Uncategorized

Hagfish: UEFI Bootloader for Barrelfish

Barrelfish is a new research operating system being built from scratch and released by ETH Zurich in Switzerland, originally in collaboration with Microsoft Research and now partly supported by HP Enterprise Labs, Huawei, Cisco, Oracle, and VMware. […]

Hagfish is the Barrelfish/ARMv8 UEFI loader prototype: Hagfish (it’s a basal chordate i.e. something like the ancestor of all fishes). Hagfish is a second-stage bootloader for Barrelfish on UEFI platforms, most importantly the ARMv8 server platform. […]

http://www.barrelfish.org/

https://github.com/BarrelfishOS/hagfish

https://github.com/BarrelfishOS/uefi-sdk

Standard
Uncategorized

Secure Boot for VMWare

Secure Boot for ESXi 6.5 – Hypervisor Assurance
Mike Foley
I’ve talked about how vSphere has been moving towards a “secure by default” stance over the past few years. This can clearly be seen in the new vSphere 6.5 Security Configuration Guide where the number of  “hardening” steps are growing smaller with every release. In this blog post we will go over another “secure by default” feature of vSphere 6.5 that provides hypervisor assurance, Secure Boot for ESXi. One of the coolest things in 6.5,  in my opinion, is the adoption of Secure Boot for ESXi. Now, you might say “But my laptop has had Secure Boot  since Windows 8, what’s the big deal?” Well, the “big deal” is that we’ve gone beyond the default behavior of Secure Boot and we now leverage the capabilities of the UEFI firmware to ensure that ESXi not only boots with a signed bootloader validated by the host firmware but that it also ensures that unsigned code won’t run on the hypervisor. Best of all, it’s simple to implement! Let’s dive in![…]

https://blogs.vmware.com/vsphere/2017/05/secure-boot-esxi-6-5-hypervisor-assurance.html

 

Standard
Uncategorized

VMWare and UEFI Secure Boot

Stephen J. Bigelow has an article in TechTarget.com on VMWare and Secure Boot:

VMware vSphere 6.5 takes an extra security step, building on UEFI secure boot with added cryptographic validation to all ESXi components. VMware vSphere 6.5 added numerous features designed to improve the security of virtual machines both at rest and…[…]

You’ll have to give TechTarget.com your email address to read the article. 😦

http://searchvmware.techtarget.com/answer/How-does-ESXi-secure-boot-improve-vSphere-security

Standard
Uncategorized

Secure Boot in vSphere 6.5

Tom Fenton has an article in Virtualization Review on the latest version of VMWare’s vSphere 6.5, and this release includes UEFI changes:

[…]Another major security upgrade in this release is “Secure Boot,” to prevent unauthorized operating systems and software from loading during the startup process. Secure Boot is a feature enabled by UEFI, and can be used not only when booting the hypervisor, but also when booting up the guests. VMware has also updated its logging to include the ability to track who did what on a vSphere system. […]

https://virtualizationreview.com/articles/2016/10/18/vsphere-6_5-first-look.aspx

Standard
Uncategorized

UEFI firmware patch for VMware workstation

The earlier post on this was when the project was a new project with no code. They have code now, which consists of a few shell scripts and a patch to linux/driver.c. Presume this is unofficial. 🙂

“This is a program to patch VMware Workstation 12 kernel modules and to sign them using a X.509 key and enrolling the key in the system UEFI firmware.”

https://github.com/hashhar/vmware-module-patch

https://firmwaresecurity.com/2016/09/05/vmware-uefi-firmware-key-patch/

Standard
Uncategorized

VMware UEFI firmware key patch

This project just got created on Github.  No code yet, but only an hour old. If you are into VMware and UEFI, you might want to watch for this project to evolve.

VMware Workstation Kernel Modules Signing Patch
This is a program to patch VMware Workstation 12 kernel modules and to sign them using a X.509 key and enrolling the key in the system UEFI firmware.

https://github.com/hashhar/vmware-module-patch

Standard
Uncategorized

VMware

Business changes at EMC, impacting VMWare, multiple news sites with stories on it.

 

VMware Takes Restructuring Charge, Changes CFOs

http://www.wsj.com/articles/vmware-names-new-cfo-will-cut-800-jobs-1453847929

http://www.theregister.co.uk/2016/01/27/vmware_fusion_and_workstation_development_team_fired/

http://www.computerworld.com/article/3026842/virtualization/vmware-cuts-800-jobs-as-it-transitions-from-older-blockbuster-compute-products.html

 

Standard