FreeBSD 11.2R released, with speculative execution and UEFI updates

June 9, 2018 ~ hucktech ~ Leave a comment

The latest version of FreeBSD is out, and has a few speculative execution and UEFI changes, including:

https://www.freebsd.org/releases/11.2R/relnotes.html

[arm64] The bsdinstall(8) installer has been updated to default to UEFI-only boot. [r322254]
(Sponsored by The FreeBSD Foundation)

The efibootmgr(8) utility has been added, which is used to manipulate the EFI boot manager. [r332126]
(Sponsored by Netflix)
https://www.freebsd.org/cgi/man.cgi?query=efibootmgr&sektion=8&manpath=freebsd-release-ports

The cpucontrol(8) utility has been updated to include a new flag, -e, which is used to re-evaluate reported CPU features after applying firmware updates. [r327871]
Note: The cpucontrol(8) -e flag should only be used after microcode update have been applied to all CPUs in the system, otherwise system instability may be experienced if processor features are not identical across the system.
https://www.freebsd.org/cgi/man.cgi?query=cpucontrol&sektion=8&manpath=freebsd-release-ports

FreeBSD-SA-18:03.speculative_execution 14 March 2018. Speculative Execution Vulnerabilities
Note: This advisory addresses the most significant issues for FreeBSD 11.x on amd64 CPUs. We expect to update this advisory to include i386 and other CPUs.
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:03.speculative_execution.asc

iPXE-Boot-Server: Setup iPXE to support both BIOS and UEFI

June 9, 2018 ~ hucktech ~ 1 Comment

Step by step guide for how to build your own PXE boot server supporting both legacy BIOS and EFI hardare

Build your own PXE boot server

This article is a step by step guide for building your own PXE boot infrastructure which can be used to boot both legacy BIOS and EFI based hardware from network. There are many articles on the Internet for building PXE boot infrastructure however I found most of them does not work for EFI based hardware. I use iPXE as the boot image and dnsmasq as DHCP & TFTP server and I found it’s dead simple to setup those two software.

https://github.com/boliu83/ipxe-boot-server

VMWare: Enable or Disable UEFI Secure Boot for a Virtual Machine

June 8, 2018 ~ hucktech ~ Leave a comment

I believe this is a new (or revised) document [to me].

[…]VMware Tools version 10.1 or later is required for virtual machines that use UEFI secure boot. You can upgrade those virtual machines to a later version of VMware Tools when it becomes available.

For Linux virtual machines, VMware Host-Guest Filesystem is not supported in secure boot mode. Remove VMware Host-Guest Filesystem from VMware Tools before you enable secure boot.[…]

https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-898217D4-689D-4EB5-866C-888353FE241C.html

ZFS-on-Root-Installer: Install ZFS on Root with Ubuntu

June 6, 2018 ~ hucktech ~ Leave a comment

A Bare Metal Installer for ZFS on Root

This repository is intended to produce a bootable UEFI image that allows installing a full bare system with ZFS disks. Be aware that it is not intended for building dual-boot systems. While you are given the ability to choose which disks are used, the EFI boot system will wipe other OS entries. It uses an Ubuntu kernel and a minimal ramdisk builder to host the scripts used to perform the actual install.[…]

https://github.com/symmetryinvestments/zfs-on-root-installer

UEFI_Python: python tool to prase uefi as fv/ffs/variable/Hii

June 6, 2018 ~ hucktech ~ Leave a comment

python tool to prase uefi as fv/ffs/variable/Hii

https://github.com/Tank2018/Uefi_python

windows2usb: Windows ISO to Flash drive burning utility for Linux

June 6, 2018 ~ hucktech ~ Leave a comment

Windows 7/8/8.1/10 ISO to Flash Drive burning utility for Linux (MBR/GPT, BIOS/UEFI, FAT32/NTFS.

