Vincent has a new blog post, an end-of-year wrap-up, with about a dozen topics:
Tag: Vincent Zimmer
Seattle-area open source firmware presentation this December
If you’re in the Seattle area and want to see Vincent Zimmer of Intel give a recap of his presentations at the Platform Security Summit and the Open Source Firmware Conference, attend the December DC206 Meeting, the monthly Seattle-area DEF CON user group:
What: December Seattle Locksport and DC206 Meeting
When: Dec 16th (3rd Sundays), 11:00am-~4:00pm
Where: Black Lodge Research
Who: (Vincent, Noah, Zach, Dune, Panic, and the DC206 community)
Open Source IA Firmware
by
Vincent Zimmer, Intel Corp.
Provide highlights on the open source firmware ecosystem, including
details from the Platform Security Summit[1] and Open Source Firmware
Conference[2].
[1] https://www.platformsecuritysummit.com/
[2] https://osfc.io/
Vincent Zimmer @vincentzimmer is a sr. principal engineer at Intel
Corporation. He leads the UEFI Security Subteam of the UEFI Forum.
Full announcement:
https://www.dc206.org/?p=278
Vincent: Ghosts of GUID’s past
Vincent has a new blog post, with some history of UEFI and recent security conference interactions, and includes a snippet of some old EFI code from Ken Reneris!
(I used to work with Ken. He is amazingly proficient coder. When he went on vacation to get married, we replaced his keyboard driver such that the ‘;’ key would replace the ‘:’ key randomly. (Back then drivers weren’t signed and a lot easier to replace.) His response was to rewire the person’s mouse so that it would work upside down/backwards.)
Vincent on recent UEFI presentations
Vincent has a new blog post, covering some of his recent tour of speaking engagements, with a bit on UEFI, and even some FSP humor.
http://vzimmer.blogspot.com/2018/09/east-and-further-east.html
Vincent to keynote Open Source Firmware Conference
Vincent has a new blog post out, with lots of photos of legacy (pre-UEFI) hardware, and various news items, such as:
[…]Following on the spirit of openness, I was honored to be invited to keynote the upcoming open source firmware summit https://osfc.io/. The landing page for my talk will be https://osfc.io/talks/keynote. This should follow the arc on reducing friction and providing transparency for host firmware development.[…]
http://vzimmer.blogspot.com/2018/06/system-firmware-past-present-future.html
Vincent on how to pronounce UEFI and ACPI :-)
Vincent has a new blog post, first new post in months. It covers UEFI and Open Compute Project, and amongst other things, how to pronounce “UEFI” and “ACPI.
http://vzimmer.blogspot.com/2018/03/open-platforms-and-21-or.html
UEFI security presentation at Seattle DC206 Meeting
If you missed the Intel presentation from BlackHat Briefings this summer, and if you are in the Seattle area this Sunday, Vincent Zimmer of Intel will be reprising this presentation at the DC206 Meeting at the Black Lodge Research hackerspace.
What: Oct DC206 Meeting: Firmware is the New Black
When: October 15th, 1-3pm
Who: Vincent Zimmer
Where: Black Lodge Research
Firmware is the New Black – Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities
In recent years, we witnessed the rise of firmware-related vulnerabilities, likely a direct result of increasing adoption of exploit mitigations in major/widespread operating systems – including for mobile phones. Pairing that with the recent (and not so recent) leaks of government offensive capabilities abusing supply chains and using physical possession to persist on compromised systems, it is clear that firmware is the new black in security. This research looks into BIOS/UEFI platform firmware, trying to help making sense of the threat. We present a threat model, discuss new mitigations that could have prevented the issues and offer a categorization of bug classes that hopefully will help focusing investments in protecting systems (and finding new vulnerabilities). Our data set comprises of 90+ security vulnerabilities handled by Intel Product Security Incident Response Team (PSIRT) in the past 3 years and the analysis was manually performed, using white-box and counting with feedback from various BIOS developers within the company (and security researchers externally that reported some of the issues – most of the issues were found by internal teams, but PSIRT is involved since they were found to also affect released products).
