Server Hardware ist vielfältig - und damit können auch mögliche Probleme auftreten. Für das Monitoring der Serverkomponenten gibt es unterschiedliche Schnittstellen. Die Palette reicht hier von Netzwerkprotokollen wie IPMI und SNMP bis hin zu Checks, die lokal am jeweiligen Server ausgeführt werden müssen (z.B. für RAID-Controller, SMART-Attribute oder GPU-Karten).
Im Vortrag erfahren Sie welche Checks Sie am besten für bestimmte Hardware Komponenten einsetzen und damit zuverlässig zeitnah informiert werden, sobald sich Probleme abzeichnen.
This document proposes a standardized interface for collaborating on power management across operating systems on ARM devices. It suggests defining a set of APIs to handle powering down and up CPUs for idle states, hot plug, secondary boot, and CPU migration. These APIs would take parameters like the affinity level, resume address, and context ID to enable saving and restoring state across OS layers. Implementing this interface with calls like IdlePowerDown, CPUAdd, CPURemove, CPUSwitchIn, and CPUSwitchOut could facilitate collaboration between Linux, hypervisors, and trusted operating systems on power management.
Hardware accelerated Virtualization in the ARM Cortex™ ProcessorsThe Linux Foundation
The document discusses hardware accelerated virtualization capabilities in ARM Cortex processors including the Cortex-A15. It describes new features like large physical addressing, virtualization extensions, and a virtual interrupt controller that allow multiple operating system instances and work environments to run simultaneously in isolation on ARM devices.
LCU13: Deep Dive into ARM Trusted Firmware
Resource: LCU13
Name: Deep Dive into ARM Trusted Firmware
Date: 31-10-2013
Speaker: Dan Handley / Charles Garcia-Tobin
Q2.12: Idling ARMs in a busy world: Linux Power Management for ARM Multiclust...Linaro
This document discusses power management for ARM multi-cluster systems in Linux. It describes the need for common power management code in the kernel to handle saving and restoring CPU and cluster state. It outlines the ARM common power management code components, including CPU PM notifiers, local timer handling, and CPU suspend/resume functionality. It also discusses challenges such as cache-to-cache migration during the suspend process.
Join this video course on udemy . Click here :
https://www.udemy.com/microcontroller-programming-stm32-timers-pwm-can-bus-protocol/?couponCode=SLIDESHARE
learn STM32 TIMERS, CAN,RTC, PWM,LOW POWER embedded systems and program them using STM32 Device HAL APIs STEP by STEP
>>Welcome to the course which teaches you advanced Micro-controller programming. In this course you are going to learn and master TIMERS, PWM, CAN, RTC, LOW POWER MODES of STM32F4x Micro-controller with step by step guidance. Highly recommended if you are seeking a career in the domain of Embedded software. <<
In this course, you will understand behind the scene working of peripherals with supportive code exercises. I have included various real-time exercises which help you to master every peripheral covered in this course and this course thoroughly covers both theory and practical aspects of TIMERS, PWM, CAN, RTC, LOW POWER MODES of STM32F4x Micro-controller.
PSCI is an interface that coordinates power management between the CPU and the platform firmware. On ARMv8 systems, PSCI is commonly used to control power operations. Linux uses either PSCI or spin-table to control CPU power depending on the platform's DT bindings. PSCI functions like CPU on, off, and system suspend are invoked from Linux drivers through SMC calls to the firmware. This allows the platform firmware to implement features like low power states.
Kernel Features for Reducing Power Consumption on Embedded DevicesRyo Jin
This document discusses various techniques for reducing energy consumption on mobile devices using the Linux kernel. It focuses on ARM architecture and Samsung's Exynos System-on-Chip. Key techniques discussed include CPU frequency scaling (CPUfreq), putting components into low power states via runtime power management, utilizing deeper CPU idle states, and dynamic voltage and frequency scaling for other devices (Devfreq). Measurements demonstrate energy savings from each technique, with the largest savings coming from combined use of CPU idle states, powering off idle CPU cores, and Devfreq.
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareLinaro
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
---------------------------------------------------
Speaker: Jorge Ramirez-Ortiz
Date: February 13, 2015
---------------------------------------------------
★ Session Summary ★
[Note: this is a joint Security/Power Management session) Understand what use cases related to Power Management have to interact with Trusted Firmware via Secure calls. Walk through some key use cases like CPU Suspend and explain how PM Linux drivers interacts with Trusted Firmware / PSCI
--------------------------------------------------
★ Resources ★
Pathable: https://hkg15.pathable.com/meetings/250855
Video: https://www.youtube.com/watch?v=hQ2ITjHZY4s
Etherpad: http://pad.linaro.org/p/hkg15-505
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2015 - #HKG15
February 9-13th, 2015
Regal Airport Hotel Hong Kong Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
This document proposes a standardized interface for collaborating on power management across operating systems on ARM devices. It suggests defining a set of APIs to handle powering down and up CPUs for idle states, hot plug, secondary boot, and CPU migration. These APIs would take parameters like the affinity level, resume address, and context ID to enable saving and restoring state across OS layers. Implementing this interface with calls like IdlePowerDown, CPUAdd, CPURemove, CPUSwitchIn, and CPUSwitchOut could facilitate collaboration between Linux, hypervisors, and trusted operating systems on power management.
Hardware accelerated Virtualization in the ARM Cortex™ ProcessorsThe Linux Foundation
The document discusses hardware accelerated virtualization capabilities in ARM Cortex processors including the Cortex-A15. It describes new features like large physical addressing, virtualization extensions, and a virtual interrupt controller that allow multiple operating system instances and work environments to run simultaneously in isolation on ARM devices.
LCU13: Deep Dive into ARM Trusted Firmware
Resource: LCU13
Name: Deep Dive into ARM Trusted Firmware
Date: 31-10-2013
Speaker: Dan Handley / Charles Garcia-Tobin
Q2.12: Idling ARMs in a busy world: Linux Power Management for ARM Multiclust...Linaro
This document discusses power management for ARM multi-cluster systems in Linux. It describes the need for common power management code in the kernel to handle saving and restoring CPU and cluster state. It outlines the ARM common power management code components, including CPU PM notifiers, local timer handling, and CPU suspend/resume functionality. It also discusses challenges such as cache-to-cache migration during the suspend process.