Does not break UEFI Secure Boot chain.

https://github.com/ValdikSS/windows2usb

Duo Labs: organizations can be “software secure but firmware vulnerable”

June 5, 2018 ~ hucktech ~ Leave a comment

Duo Labs, who has EFIgy, an EFI firmware update status tool for Mac, is interviewed by InfoSecurity Magazine on the topic of EFI security:

[…]Although efforts to compromise EFI are most often carried out as part of highly targeted attacks, they remain a major threat to organizations, he warned. […] Smith revealed newly updated research from Duo Security which details shortcomings in Apple’s EFI update processes. Drawing on data collected from 73,000 customer machines, the findings show that 4.2% were running the wrong EFI version – much higher than the 1% or so expected. That rose to nearly 43% for the oldest Mac model on the market, dating back to 2015. The results also showed that organizations could be “software secure but firmware vulnerable.” […] He called on tech firms to introduce “the same degree” of transparency into the firmware update process as they do with software updates. Duo Security chose to study Apple because the firm’s singular ecosystem made it easier to analyze, but Smith warned that failings in the Wintel space are arguably even more acute.[…]

https://www.infosecurity-magazine.com/news/infosec18-experts-in-efi-update/

BlackHat cancels Intel/Eclypsium CHIPEC training

June 3, 2018 ~ hucktech ~ Leave a comment

I notice that the Intel/Eclypsium training at Black Hat USA 2018 is no longer listed. Sounds like not enough people signed up?!

AFAIK, the next opportunity to get Eclypsium CHIPSEC training is at REcon (and REcon appears to have cheaper training rates than Blackhat):

https://recon.cx/2018/montreal/training/trainingfirmware.html

There’s also the training materials from older training from Intel ATR/CHIPSEC team, available here:

Intel ATR releases UEFI firmware training materials!

MountEFI: An even more robust edition of my previous MountEFI scripts

June 1, 2018 ~ hucktech ~ Leave a comment

Re: https://firmwaresecurity.com/2018/02/04/mountefi-mac-tool-to-select-drive-containing-an-efi-to-mount/

An even more robust edition of my previous MountEFI scripts.

https://github.com/corpnewt/MountEFI

EFI-TPM2-Utils: TPM 2.0 tools running in EFI environment

June 1, 2018June 1, 2018 ~ hucktech ~ Leave a comment

“This project provides various TPM 2.0 applications running in EFI.”

https://github.com/jiazhang0/efi-tpm2-utils

https://github.com/jiazhang0/efi-tpm2-utils/tree/master/src/efi

Nera: UEFI boot manager with kernel images signature validation

June 1, 2018 ~ hucktech ~ Leave a comment

All of the documentation: “UEFI boot manager with kernel images signature validation.”

https://github.com/Flynston/Nera

BlkCat: UEFI Block Device Concatenator Driver

May 31, 2018 ~ hucktech ~ Leave a comment

https://github.com/rcpao/BlkCat

BlkCat — UEFI Block Device Concatenator Driver

Hmm, what does this driver do? Not sure yet, no time to review the code today. 😦

CheckBIOSDisk: Check uefi/legacy bios and gpt/mbr disk type for WinPE

May 28, 2018 ~ hucktech ~ Leave a comment

This is a Win32 console application for Windows Preinstall Environment system. The gaol is checking PC uses UEFI BIOS (or with CSM) must ensures the disk type is GPT format, otherwise the legacy BIOS must using MBR format for disk layout. C++ code only does windows executing diskpart and reg commands and checks results to improve function, because requester is lazy and having lack knowledge on his job to design commands flow.

https://github.com/sharowyeh/checkbiosdisk

PS: Another tool by author:

https://github.com/sharowyeh/NvGpuUtility

Automating BIOS to UEFI with 1E tools

May 26, 2018 ~ hucktech ~ Leave a comment

Sliding into the holiday weekend with some cool content, live on the blog! https://t.co/EqfYEcp1TP #BIOStoUEFI #Windows10 pic.twitter.com/QmwhwY94WR

— 1E (@1E_global) May 25, 2018

https://www.1e.com/blogs/2018/05/25/automating-bios-to-uefi-with-1e-tools/

ROMsplit: split UEFI/BIOS files into two or more binary chunks

May 24, 2018 ~ hucktech ~ Leave a comment

A quick and dirty tool written in C to split UEFI/BIOS files into two or more binary chunks, which can then be flashed onto a chip using flashrom or something similar. This was born out of the necessity of needing a UEFI and an EC (embedded controller) image to be reflashed manually on a laptop where the UEFI was 2MB and the EC was 128K, but seperate images were not available.