https://www.blackhat.com/us-17/briefings.html#firmware-is-the-new-black-analyzing-past-three-years-of-bios-uefi-security-vulnerabilities
http://vzimmer.blogspot.com/2017/08/black-hat-usa-2017-firmware-is-new-black.html
Click to access BlackHat2017-BlackBIOS-v0.13-Published.pdf
Vincent on UEFI Capsule updates
Vincent has a new blog post, talking about UEFI’s Capsule Updates, and how OS-present tools call them.
http://vzimmer.blogspot.com/2017/08/accessing-uefi-updatecapsule-from.html
Intel’s Black Hat UEFI presentation online
Vincent has a new blog post about the recent talk about UEFI security that Intel just gave at Black Hat Briefings.
http://vzimmer.blogspot.com/2017/08/black-hat-usa-2017-firmware-is-new-black.html
https://github.com/rrbranco/BlackHat2017
40% discount for Beyond BIOS 3rd ed
This hardcopy book is a bit more expensive than most tech books, so a discount is a good thing!
http://www.basicinputoutput.com/2017/06/super-deal-on-beyond-bios.html
Black Hat Briefings: Firmware is the New Black
Firmware is the New Black – Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities
Bruce Monroe, Rodrigo Branco, Vincent Zimmer
In recent years, we witnessed the rise of firmware-related vulnerabilities, likely a direct result of increasing adoption of exploit mitigations in major/widespread operating systems – including for mobile phones. Pairing that with the recent (and not so recent) leaks of government offensive capabilities abusing supply chains and using physical possession to persist on compromised systems, it is clear that firmware is the new black in security. This research looks into BIOS/UEFI platform firmware, trying to help making sense of the threat. We present a threat model, discuss new mitigations that could have prevented the issues and offer a categorization of bug classes that hopefully will help focusing investments in protecting systems (and finding new vulnerabilities). Our data set comprises of 90+ security vulnerabilities handled by Intel Product Security Incident Response Team (PSIRT) in the past 3 years and the analysis was manually performed, using white-box and counting with feedback from various BIOS developers within the company (and security researchers externally that reported some of the issues – most of the issues were found by internal teams, but PSIRT is involved since they were found to also affect released products).
NIST SP 800-193: Platform Firmware Resiliency Guidelines
I thought I got all the appropriate NIST announcements, but missed this, found it in Vincent’s recent blog post:
http://vzimmer.blogspot.com/2017/05/uefi-and-security-postings.html
Very exciting to see this NIST document!
Draft NIST Special Publication 800-193
Platform Firmware Resiliency Guidelines
Andrew Regenscheid
This document provides technical guidelines and recommendations supporting resiliency of platform firmware and data against potentially destructive attacks. The platform is a collection of fundamental hardware and firmware components needed to boot and operate a system. A successful attack on platform firmware could render a system inoperable, perhaps permanently or requiring reprogramming by the original manufacturer, resulting in significant disruptions to users. The technical guidelines in this document promote resiliency in the platform by describing security mechanisms for protecting the platform against unauthorized changes, detecting unauthorized changes that occur, and recovery from attacks rapidly and securely. Implementers, including Original Equipment Manufacturers (OEMs) and component/device suppliers, can use these guidelines to build stronger security mechanisms into platforms. System administrators, security professionals, and users can use this document to guide procurement strategies and priorities for future systems.
http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-193
Vincent celebrates 20 years at Intel
Congrats to Vincent for staying at Intel for 20 years, that is a LOT of work! As usual, his blog post gives lots of background on UEFI.
http://vzimmer.blogspot.com/2017/02/this-one-is-for-20-or-anniversarynext5.html
Vincent on UEFI and free chapter of new Beyond BIOS 3rd edition
Vincent has a multi-topic blog post, including insight on UEFI spec, and pointer to a free chapter of the 3rd edition of Beyond BIOS:
http://vzimmer.blogspot.com/2017/02/specifications-and-new-book.html
Tim and Vincent on firmware bugs
“‘If you can fix a hardware bug in firmware, it’s not a bug but a documentation issue.’ —An anonymous hardware manager.”