Join this video course on udemy . Click here :
https://www.udemy.com/microcontroller-programming-stm32-timers-pwm-can-bus-protocol/?couponCode=SLIDESHARE
learn STM32 TIMERS, CAN,RTC, PWM,LOW POWER embedded systems and program them using STM32 Device HAL APIs STEP by STEP
>>Welcome to the course which teaches you advanced Micro-controller programming. In this course you are going to learn and master TIMERS, PWM, CAN, RTC, LOW POWER MODES of STM32F4x Micro-controller with step by step guidance. Highly recommended if you are seeking a career in the domain of Embedded software. <<
In this course, you will understand behind the scene working of peripherals with supportive code exercises. I have included various real-time exercises which help you to master every peripheral covered in this course and this course thoroughly covers both theory and practical aspects of TIMERS, PWM, CAN, RTC, LOW POWER MODES of STM32F4x Micro-controller.
PSCI is an interface that coordinates power management between the CPU and the platform firmware. On ARMv8 systems, PSCI is commonly used to control power operations. Linux uses either PSCI or spin-table to control CPU power depending on the platform's DT bindings. PSCI functions like CPU on, off, and system suspend are invoked from Linux drivers through SMC calls to the firmware. This allows the platform firmware to implement features like low power states.
Kernel Features for Reducing Power Consumption on Embedded DevicesRyo Jin
This document discusses various techniques for reducing energy consumption on mobile devices using the Linux kernel. It focuses on ARM architecture and Samsung's Exynos System-on-Chip. Key techniques discussed include CPU frequency scaling (CPUfreq), putting components into low power states via runtime power management, utilizing deeper CPU idle states, and dynamic voltage and frequency scaling for other devices (Devfreq). Measurements demonstrate energy savings from each technique, with the largest savings coming from combined use of CPU idle states, powering off idle CPU cores, and Devfreq.
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareLinaro
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
---------------------------------------------------
Speaker: Jorge Ramirez-Ortiz
Date: February 13, 2015
---------------------------------------------------
★ Session Summary ★
[Note: this is a joint Security/Power Management session) Understand what use cases related to Power Management have to interact with Trusted Firmware via Secure calls. Walk through some key use cases like CPU Suspend and explain how PM Linux drivers interacts with Trusted Firmware / PSCI
--------------------------------------------------
★ Resources ★
Pathable: https://hkg15.pathable.com/meetings/250855
Video: https://www.youtube.com/watch?v=hQ2ITjHZY4s
Etherpad: http://pad.linaro.org/p/hkg15-505
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2015 - #HKG15
February 9-13th, 2015
Regal Airport Hotel Hong Kong Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3Linaro
LAS16-111: Raspberry Pi3, OP-TEE and JTAG debugging
Speakers:
Date: September 26, 2016
★ Session Description ★
ARM TrustZone is a critical technology for securing IoT devices and systems. But awareness of TrustZone and its benefits lags within the maker community as well as among enterprises. The first step to solving this problem is lowering the cost of access. Sequitur Labs and Linaro have joined forces to address this problem by making a port of OP-TEE available on the Raspberry Pi 3. The presentation covers the value of TrustZone for securing IoT and how customers can learn more through this joint effort.
Embedded systems security remains a challenge for many developers. Awareness of mature, proven technologies such as ARM TrustZone is very low among the Maker community as well as among enterprises. As a result this foundational technology is largely being ignored as a security solution. Sequitur Labs and Linaro have taken an innovative approach combining an Open Source solution – OP-TEE with Raspberry Pi 3. The Raspberry Pi 3 is one of the world’s most popular platforms among device makers. Its value as an educational tool for learning about embedded systems development is proven.
Sequitur Labs have also enabled bare metal debugging via JTag on the Pi 3 enhancing the value of the Pi 3 as an educational tool for embedded systems development.
The presentation will focus on
ARM v8a architecture and instruction set
ARM Trusted Firmware
TrustZone and OP-TEE basics
JTAG and bare metal debugging the Raspberry Pi 3
★ Resources ★
Etherpad: pad.linaro.org/p/las16-111
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-111/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
"The secure enclave processor (SEP) was introduced by Apple as part of the A7 SOC with the release of the iPhone 5S, most notably to support their fingerprint technology, Touch ID. SEP is designed as a security circuit configured to perform secure services for the rest of the SOC, with with no direct access from the main processor. In fact, the secure enclave processor runs it own fully functional operating system - dubbed SEPOS - with its own kernel, drivers, services, and applications. This isolated hardware design prevents an attacker from easily recovering sensitive data (such as fingerprint information and cryptographic keys) from an otherwise fully compromised device.
Despite almost three years have passed since its inception, little is still known about the inner workings of the SEP and its applications. The lack of public scrutiny in this space has consequently led to a number of misconceptions and false claims about the SEP.
In this presentation, we aim to shed some light on the secure enclave processor and SEPOS. In particular, we look at the hardware design and boot process of the secure enclave processor, as well as the SEPOS architecture itself. We also detail how the iOS kernel and the SEP exchange data using an elaborate mailbox mechanism, and how this data is handled by SEPOS and relayed to its services and applications. Last, but not least, we evaluate the SEP attack surface and highlight some of the findings of our research, including potential attack vectors."
(Source: Black Hat USA 2016, Las Vegas)
Linux provides a common mailbox framework for communication between controller and client drivers. The framework includes mailbox_controller and mailbox_client header files. Several device drivers implement this framework for communication with hardware mailboxes, including drivers for ARM MHU, Broadcom, Altera, STMicro, and TI mailboxes. The mailbox framework supports synchronous and asynchronous message notification and defines mailbox channel operations for sending/receiving data and initializing/shutting down channels. ARM's SCPI protocol is commonly used with the mailbox framework for communication between application and system control processors over an MHU. The Linux kernel documentation describes supporting the SCPI protocol via the mailbox framework and device tree bindings.
The document discusses interrupts in embedded systems using the ATmega32 microcontroller as an example. It defines an interrupt as a signal that causes the CPU to stop its current execution and jump to an interrupt service routine (ISR) to handle the interrupt event. It describes the interrupt vector table, which stores the addresses of the ISRs. It outlines the steps taken when an interrupt occurs, which includes saving the program counter, jumping to the ISR, executing the ISR code, and returning where it left off. As an example, it shows code for configuring an external interrupt on pin 16 and the corresponding ISR to toggle an output pin.
