Session
Schedule FOSDEM 2022
Open Source Firmware, BMC and Bootloader

OST2: A new way to grow security talent for open source projects

Open Security Training 2
<p>In this talk, we'll describe how OpenSecurityTraining2 (OST2) can help grow security talent and awareness on open source projects, and we'll use the coreboot open source firmware as a case study.</p> <p>Newly structured as a 501c3 non-profit, OST2's core goal is to provide free and open training that helps increase system security. This can take multiple forms, such as training dedicated security engineers, training developers to write more secure code, training potential contributors to security-focused projects, or training engineers on safer alternatives to technologies they're already using. In this talk we'll describe current and future examples of all the previous use cases, and drill deeper into a case study of how 3mbdeb, a licensed service provider for the coreboot open source firmware project, is contributing to OST2 to advance the state of open source firmware security.</p>

Additional information

Type devroom

More sessions

2/5/22
Open Source Firmware, BMC and Bootloader
Daniel Kiper
D.firmware
<p>Warm welome to the Open Source Firmware, BMC and Bootloader devroom.</p>
2/5/22
Open Source Firmware, BMC and Bootloader
Daniel Maslowski (CyReVolt)
D.firmware
<p>Among many challanges around initializing hardware, security, and booting into operating systems, firmware also needs to provide an interface for the user to change settings, set up a trust anchor, or simply enjoy colorful graphics. This talk summarizes approaches from (U)EFI <a href="https://www.intel.com/content/dam/www/public/us/en/documents/reference-guides/efi-human-interface-infrastructure-specification-v09.pdf">dating back to 2003</a>, looking at modern OEM UIs in comparison to open ...
2/5/22
Open Source Firmware, BMC and Bootloader
Daniel Kiper
D.firmware
<p>The presentation will discuss current state of GRUB upstream development.</p>
2/5/22
Open Source Firmware, BMC and Bootloader
Michał Żygowski
D.firmware
<p>This is the 3rd edition of the "Status of AMD platform in coreboot". The talk will cover the most recent news around the AMD support in open source firmware ecosystem and updates of the topics covered in previous years. We would like to present status of FSF RYF KGPE-D16 platform revival and related upstreaming effort, TrenchBoot progress for AMD platforms and status of recent support in coreboot and oreboot projects. Finally we would like to present Dasharo - open source firmware ...
2/5/22
Open Source Firmware, BMC and Bootloader
Ian Oliver
D.firmware
<p>The increased need for secure firmware of all kinds in "IoT" devices from simple sensors to SBC's capable of running large operating systems (eg: Pis, IMXx boards etc) is well known and being driven by many forces, eg: Industry 4.0, 5G, 6G etc. What interestingly is missing is how this firmware provides additional security beyond that of the individual device: to the system as a whole, supply-chain provenance and applications; then further on to how we deal with security incidents through the ...
2/5/22
Open Source Firmware, BMC and Bootloader
Sri Ramkrishna
D.firmware
<p>We are living in exciting times - we are finally seeing hyperscale server platforms opening up and running on open source software (with caveats still). The journey though is a road full of potholes, braking and sharp turns. Opening up hardware is not easy! Follow along and see how we enabled the Mono Lake platform that was originally created by Facebook (now Meta).</p>
2/5/22
Open Source Firmware, BMC and Bootloader
Ron Minnich
D.firmware
<p>I have reimplemented the Plan 9 cpu command in pure Go, available at github.com/u-root/cpu. It uses the ssh transport protocol for data, and the 9p protocol for file system traffic.</p> <p>If you are used to ssh, cpu will look very similar, to the point of even honoring your .ssh/config! What's different is that when you cpu from your local note to a remote node, file systems of your choosing are visible on the remote node, mounted over 9p, connected to a server running in the cpu command ...