Two related blog posts on firmware defects:
http://uefi.blogspot.com/2017/01/firmware-bugs-and-firmware-updates.html
Vincent EOY wrap-up
Vincent has a new blog post, covering multiple recent events and adding his Intel background experience to the events, covering things like FSP, SMM, Heads, UEFI Secure Boot, claryfing some UEFI security advisory timing issues, and other topics.
http://vzimmer.blogspot.com/2017/01/saying-good-bye-to-2016.html
new editions of Beyond BIOS and Harnessing the UEFI Shell
Intel Press published the first and second editions of these two books a few years ago, but it appears Degruyter is publishing revised third editions!
Harnessing the UEFI Shell: Moving the Platform Beyond DOS, Third Edition
Rothman, Michael / Zimmer, Vincent / Lewis, Tim
https://www.degruyter.com/view/product/484477
Beyond BIOS: Developing with the Unified Extensible Firmware Interface, Third Edition
Zimmer, Vincent / Marisetty, Suresh / Rothman, Michael
https://www.degruyter.com/view/product/484468
UEFI Capsule Update and Recovery whitepaper
https://twitter.com/Intel_UEFI/status/808792661205217280
Click to access A_Tour_Beyond_BIOS_Capsule_Update_and_Recovery_in_EDK_II.pdf
Vincent is co-author of this paper, and mentions it — along with a bunch of other UEFI-related things — in his current blog post:
http://vzimmer.blogspot.com/2016/12/provisioning-porting-and-types.html
Vincent on coreboot/FSP/PI/TPM/UEFI/more
Vincent Zimmer has a new blog post with *many* topics: the new PI spec, FSP, coreboot, TPM, and a summary of the Seattle UEFI plugfest.
http://vzimmer.blogspot.com/2016/11/conferences-forums-and-writings.html
New Intel/UEFI whitepaper: Establishing the Root of Trust
https://twitter.com/Intel_UEFI/status/773597835467956224
Click to access UEFI%20RoT%20white%20paper_Final%208%208%2016%20%28003%29.pdf
Vincent Zimmer and Michael Krau of Intel have written a new whitepaper for the UEFI Forum: “Establishing the root of trust”.
The first step in securing a computing device – from a simple embedded device to a supercomputer and everything in between – is to ensure that it can start up under the following conditions:
– It is operating as expected
– All the firmware needed to run the system is intact
– It has not been tampered with in any way
As described in the first white paper in this series, Understanding the Chain of Trust and Its Vital Role in Keeping Computing Systems Secure, the UEFI specification includes a mechanism for ensuring the integrity and security of firmware (the all-important link between the hardware and the operating system) as a system starts up. This mechanism is called Secure Boot and uses public key cryptography to validate that each piece of firmware has been digitally signed and is therefore unmodified as the system starts up. In a chain of trust, each piece of firmware must be digitally signed before it can start up. Once one piece of code has been validated, it can then validate the next section and so on until the system is fully booted and control handed over to the operating system. But how does that chain get started? While difficult, it would be possible for an attacker to inject malicious attack code of some sort prior to start of the chain of trust to gain low-level and nearly undetectable control over the system. To prevent this, the chain of trust requires a strong foundation. In modern systems, this is known as the root of trust. A root of trust, one that can be counted on to anchor the chain of trust in the face of the most determined attackers, can be established in a number of ways. The most secure approaches use some form of an unchangeable section of hardware to validate the initial keyed signature, but there are a number of effective approaches. Ultimately it comes down to the level of security you’re comfortable with and an understanding of the approach used to establish the root of trust. This white paper looks at several common methods for establishing a root of trust as the basis for the UEFI Secure Boot process. […]
Firmware Security 
You must be logged in to post a comment.