LCU14 302- How to port OP-TEE to another platformLinaro
This document describes how to port the open source Trusted Execution Environment (OP-TEE) to a new platform. It involves cloning the existing platform code, modifying compiler and linker options, configuring platform-specific settings, updating memory mappings, and initializing platform-specific components. The document provides details on each of these porting steps and recommends OP-TEE documentation resources.
The document summarizes an attack on the TrustZone architecture of the Huawei Ascend Mate 7 smartphone. It details vulnerabilities that allow gaining root access on the normal world and executing arbitrary code in the trusted execution environment (TEE). This includes overwriting memory to bypass restrictions and read encrypted fingerprint images from the sensor by patching the TEE kernel. The attack demonstrates full compromise of the device's security features.
HKG18-TR14 - Postmortem Debugging with CoresightLinaro
Session ID: HKG18-TR14
Session Name: HKG18-TR14 - Postmortem Debugging with Coresight
Speaker: Leo Yan
Track: Training
★ Session Summary ★
For most cases we can easily debug with kernel's oops dumping info, but sometimes we need to know more information for program execution flow before the issue happens. So we can rely on two tracing methods to reproduce the program execution flow, one method is using software tracing which is kernel's pstore method; another method is to rely on Coresight hardware tracing, this method also can avoid extra workload introduced by tracing itself. Coresight has provided two mechanisms for Postmortem debugging, one method is Coresight CPU debug module so we can extract CPU program counter info, this is quite straightforward to debug CPU lockup issue; Another is Coresight panic kdump, we connect kernel kdump mechanism to extract Coresight tracing data so we can reproduce the last execution flow before panic (even hang issue with some tweaking in kernel). This session wants to go through these topics and demonstrate the debugging tools on 96boards Hikey in 25 minutes session.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/hkg18/hkg18-tr14/
Presentation: http://connect.linaro.org.s3.amazonaws.com/hkg18/presentations/hkg18-tr14.pdf
Video: http://connect.linaro.org.s3.amazonaws.com/hkg18/videos/hkg18-tr14.mp4
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2018 (HKG18)
19-23 March 2018
Regal Airport Hotel Hong Kong
---------------------------------------------------
Keyword: Training
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareLinaro
The document discusses power management in ARMv8-A and the integration of OP-TEE with the ARM Trusted Firmware. It provides an overview of the software stack and PSCI requirements. It then describes OP-TEE's system view and how it integrates with ARM Trusted Firmware as a runtime service. Finally, it discusses the programmer's view of PSCI and provides examples of how CPU_ON, CPU_OFF, and CPU_SUSPEND operations are handled between Linux, ARM Trusted Firmware, and OP-TEE.
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
Speaker: Bill Fletcher
Date: September 24, 2015
★ Session Description ★
An introductory session of a system-level overview at Power State Coordination
- Focus on ARMv8
- Goes top-down from ACPI
- A demo based on the current code in qemu
- The specifications are very dynamic - what’s onging for ACPI and PSCI
★ Resources ★
Video: https://www.youtube.com/watch?v=vXzPdpaZVto
Presentation: http://www.slideshare.net/linaroorg/sfo15tr9-psci-acpi-and-uefi-to-boot
Etherpad: pad.linaro.org/p/sfo15-tr9
Pathable: https://sfo15.pathable.com/meetings/303087
★ Event Details ★
Linaro Connect San Francisco 2015 - #SFO15
September 21-25, 2015
Hyatt Regency Hotel
http://www.linaro.org
http://connect.linaro.org
This document introduces GPIO and GPIO virtualization in ACRN. It discusses:
1. GPIO hardware consists of pin configuration logic, GPIO logic blocks, and multiplexers that allow pins to take on different functions like GPIO, SPI, I2C.
2. GPIO virtualization in ACRN follows the virtio specification and allows each VM to access a virtual GPIO chip with a configured number of pins mapped to physical pins.
3. GPIO IRQ virtualization allows VMs to request, apply, and be notified of IRQ events on their virtual GPIO pins, which are forwarded by the hypervisor to the corresponding physical pins.
ATF(ARM Trusted Firmware)は、ARMv8では重要なソフトウェア。
全体を利用するのではなく、その一部を利用可能。
この資料では、BL31(EL3 Runtime Firmware)を単体で使う場合、どうすればいいのかを、Xilinx社のZynq UltraScale+ MPSoCを例に説明しています。
ATF (ARM Trusted Firmware) is an important software in ARMv8.
Instead of using the whole, part of it is available.
This document explains how to do when using BL31 (EL3 Runtime Firmware) alone, for example, with Xilinx's Zynq UltraScale + MPSoC.
This presentation is made as a part of our udemy course on STM32 MCUs and peripherals. The ppt covers STM32 Reset and Clock Control unit of the STM32 , different types of clock sources such as HSE (High Speed External crystal), HSI (Internal High Speed RC ), PLL concepts,HSI calibration , HCLK,PLCKx and others.
To enroll for our video courses on Microcontroller Programming, RTOS programming, Embedded linux, Bootloader development
visit here : www.fastbitlab.com
youtube : https://www.youtube.com/channel/UCa1REBV9hyrzGp2mjJCagBg
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC DefconRussia
Мы поговорим об общей проблеме валидации входных данных и качестве их обработки. Интерпретация входящих данных оказывает прямое влияние на решения, принимаемые в физической инфраструктуре: если какая-либо часть данных обрабатывается недостаточно аккуратно, это может повлиять на эффективность и безопасность процесса.
В этой беседе мы обсудим атаки на процесс обработки данных и природу концепции «never trust your inputs» в контексте информационно-физических систем (в общем смысле, то есть любых подобных систем). Для иллюстрации проблемы мы используем уязвимости аналого-цифровых преобразователей (АЦП), которые можно заставить выдавать поддельный цифровой сигнал с помощью изменения частоты и фазы входящего аналогового сигнала: ошибка масштабирования такого сигнала может вызывать целочисленное переполнение и дает возможность эксплуатировать уязвимости в логике PLC/встроенного ПО. Также мы покажем реальные примеры использования подобных уязвимостей и последствия этих нападений.
Embedded Recipes 2019 - Introduction to JTAG debuggingAnne Nicolas
This talk introduces JTAG debugging capabilities, both for debugging hardware and software. Marek first explains what the JTAG stands for and explains the operation of the JTAG state machine. This is followed by an introduction to free software JTAG tools, OpenOCD and urJTAG. Marek shortly explains how to debug software using those tools and how that ties into the JTAG state machine. However, JTAG was designed for testing hardware. Marek explains what boundary scan testing (BST) is, what are BSDL files and their format, and practically demonstrates how to blink an LED using BST and only free software tools.
