Open Source Firmware, BMC and Bootloader
Heads OEM device ownership/reownership : A tamper evident approach to remote integrity attestation
Current status and future plan : A call for collaboration
Insurgo had engaged itself in the adventure of facilitating security accessibility and received NlNet funding to do exactly that. Now it wants to get developers involved and expand funding.
The goal of this is to bridge the gap between reasonably secure OS (QubesOS) and slightly more secure hardware (Heads) to help privacy-focused users and those that are vulnerable. But we need to prepare for the future now!
Insurgo has challenged the status quo that has been prevalent since 2015 and has made it possible for OEMs to preinstall QubesOS, thanks to the Heads Open Source Firmware (OSF) and his own PrivacyBeast QubesOS certified branch, not yet merged upstream, due to the lack of time and resources of a single man effort needing additional collaboration.
The integrity of the firmware and boot files is already remotely sealed and can be attested over smartphone (TPMTOTP) and from the bundled Librem Keys/Nitrokey Pro 2 (HOTP), prior to shipping. Thanks to HOTP-enabled USB security dongles bounded to shipped products, the user can visually validate that the hardware they've received is in OEM attested state, prior to complete reownership which is regenerating all required secrets from a trustable recovery environment (Heads OSF) thanks to a re-ownership wizard that guides the user until completion.
This is just the beginning of the adventure and the road ahead requires your help. Insurgo wants to propel this movement forward.
Today's secure hardware (REAL open source initialized hardware, eg. the RYF KGPE-D16, replicant supported phones, Sandy bridge/Ivy bridge based boards, eg. x230) struggle to stay current with upstream code and compliance requirements. LineageOS dropped support of the i9300. Coreboot dropped support of the KGPE-D16 platform. And the list will expand if no measures are taken to support maintainership of privacy focused projects that are taken for granted until support is finally dropped. This is a real problem requiring real solutions.
New efforts to support future, REAL Open Source Hardware (newly Respect Your Freedom [RYF] certified hardware, eg. Talos II from RaptorEngineering, future Power10 based hardware) are neither currently under active development nor currently supported by QubesOS. This needs to change. Now.
There is an opportunity for transition. This requires leadership, developers and funding.
This is why we've created the Insurgo Initiative on the OpenCollective platform.
This is where transparent funding will be available to the public for open source R&D. Please consider participating through code contributions!
Insurgo is making today's most trustworthy hardware available (TRUELY Neutered+Deactivated Intel ME, no FSP, no binary blobs whatsoever but EC firmware in the Root of Trust) to the masses through remote attestation over Heads OSF.
NlNet is helping Heads to be compatible on the T530, T430, T420 and X220, which are widely available, binary blob-free hardware platforms, thanks to a partnership with 9elements under NlNet grant.
NlNet funds is also permitting development of remote administration of QubesOS over tor hidden services when needed, thanks to an ongoing partnership with both the Qubes OS Project & Whonix.
But what about other work needed to ease accessibility of tomorrow's secure hardware and technologies?
Insurgo decided to give back to Open Source Firmware (OSF) related communities and will publicly announce novel approach to support required open source projects.
In premiere, we plan to give back 25% of Insurgo's net profit on sales to the Insurgo Initiative, hosted on OpenCollective.
Those funds will be available to Open Source projects in the form of bounties, to be paid out upon proof of work of agreed contributions.
The idea here is that open source tickets (issues) can be used as bounties and if knowledgeable people knew funds were available for needed work, they'd be more incentivized to address them.
Developers could then be rewarded for their efforts and paid for completing tasks similiar to how Open Source Funds (OpenTech, NlNet, etc) provides funds for larger projects.
The Insurgo Initiative will be self funded and potentially expanded through international partnerships, while the goal stays the same: supporting a future where security is more accessible to the public.
Here are some projects needing additional funding and more developer awareness, right now. Big funds and grant application are great. But the funding process has issues.
Not every developer wants to go through the application process, which requires management skills and requires a process that is not just about coding.
There are awesome developers out there whose help would be greatly needed.
How do we appropriately match developers with pertinent issues? We can fix this with the right mission and funding.
Insurgo's mission is for accessible security.
Bounty tags are being added to projects that lack the funding and to help address the current problems they face for completion:
PPC64le QubesOS support for upcoming Power10 laptop and Talos II RYF hardware
Heads needs more community developers and maintainers
QubesOS bounty tagged issues
Whonix needs more collaborators or it might die
The main problem we seem to face with many projects can be seen over and over again: a lack of maintainership.
No one can carry on a project for too long without becoming overwhelmed/drained by it.
We need to fairly distribute this work and make sure contributions are incentivized and fairly paid.
In this talk, I will go quickly over past work. The current situation. And where Insurgo wants to go.
Welcome aboard!
Additional information
| Type | devroom |
|---|
More sessions
| 2/1/20 |
Historically, the UEFI forum has been a bit rubbish at interacting with open source development, but this is improving. This talk gives a background on why (both the rubbish and the improvement) and what is being done. Also, a brief update on news for the TianoCore/EDK2 project.
|
| 2/1/20 |
The Unified Extensible Firmware Interface (UEFI) is the default for booting most Linux and BSD distributions. But the complexity of the UEFI standard does not offer an easy entry point for new developers. The U-Boot firmware provides a lightweight UEFI implementation. Using booting from iSCSI with U-Boot and iPXE as an example let's delve into the UEFI API. The UEFI sub-system in U-Boot has developed from barely starting GRUB to supporting complex UEFI applications like iPXE and the EFI shell ...
|
| 2/1/20 |
For the last several years, hypervisors have played a key role in platform security by reducing the possible attack surface. At the same time, the hype surrounding computing and Internet of Things Gateways has led to an increase in network appliance devices. Our target was to create a less-insecure virtual network appliance using TrenchBoot, Trusted Platform Module 2.0 and AMD SKINIT Dynamic Root of Trust for Measurement to establish a Xen hypervisor with a meta-virtualized pfSense firewall. We ...
|
| 2/1/20 |
Modern Open Source boot firmware ships with an increasing amount of BLOBs. While it's often claimed that it eases the integration, it makes life of Open Source developers harder, as it's not documented what is done inside BLOBs and what should be done outside of the same. We will show how to trace the MMIO access of BLOBs in firmware by using Open Source tools. As analysing the traces for possible branches and loops is hard and stressful work, we created our own framework for automatic reverse ...
|
| 2/1/20 |
With Intel's Firmware Support Package (FSP) and the recent release of a redistributable firmware binary for the Management Engine, it has become possible to share full firmware images for modern x86 platforms and potentially audit the binaries. Yet, reverse engineering, decompilation and disassembly are still not permitted. However, thanks to previous research, we can have a closer look at the binary data and come to a few conclusions. This talk briefly summarizes the fundamentals of developing ...
|
| 2/1/20 |
As the rich capabilities of platforms increase, so does their complexity. As hypervisors and operating systems harden their attack surfaces, malware has been moving deeper into the platform. For example, a modern laptop may have over 15 updatable firmware elements, each with low-level access to a specific hardware domain. From the early days of proprietary BIOS in the 1980’s and 1990’s, to the world of standards in the 2000’s, to the post-PC world of the last few years, the nature of ...
|
| 2/1/20 |
Have you ever heard of Board Management Controller? It has been black box firmware to manage servers since last century … now it’s open. OpenBMC is a Linux Foundation project with a goal to produce an open source implementation of BMC firmware stack. It is a vendor independent Linux distribution created using Yocto project that provides complete set of manageability features. Backbone technologies in OpenBMC include D-Bus and systemd. With embedded web server it provides user friendly WebUI ...
|
