describes the EFI Development Kit II (EDK II) capsule implementation, implementing FMP using FmpDevicePkg, creating Signed UEFI Capsules using open source tools, and an update workflow based on the Linux Vendor Firmware Service (fwupd.org).
https://yvr18.pathable.com/meetings/740447
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Discover the Desktop
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
News from coreboot world
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Just another WordPress.com site
Hastily-written news/info on the firmware security/development communities, sorry for the typos.
Firmware Security 
You must be logged in to post a comment.