Marek Vasut
Reliability, Availability, and Serviceability (RAS) on ARM64 status - SFO17-203Linaro
Session ID: SFO17-203
Session Name: Reliability, Availability, and Serviceability (RAS) on ARM64 status - SFO17-203
Speaker: Fu Wei
Track: LEG
★ Session Summary ★
This presentation gives an updated RAS architecture on ARM64 base on RAS extension (in ARMv8.2), SDEI (Software Delegated Exception Interface), APEI, UEFI PI-SMM. Will talk about all the components of the new RAS architecture on ARM64, gives audience the current status and the next step of development.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-203/
Presentation:
Video: https://www.youtube.com/watch?v=NReFBzbeWi0
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
---------------------------------------------------
Keyword:
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961
This document provides an overview of interrupts and exceptions in the Linux kernel version 2.4.18-10. It discusses the basic concepts of interrupts in Linux including hardware and software interrupts, interrupt handling in the kernel, and the data structures used to manage interrupts. Interrupts preempt processes and are handled in strict priority order by the CPU. The document describes the interrupt descriptor table (IDT) that associates interrupts and exceptions with handler functions, and how hardware and software handle interrupts. It also covers initialization of the IDT, exception handling in Linux, and the data structures used for interrupt handling.
Escalating Privileges in Linux using Fault Injection - FDTC 2017Cristofaro Mune
FDTC 2017 presentation slides from our work, performed by me and Niek Timmers from @Riscure, on Fault Injection attacks applied to Linux.
Our work points out how Fault Injection (FI) techniques can be used for escalating privileges in large code bases, like the Linux OS.
Escalation of privilege can be obtained in minutes, after setup preparation and target characterization.
We also discuss the impacts of a new FI attack technique that allows reliable loading of arbitrary values into registers. We show that control of kernel space Program Counter can be obtained by a userspace application, potentially leading to arbitrary code execution, even in absence of known SW vulnerabilities.
Finally, we discuss possible mitigations, showing how, for this new class of attacks, classical FI countermeasures implemented in SW are insufficient, while modern SW exploit mitigations become applicable.
Join this video course on udemy . Click here :
https://www.udemy.com/course/mastering-microcontroller-with-peripheral-driver-development/?couponCode=SLIDESHARE
Learn bare metal driver development systems using Embedded C: Writing drivers for STM32 GPIO,I2C,SPI,USART from scratch
Software/Hardware used:
In this course, the code is developed such a way that, It can be ported to any MCU you have at your hand.
If you need any help in porting these codes to different MCUs you can always reach out to me!
The course is strictly not bound to any 1 type of MCU. So, if you already have any Development board which runs with ARM-Cortex M3/M4 processor,
then I recommend you to continue using it.
But if you don’t have any Development board, then check out the below Development boards.
Breaking hardware enforced security with hypervisorsPriyanka Aash
"Hardware-Enforced Security is touted as the panacea solution to many modern computer security challenges. While certainly adding robust options to the defenders toolset, they are not without their own weaknesses. In this talk we will demonstrate how low-level technologies such as hypervisors can be used to subvert the claims of security made by these mechanisms. Specifically, we will show how a hypervisor rootkit can bypass Intel's Trusted Execution Environment (TXT) DRTM (dynamic root of trust measurement) and capture keys from Intel's AES-NI instructions. These attacks against TXT and AES-NI have never been published before. Trusted computing has had a varied history, to include technologies such as Trusted Execution Technology (TXT), ARM TrustZone, and now Microsoft Isolated User Mode and Intel SGX. All of these technologies attempt to protect user data from privileged processes snooping or controlling execution. These technologies claim that no elevated process, whether kernel based, System Management Mode (SMM) based, or hypervisor based will be able to compromise the user's data and execution.
This presentation will highlight the age-old problem of misconfiguration of Intel TXT by exploiting a machine through the use of another Intel technology, the Type-1 hypervisor (VT-x). Problems with these technologies have surfaced not as design issues but during implementation. Whether there remains a hardware weakness where attestation keys can be compromised, or a software and hardware combination, such as exposed DMA that permits exfiltration, and sometimes modification, of user process memory. This presentation will highlight one of these implementation flaws as exhibited by the open source tBoot project and the underlying Intel TXT technology. Summation will offer defenses against all too often pitfalls when deploying these systems, including proper deployment design using sealed storage, remote attestation, and hardware hardening."
(Source: Black Hat USA 2016, Las Vegas)
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMULinaro
This document discusses moving QEMU's Tiny Code Generator (TCG) to a multi-threaded model to take advantage of multi-core systems. It describes the current single-threaded TCG process model and global state. Approaches considered for multi-threading include using threads/locks, processes/IPC, or rewriting TCG from scratch. Key challenges addressed are protecting code generation globals and implementing atomic memory operations and memory barriers in a multi-threaded context. Patches have been contributed to address these issues and enable multi-threaded TCG. Further work remains to fully enable it across all QEMU backends and architectures.
The document discusses information gathering from system components like the BIOS, IPMI, and sensors. It provides an overview of BIOS execution stages, IPMI architecture and commands, and how to view sensor data using entities and thresholds. IPMI commands allow viewing the sensor data repository, system event log, and field replaceable unit information.
OSMC 2014 | Server Hardware Monitoring done right by Werner FischerNETWAYS
Server Hardware ist vielfältig - und damit können auch mögliche Probleme auftreten. Für das Monitoring der Serverkomponenten gibt es unterschiedliche Schnittstellen. Die Palette reicht hier von Netzwerkprotokollen wie IPMI und SNMP bis hin zu Checks, die lokal am jeweiligen Server ausgeführt werden müssen (z.B. für RAID-Controller, SMART-Attribute oder GPU-Karten).
Im Vortrag erfahren Sie welche Checks Sie am besten für bestimmte Hardware Komponenten einsetzen und damit zuverlässig zeitnah informiert werden, sobald sich Probleme abzeichnen.
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3Linaro
LAS16-111: Raspberry Pi3, OP-TEE and JTAG debugging
Speakers:
Date: September 26, 2016
★ Session Description ★
ARM TrustZone is a critical technology for securing IoT devices and systems. But awareness of TrustZone and its benefits lags within the maker community as well as among enterprises. The first step to solving this problem is lowering the cost of access. Sequitur Labs and Linaro have joined forces to address this problem by making a port of OP-TEE available on the Raspberry Pi 3. The presentation covers the value of TrustZone for securing IoT and how customers can learn more through this joint effort.
