Open Source Firmware, BMC and Bootloader

Look at ME!

Intel ME firmware investigation
K.4.601
Daniel Maslowski (CyReVolt)
With Intel's Firmware Support Package (FSP) and the recent release of a redistributable firmware binary for the Management Engine, it has become possible to share full firmware images for modern x86 platforms and potentially audit the binaries. Yet, reverse engineering, decompilation and disassembly are still not permitted. However, thanks to previous research, we can have a closer look at the binary data and come to a few conclusions. This talk briefly summarizes the fundamentals of developing custom and open source firmware, followed by a quick guide through the process of analyzing the binaries without actually violating the terms to understand a few bits, and finally poses a statement on the political issues that researchers, repair technicians and software developers are facing nowadays, taking into account how consumers are affected and how they perceive the situtation eventually.

Additional information

Type devroom

More sessions

2/1/20
Open Source Firmware, BMC and Bootloader
Leif Lindholm
K.4.601
Historically, the UEFI forum has been a bit rubbish at interacting with open source development, but this is improving. This talk gives a background on why (both the rubbish and the improvement) and what is being done. Also, a brief update on news for the TianoCore/EDK2 project.
2/1/20
Open Source Firmware, BMC and Bootloader
Heinrich Schuchardt
K.4.601
The Unified Extensible Firmware Interface (UEFI) is the default for booting most Linux and BSD distributions. But the complexity of the UEFI standard does not offer an easy entry point for new developers. The U-Boot firmware provides a lightweight UEFI implementation. Using booting from iSCSI with U-Boot and iPXE as an example let's delve into the UEFI API. The UEFI sub-system in U-Boot has developed from barely starting GRUB to supporting complex UEFI applications like iPXE and the EFI shell ...
2/1/20
Open Source Firmware, BMC and Bootloader
Thierry Laurion
K.4.601
Insurgo had engaged itself in the adventure of facilitating security accessibility and received NlNet funding to do exactly that. Now it wants to get developers involved and expand funding. The goal of this is to bridge the gap between reasonably secure OS (QubesOS) and slightly more secure hardware (Heads) to help privacy-focused users and those that are vulnerable. But we need to prepare for the future now! Insurgo has challenged the status quo that has been prevalent since 2015 and has made ...
2/1/20
Open Source Firmware, BMC and Bootloader
K.4.601
For the last several years, hypervisors have played a key role in platform security by reducing the possible attack surface. At the same time, the hype surrounding computing and Internet of Things Gateways has led to an increase in network appliance devices. Our target was to create a less-insecure virtual network appliance using TrenchBoot, Trusted Platform Module 2.0 and AMD SKINIT Dynamic Root of Trust for Measurement to establish a Xen hypervisor with a meta-virtualized pfSense firewall. We ...
2/1/20
Open Source Firmware, BMC and Bootloader
Patrick Rudolph
K.4.601
Modern Open Source boot firmware ships with an increasing amount of BLOBs. While it's often claimed that it eases the integration, it makes life of Open Source developers harder, as it's not documented what is done inside BLOBs and what should be done outside of the same. We will show how to trace the MMIO access of BLOBs in firmware by using Open Source tools. As analysing the traces for possible branches and loops is hard and stressful work, we created our own framework for automatic reverse ...
2/1/20
Open Source Firmware, BMC and Bootloader
Brian Richardson
K.4.601
As the rich capabilities of platforms increase, so does their complexity. As hypervisors and operating systems harden their attack surfaces, malware has been moving deeper into the platform. For example, a modern laptop may have over 15 updatable firmware elements, each with low-level access to a specific hardware domain. From the early days of proprietary BIOS in the 1980’s and 1990’s, to the world of standards in the 2000’s, to the post-PC world of the last few years, the nature of ...
2/1/20
Open Source Firmware, BMC and Bootloader
K.4.601
Have you ever heard of Board Management Controller? It has been black box firmware to manage servers since last century … now it’s open. OpenBMC is a Linux Foundation project with a goal to produce an open source implementation of BMC firmware stack. It is a vendor independent Linux distribution created using Yocto project that provides complete set of manageability features. Backbone technologies in OpenBMC include D-Bus and systemd. With embedded web server it provides user friendly WebUI ...