printf(“romsplit – split binary files into two or more seperate chunks\n”);
printf(“Usage: %s <filename> <size of chunk 1> <size of chunk 2> … <size of chunk n>\n\n”, argv[0]);
printf(“You must specify a filename and at least two chunk sizes\n”);

https://github.com/mode13h/romsplit

ARM UEFI Drivers pages updated

May 23, 2018 ~ hucktech ~ Leave a comment

I think this web page by ARM Ltd is new, or at least updated:

https://developer.arm.com/technologies/uefi-drivers

MicroRenovator: Pre-OS microcode updater

May 22, 2018 ~ hucktech ~ 1 Comment

Earlier this year I got tired of waiting for OS and UEFI updates with new microcode, so I loaded it myself. With many older systems still unpatched, and more microcode updates on the way, it seemed like a good time to share.https://t.co/iMtlIUPNKG

— Matt King (@syncsrc) May 22, 2018

If you want to see how it works I'll be demo'ing at #BHUSA Arsenal.https://t.co/haEtax1xR8

— Matt King (@syncsrc) May 22, 2018

https://github.com/syncsrc/MicroRenovator

https://www.blackhat.com/us-18/arsenal/schedule/#micro-renovator-bringing-processor-firmware-up-to-code-12081

CPUid.efi: identify CPU

May 21, 2018 ~ hucktech ~ Leave a comment

[Hmm, are there missing posts on FPMurphy’s blog? I seem to recall more recent posts, but don’t see them now, and only see this February-era post (which I think may be news to me): ]

A UEFI Shell tool for the CPUID instruction:

https://github.com/fpmurphy/UEFI-Utilities-2018/blob/master/MyApps/Cpuid/Cpuid.c

https://blog.fpmurphy.com/2018/02/simple-cpuid-utility-for-uefi-shell.html

VolInfo: tool to dump the contents of a UEFI firmware volume (FV)

May 19, 2018 ~ hucktech ~ Leave a comment

Tianocore includes UEFI developer tools for creating ‘blobs’. But it also includes one tool useful for security researchers to examine existing Firmware Volumes. It is an OS-present tool that works on Mac/Windows/Linux, not a UEFI Shell tool.

https://github.com/tianocore/edk2/blob/master/BaseTools/Source/C/VolInfo/VolInfo.c
https://github.com/tianocore/edk2/tree/master/BaseTools/Source/C/VolInfo
https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Tools-List
https://github.com/tianocore/edk2/tree/master/BaseTools/UserManuals
https://raw.githubusercontent.com/tianocore/edk2/master/BaseTools/UserManuals/VolInfo_Utility_Man_Page.rtf
https://edk2-docs.gitbooks.io/edk-ii-build-specification/content/v/release/1.27/2_design_discussion/22_uefipi_firmware_images.html
http://wiki.phoenix.com/wiki/index.php/EFI_FIRMWARE_VOLUME_HEADER

Usage: VolInfo [options] <input_file>
Display Tiano Firmware Volume FFS image information
   -h, –help — Show this help message and exit
   –version — Show program’s version number and exit
   -d [DEBUG], –debug [DEBUG] — Output DEBUG statements, where DEBUG_LEVEL is 0 (min) – 9 (max)
   -v, –verbose — Print informational statements
   -q, –quiet — Returns the exit code, error messages will be displayed
   -s, –silent — Returns only the exit code; informational and errorvmessages are not displayed
   -x XREF_FILENAME, –xref XREF_FILENAME — Parse the basename to file-guid cross reference file(s)
-f OFFSET, –offset OFFSET — The offset from the start of the input file to start processing an FV
–hash — Generate HASH value of the entire PE image

Greetings.EFI: a GUI EFI shell(?)

May 16, 2018 ~ hucktech ~ Leave a comment

No documentation. In a 60second glance at the source code, I’m not sure what this project is. 😦 It appears to be a GUI UEFI Shell, with commands “exit”, “prot”, “efi-env”, and “efi-gop”.

https://github.com/michael-o0/Greetings.EFI