Embedded systems security remains a challenge for many developers. Awareness of mature, proven technologies such as ARM TrustZone is very low among the Maker community as well as among enterprises. As a result this foundational technology is largely being ignored as a security solution. Sequitur Labs and Linaro have taken an innovative approach combining an Open Source solution – OP-TEE with Raspberry Pi 3. The Raspberry Pi 3 is one of the world’s most popular platforms among device makers. Its value as an educational tool for learning about embedded systems development is proven.
Sequitur Labs have also enabled bare metal debugging via JTag on the Pi 3 enhancing the value of the Pi 3 as an educational tool for embedded systems development.
The presentation will focus on
ARM v8a architecture and instruction set
ARM Trusted Firmware
TrustZone and OP-TEE basics
JTAG and bare metal debugging the Raspberry Pi 3
★ Resources ★
Etherpad: pad.linaro.org/p/las16-111
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-111/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
"The secure enclave processor (SEP) was introduced by Apple as part of the A7 SOC with the release of the iPhone 5S, most notably to support their fingerprint technology, Touch ID. SEP is designed as a security circuit configured to perform secure services for the rest of the SOC, with with no direct access from the main processor. In fact, the secure enclave processor runs it own fully functional operating system - dubbed SEPOS - with its own kernel, drivers, services, and applications. This isolated hardware design prevents an attacker from easily recovering sensitive data (such as fingerprint information and cryptographic keys) from an otherwise fully compromised device.
Despite almost three years have passed since its inception, little is still known about the inner workings of the SEP and its applications. The lack of public scrutiny in this space has consequently led to a number of misconceptions and false claims about the SEP.
In this presentation, we aim to shed some light on the secure enclave processor and SEPOS. In particular, we look at the hardware design and boot process of the secure enclave processor, as well as the SEPOS architecture itself. We also detail how the iOS kernel and the SEP exchange data using an elaborate mailbox mechanism, and how this data is handled by SEPOS and relayed to its services and applications. Last, but not least, we evaluate the SEP attack surface and highlight some of the findings of our research, including potential attack vectors."
(Source: Black Hat USA 2016, Las Vegas)
Linux provides a common mailbox framework for communication between controller and client drivers. The framework includes mailbox_controller and mailbox_client header files. Several device drivers implement this framework for communication with hardware mailboxes, including drivers for ARM MHU, Broadcom, Altera, STMicro, and TI mailboxes. The mailbox framework supports synchronous and asynchronous message notification and defines mailbox channel operations for sending/receiving data and initializing/shutting down channels. ARM's SCPI protocol is commonly used with the mailbox framework for communication between application and system control processors over an MHU. The Linux kernel documentation describes supporting the SCPI protocol via the mailbox framework and device tree bindings.
The document discusses interrupts in embedded systems using the ATmega32 microcontroller as an example. It defines an interrupt as a signal that causes the CPU to stop its current execution and jump to an interrupt service routine (ISR) to handle the interrupt event. It describes the interrupt vector table, which stores the addresses of the ISRs. It outlines the steps taken when an interrupt occurs, which includes saving the program counter, jumping to the ISR, executing the ISR code, and returning where it left off. As an example, it shows code for configuring an external interrupt on pin 16 and the corresponding ISR to toggle an output pin.
LCU14 302- How to port OP-TEE to another platformLinaro
This document describes how to port the open source Trusted Execution Environment (OP-TEE) to a new platform. It involves cloning the existing platform code, modifying compiler and linker options, configuring platform-specific settings, updating memory mappings, and initializing platform-specific components. The document provides details on each of these porting steps and recommends OP-TEE documentation resources.
The document summarizes an attack on the TrustZone architecture of the Huawei Ascend Mate 7 smartphone. It details vulnerabilities that allow gaining root access on the normal world and executing arbitrary code in the trusted execution environment (TEE). This includes overwriting memory to bypass restrictions and read encrypted fingerprint images from the sensor by patching the TEE kernel. The attack demonstrates full compromise of the device's security features.
HKG18-TR14 - Postmortem Debugging with CoresightLinaro
Session ID: HKG18-TR14
Session Name: HKG18-TR14 - Postmortem Debugging with Coresight
Speaker: Leo Yan
Track: Training
★ Session Summary ★
For most cases we can easily debug with kernel's oops dumping info, but sometimes we need to know more information for program execution flow before the issue happens. So we can rely on two tracing methods to reproduce the program execution flow, one method is using software tracing which is kernel's pstore method; another method is to rely on Coresight hardware tracing, this method also can avoid extra workload introduced by tracing itself. Coresight has provided two mechanisms for Postmortem debugging, one method is Coresight CPU debug module so we can extract CPU program counter info, this is quite straightforward to debug CPU lockup issue; Another is Coresight panic kdump, we connect kernel kdump mechanism to extract Coresight tracing data so we can reproduce the last execution flow before panic (even hang issue with some tweaking in kernel). This session wants to go through these topics and demonstrate the debugging tools on 96boards Hikey in 25 minutes session.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/hkg18/hkg18-tr14/
Presentation: http://connect.linaro.org.s3.amazonaws.com/hkg18/presentations/hkg18-tr14.pdf
Video: http://connect.linaro.org.s3.amazonaws.com/hkg18/videos/hkg18-tr14.mp4
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2018 (HKG18)
19-23 March 2018
Regal Airport Hotel Hong Kong
---------------------------------------------------
Keyword: Training
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareLinaro
The document discusses power management in ARMv8-A and the integration of OP-TEE with the ARM Trusted Firmware. It provides an overview of the software stack and PSCI requirements. It then describes OP-TEE's system view and how it integrates with ARM Trusted Firmware as a runtime service. Finally, it discusses the programmer's view of PSCI and provides examples of how CPU_ON, CPU_OFF, and CPU_SUSPEND operations are handled between Linux, ARM Trusted Firmware, and OP-TEE.
