Firmware updates for OPNsense and pfSense with fwupd/LVFS

Secure firmware for routers with the BSD based operating systems
Norbert Kamiński
<p>This presentation will describe the results of the proof of concept work that takes into consideration integration of firmware update framework - fwupd/LVFS for OPNsense and pfSense. It will explain the challenges connected with the implementation of firmware update systems for BSD-based firewall and routing software. It will show basic concepts connected to the fwupd and LVFS.</p>
The security of the whole system is not determined only by the software it runs, but also by the firmware. Firmware is a piece of software inseparable from the hardware. It is responsible for proper hardware initialization as well as its security features. That means that the safety of the machine strongly depends on the mitigations of vulnerabilities provided by firmware (like microcode updates, bug/exploit fixes). For these particular reasons, the firmware should be kept up-to-date. Routers are highly popular attack vectors, therefore they must be appropriately secured. pfSense and OPNsense are well known secure firewall and routing software, but they do not have any firmware update methods. Therefore to secure hardware initialization of the routers, in this presentation we will present proof of concept work that takes into consideration integration of firmware update framework - fwupd/LVFS. Nowadays, this is one of the most popular firmware update software. fwupd is a daemon that manages firmware updates of each of your hardware components that have some kind of firmware. What is more fwupd is open source, which makes it more trustworthy than proprietary applications delivered by hardware vendors designed for (only) their devices.

Additional information

Type devroom

More sessions

Hardware-Aided Trusted Computing
<p>A brief introduction to the room and to the sessions.</p>
Andrew Shitov
<p>Welcome to the Raku devroom at FOSDEM 2022!</p>
<p>A brief introduction to our devroom and the schedule ahead.</p>
MariaDB Server
Ian Gilfillan
<p>A brief introduction and overview of what you can expect from the MariaDB devroom at FOSDEM</p>
Open Research Tools and Technologies
<p>The Open Research Tools and Technologies devroom managers welcome words announcing the schedule.</p>
Testing and Automation
<p>A warm welcome from your devroom managers, practical information, lineup and administrivia. Happy Testing!</p>
Open Source Design
<p>Every year we take some time to introduce the Open Source Design collective, what we do, where to find us and how to get involved.</p>