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
Speaker: Bill Fletcher
Date: September 24, 2015
★ Session Description ★
An introductory session of a system-level overview at Power State Coordination
- Focus on ARMv8
- Goes top-down from ACPI
- A demo based on the current code in qemu
- The specifications are very dynamic - what’s onging for ACPI and PSCI
★ Resources ★
Video: https://www.youtube.com/watch?v=vXzPdpaZVto
Presentation: http://www.slideshare.net/linaroorg/sfo15tr9-psci-acpi-and-uefi-to-boot
Etherpad: pad.linaro.org/p/sfo15-tr9
Pathable: https://sfo15.pathable.com/meetings/303087
★ Event Details ★
Linaro Connect San Francisco 2015 - #SFO15
September 21-25, 2015
Hyatt Regency Hotel
http://www.linaro.org
http://connect.linaro.org
This document introduces GPIO and GPIO virtualization in ACRN. It discusses:
1. GPIO hardware consists of pin configuration logic, GPIO logic blocks, and multiplexers that allow pins to take on different functions like GPIO, SPI, I2C.
2. GPIO virtualization in ACRN follows the virtio specification and allows each VM to access a virtual GPIO chip with a configured number of pins mapped to physical pins.
3. GPIO IRQ virtualization allows VMs to request, apply, and be notified of IRQ events on their virtual GPIO pins, which are forwarded by the hypervisor to the corresponding physical pins.
ATF(ARM Trusted Firmware)は、ARMv8では重要なソフトウェア。
全体を利用するのではなく、その一部を利用可能。
この資料では、BL31(EL3 Runtime Firmware)を単体で使う場合、どうすればいいのかを、Xilinx社のZynq UltraScale+ MPSoCを例に説明しています。
ATF (ARM Trusted Firmware) is an important software in ARMv8.
Instead of using the whole, part of it is available.
This document explains how to do when using BL31 (EL3 Runtime Firmware) alone, for example, with Xilinx's Zynq UltraScale + MPSoC.
This presentation is made as a part of our udemy course on STM32 MCUs and peripherals. The ppt covers STM32 Reset and Clock Control unit of the STM32 , different types of clock sources such as HSE (High Speed External crystal), HSI (Internal High Speed RC ), PLL concepts,HSI calibration , HCLK,PLCKx and others.
To enroll for our video courses on Microcontroller Programming, RTOS programming, Embedded linux, Bootloader development
visit here : www.fastbitlab.com
youtube : https://www.youtube.com/channel/UCa1REBV9hyrzGp2mjJCagBg
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC DefconRussia
Мы поговорим об общей проблеме валидации входных данных и качестве их обработки. Интерпретация входящих данных оказывает прямое влияние на решения, принимаемые в физической инфраструктуре: если какая-либо часть данных обрабатывается недостаточно аккуратно, это может повлиять на эффективность и безопасность процесса.
В этой беседе мы обсудим атаки на процесс обработки данных и природу концепции «never trust your inputs» в контексте информационно-физических систем (в общем смысле, то есть любых подобных систем). Для иллюстрации проблемы мы используем уязвимости аналого-цифровых преобразователей (АЦП), которые можно заставить выдавать поддельный цифровой сигнал с помощью изменения частоты и фазы входящего аналогового сигнала: ошибка масштабирования такого сигнала может вызывать целочисленное переполнение и дает возможность эксплуатировать уязвимости в логике PLC/встроенного ПО. Также мы покажем реальные примеры использования подобных уязвимостей и последствия этих нападений.
Embedded Recipes 2019 - Introduction to JTAG debuggingAnne Nicolas
This talk introduces JTAG debugging capabilities, both for debugging hardware and software. Marek first explains what the JTAG stands for and explains the operation of the JTAG state machine. This is followed by an introduction to free software JTAG tools, OpenOCD and urJTAG. Marek shortly explains how to debug software using those tools and how that ties into the JTAG state machine. However, JTAG was designed for testing hardware. Marek explains what boundary scan testing (BST) is, what are BSDL files and their format, and practically demonstrates how to blink an LED using BST and only free software tools.
Marek Vasut
Reliability, Availability, and Serviceability (RAS) on ARM64 status - SFO17-203Linaro
Session ID: SFO17-203
Session Name: Reliability, Availability, and Serviceability (RAS) on ARM64 status - SFO17-203
Speaker: Fu Wei
Track: LEG
★ Session Summary ★
This presentation gives an updated RAS architecture on ARM64 base on RAS extension (in ARMv8.2), SDEI (Software Delegated Exception Interface), APEI, UEFI PI-SMM. Will talk about all the components of the new RAS architecture on ARM64, gives audience the current status and the next step of development.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-203/
Presentation:
Video: https://www.youtube.com/watch?v=NReFBzbeWi0
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
---------------------------------------------------
Keyword:
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961
This document provides an overview of interrupts and exceptions in the Linux kernel version 2.4.18-10. It discusses the basic concepts of interrupts in Linux including hardware and software interrupts, interrupt handling in the kernel, and the data structures used to manage interrupts. Interrupts preempt processes and are handled in strict priority order by the CPU. The document describes the interrupt descriptor table (IDT) that associates interrupts and exceptions with handler functions, and how hardware and software handle interrupts. It also covers initialization of the IDT, exception handling in Linux, and the data structures used for interrupt handling.
Escalating Privileges in Linux using Fault Injection - FDTC 2017Cristofaro Mune
FDTC 2017 presentation slides from our work, performed by me and Niek Timmers from @Riscure, on Fault Injection attacks applied to Linux.
Our work points out how Fault Injection (FI) techniques can be used for escalating privileges in large code bases, like the Linux OS.
Escalation of privilege can be obtained in minutes, after setup preparation and target characterization.
We also discuss the impacts of a new FI attack technique that allows reliable loading of arbitrary values into registers. We show that control of kernel space Program Counter can be obtained by a userspace application, potentially leading to arbitrary code execution, even in absence of known SW vulnerabilities.
Finally, we discuss possible mitigations, showing how, for this new class of attacks, classical FI countermeasures implemented in SW are insufficient, while modern SW exploit mitigations become applicable.
Join this video course on udemy . Click here :
https://www.udemy.com/course/mastering-microcontroller-with-peripheral-driver-development/?couponCode=SLIDESHARE
Learn bare metal driver development systems using Embedded C: Writing drivers for STM32 GPIO,I2C,SPI,USART from scratch
Software/Hardware used:
In this course, the code is developed such a way that, It can be ported to any MCU you have at your hand.
If you need any help in porting these codes to different MCUs you can always reach out to me!
The course is strictly not bound to any 1 type of MCU. So, if you already have any Development board which runs with ARM-Cortex M3/M4 processor,
then I recommend you to continue using it.
But if you don’t have any Development board, then check out the below Development boards.
Breaking hardware enforced security with hypervisorsPriyanka Aash
"Hardware-Enforced Security is touted as the panacea solution to many modern computer security challenges. While certainly adding robust options to the defenders toolset, they are not without their own weaknesses. In this talk we will demonstrate how low-level technologies such as hypervisors can be used to subvert the claims of security made by these mechanisms. Specifically, we will show how a hypervisor rootkit can bypass Intel's Trusted Execution Environment (TXT) DRTM (dynamic root of trust measurement) and capture keys from Intel's AES-NI instructions. These attacks against TXT and AES-NI have never been published before. Trusted computing has had a varied history, to include technologies such as Trusted Execution Technology (TXT), ARM TrustZone, and now Microsoft Isolated User Mode and Intel SGX. All of these technologies attempt to protect user data from privileged processes snooping or controlling execution. These technologies claim that no elevated process, whether kernel based, System Management Mode (SMM) based, or hypervisor based will be able to compromise the user's data and execution.
This presentation will highlight the age-old problem of misconfiguration of Intel TXT by exploiting a machine through the use of another Intel technology, the Type-1 hypervisor (VT-x). Problems with these technologies have surfaced not as design issues but during implementation. Whether there remains a hardware weakness where attestation keys can be compromised, or a software and hardware combination, such as exposed DMA that permits exfiltration, and sometimes modification, of user process memory. This presentation will highlight one of these implementation flaws as exhibited by the open source tBoot project and the underlying Intel TXT technology. Summation will offer defenses against all too often pitfalls when deploying these systems, including proper deployment design using sealed storage, remote attestation, and hardware hardening."
(Source: Black Hat USA 2016, Las Vegas)
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMULinaro
This document discusses moving QEMU's Tiny Code Generator (TCG) to a multi-threaded model to take advantage of multi-core systems. It describes the current single-threaded TCG process model and global state. Approaches considered for multi-threading include using threads/locks, processes/IPC, or rewriting TCG from scratch. Key challenges addressed are protecting code generation globals and implementing atomic memory operations and memory barriers in a multi-threaded context. Patches have been contributed to address these issues and enable multi-threaded TCG. Further work remains to fully enable it across all QEMU backends and architectures.
The document discusses information gathering from system components like the BIOS, IPMI, and sensors. It provides an overview of BIOS execution stages, IPMI architecture and commands, and how to view sensor data using entities and thresholds. IPMI commands allow viewing the sensor data repository, system event log, and field replaceable unit information.
OSMC 2014 | Server Hardware Monitoring done right by Werner FischerNETWAYS
Server Hardware ist vielfältig - und damit können auch mögliche Probleme auftreten. Für das Monitoring der Serverkomponenten gibt es unterschiedliche Schnittstellen. Die Palette reicht hier von Netzwerkprotokollen wie IPMI und SNMP bis hin zu Checks, die lokal am jeweiligen Server ausgeführt werden müssen (z.B. für RAID-Controller, SMART-Attribute oder GPU-Karten).
Im Vortrag erfahren Sie welche Checks Sie am besten für bestimmte Hardware Komponenten einsetzen und damit zuverlässig zeitnah informiert werden, sobald sich Probleme abzeichnen.
Icinga Camp Berlin 2017 - 10 Tips for better Hardware MonitoringIcinga
The document provides 10 tips for better hardware monitoring. The tips include knowing your hardware, securing the BMC using IPMI, monitoring IPMI sensors and the SEL log, using lmsensors to monitor additional sensors, monitoring RAID arrays, and using SMART to monitor disk health. The document discusses various tools and techniques for each monitoring area to help ensure hardware is properly monitored.
The document discusses transaction-based hardware-software co-verification using emulation. It describes how traditional cycle-based co-verification is slow due to communication overhead between the testbench and emulator. Transaction-based co-verification improves speed by only synchronizing when required and allowing parallel execution. Transactors are used to convert high-level commands from the testbench to a bit-level protocol for the emulator. This allows emulation speeds of tens of MHz, orders of magnitude faster than cycle-based. An example transactor for a virtual memory is presented.
Lost in Translation: When Industrial Protocol Translation goes Wrong [CONFide...Marco Balduzzi
Protocol gateways are embedded devices used in industrial facilities to integrate legacy equipment such as serial PLCs with modern control networks. Given the importance that these devices play in the operation of manufacturing plants, we conducted a vendor agnostic analysis of the technology behind protocol translation, by identifying new unexplored weaknesses and vulnerabilities. We evaluated five popular gateway products and discovered translation problems that enable potential adversaries to conduct stealthy and difficult-to-detect attacks, for example to arbitrarily disable, or enable a targeted machinery by mean of innocent-looking packets that bypass common ICS firewalls. In this presentation, we share the results of our findings and discuss the impact to the problems that we identified and their potential countermeasures.
The document discusses Cisco Discovery Protocol (CDP) and how it can be used to gather information about neighboring and remote network devices. CDP discovers information like device identifiers, address lists, port identifiers, and capabilities without needing to know the data link layer protocol. The summary also describes how to use commands like show cdp neighbor, show cdp entry, ping, and telnet to view CDP information and connect to remote devices.
This document discusses SR-IOV (Single Root I/O Virtualization), which allows a PCIe device to appear as multiple separate devices. It describes how SR-IOV works by introducing physical functions and virtual functions. It then outlines the steps to enable SR-IOV on a Xen hypervisor, including configuring the network device, enabling virtual functions, binding VFs to the pciback driver, and assigning VFs to guest VMs. Reference links are also provided for additional information on SR-IOV and its implementation in Xen.
This document provides an overview of the eMIPS project, which allows for dynamically extensible processors using an FPGA. The eMIPS processor extends itself at runtime using extensions that are safe for multi-user operating systems. Applications include speeding up execution with application-specific CPUs, monitoring software in real-time, loadable debugging support, and loading/unloading peripherals and processor cores dynamically. The document describes the eMIPS workstation, binaries with hardware acceleration, assertion-based verification, extensible peripherals and tools like an extensible debugger. It also covers using hardware extensions to optimize the instruction set architecture, and the Giano real-time simulation framework.
I have collected all the necessary information about various hardware blocks of Nvidia Tegra K1 processor and put them together. It would be helpful for those who are/going to work on it by giving the details in a very concise fashion.
Smartphones, tablets, TVs, cars and smartwatches: Android is everywhere enabling users and developers with rich set of applications, libraries and services. Android Things brings such a power to virtually any object, any “thing”: using a low-cost (yet powerful) board, developer can add intelligence and connectivity to home, industries, vehicles and even medical appliances. This presentation introduces practical concepts around the Android Things platform and how to have fun with it.
The document summarizes a technical workshop on wireless sensor networks. It provides an overview of the hardware and software used, including the Tmote Sky and EE sensor nodes, the iNode embedded PCs, and the TinyOS software platform. It also describes the Job scheduling system and iPlatform that are used to define and run experiments on the testbed.
The document discusses various tools and techniques for kernel debugging, profiling, and testing in Linux. It covers topics like kernel debugging tools, crash dumping and analysis, kernel probes, tracing, profiling, and testing possibilities in Linux like the Linux Test Project and User Mode Linux.
Upon reading the document, the key steps in a router's start-up process can be summarized as follows:
1. When power is applied, the router performs a power-on self-test and loads the bootstrap code from ROM to initialize hardware and find the IOS image.
2. The IOS image is then loaded from flash memory or another source such as TFTP into RAM where it is decompressed and executed.
3. The startup configuration is loaded, typically from NVRAM. If no configuration is present, the router enters setup mode to configure initial settings.
The document discusses various tools and techniques for kernel debugging, profiling, and testing in Linux. It covers topics like kernel debugging using printk and syslog, querying kernel state via /proc and sysfs, crash dumping and analysis, tools like kprobes, kernel tracing with LTT and perf, profiling with oprofile and gcov, and testing frameworks like LTP and User Mode Linux.
The document discusses important show commands for Cisco routers and switches. It provides a cheat sheet of the most useful show commands including show running-config, show version, show ip route, show interfaces, show cdp neighbors, and show clock. Each command is briefly described in terms of the key information it displays about the device, interfaces, configurations, or network.
44CON 2014 - Stupid PCIe Tricks, Joe Fitzpatrick44CON
Joe FitzPatrick gave a presentation on exploiting PCIe (Peripheral Component Interconnect Express) buses for hardware attacks. He discussed using DMA (direct memory access) over PCIe to read and write system memory, modify firmware, and potentially bypass mitigations like IOMMU (input-output memory management unit). FitzPatrick demonstrated proof-of-concept attacks on Macs and Windows PCs using custom PCIe devices and software. However, he noted that fully bypassing protections like VT-d on Macbooks had not yet been achieved and more work is needed to build attacks without imitating a genuine device.
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
A participant will acquire basic skills of searching for vulnerabilities on switches and routers from various vendors. The masterclass will cover both common network vulnerabilities, and exceptive cases that can be detected in the process of security assessment of real networks.
This document contains questions about router security configuration and concepts. It covers topics like AAA configuration, SSH, SNMP, SDM wizards, and Cisco IOS resilience features. The questions ask about commands, default settings, and characteristics related to securing and hardening a Cisco router.
Similar to OSMC 2014: Server Hardware Monitoring done right | Werner Fischer (20)
UI5con 2024 - Bring Your Own Design SystemPeter Muessig
How do you combine the OpenUI5/SAPUI5 programming model with a design system that makes its controls available as Web Components? Since OpenUI5/SAPUI5 1.120, the framework supports the integration of any Web Components. This makes it possible, for example, to natively embed own Web Components of your design system which are created with Stencil. The integration embeds the Web Components in a way that they can be used naturally in XMLViews, like with standard UI5 controls, and can be bound with data binding. Learn how you can also make use of the Web Components base class in OpenUI5/SAPUI5 to also integrate your Web Components and get inspired by the solution to generate a custom UI5 library providing the Web Components control wrappers for the native ones.
Consistent toolbox talks are critical for maintaining workplace safety, as they provide regular opportunities to address specific hazards and reinforce safe practices.
These brief, focused sessions ensure that safety is a continual conversation rather than a one-time event, which helps keep safety protocols fresh in employees' minds. Studies have shown that shorter, more frequent training sessions are more effective for retention and behavior change compared to longer, infrequent sessions.
Engaging workers regularly, toolbox talks promote a culture of safety, empower employees to voice concerns, and ultimately reduce the likelihood of accidents and injuries on site.
The traditional method of conducting safety talks with paper documents and lengthy meetings is not only time-consuming but also less effective. Manual tracking of attendance and compliance is prone to errors and inconsistencies, leading to gaps in safety communication and potential non-compliance with OSHA regulations. Switching to a digital solution like Safelyio offers significant advantages.
Safelyio automates the delivery and documentation of safety talks, ensuring consistency and accessibility. The microlearning approach breaks down complex safety protocols into manageable, bite-sized pieces, making it easier for employees to absorb and retain information.
This method minimizes disruptions to work schedules, eliminates the hassle of paperwork, and ensures that all safety communications are tracked and recorded accurately. Ultimately, using a digital platform like Safelyio enhances engagement, compliance, and overall safety performance on site. https://safelyio.com/
Measures in SQL (SIGMOD 2024, Santiago, Chile)Julian Hyde
SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries.
SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL.
To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context.
A talk at SIGMOD, June 9–15, 2024, Santiago, Chile
Authors: Julian Hyde (Google) and John Fremlin (Google)
https://doi.org/10.1145/3626246.3653374
Mobile App Development Company In Noida | Drona InfotechDrona Infotech
Drona Infotech is a premier mobile app development company in Noida, providing cutting-edge solutions for businesses.
Visit Us For : https://www.dronainfotech.com/mobile-application-development/
Unveiling the Advantages of Agile Software Development.pdfbrainerhub1
Learn about Agile Software Development's advantages. Simplify your workflow to spur quicker innovation. Jump right in! We have also discussed the advantages.
Microservice Teams - How the cloud changes the way we workSven Peters
A lot of technical challenges and complexity come with building a cloud-native and distributed architecture. The way we develop backend software has fundamentally changed in the last ten years. Managing a microservices architecture demands a lot of us to ensure observability and operational resiliency. But did you also change the way you run your development teams?
Sven will talk about Atlassian’s journey from a monolith to a multi-tenanted architecture and how it affected the way the engineering teams work. You will learn how we shifted to service ownership, moved to more autonomous teams (and its challenges), and established platform and enablement teams.
Most important New features of Oracle 23c for DBAs and Developers. You can get more idea from my youtube channel video from https://youtu.be/XvL5WtaC20A
Malibou Pitch Deck For Its €3M Seed Roundsjcobrien
French start-up Malibou raised a €3 million Seed Round to develop its payroll and human resources
management platform for VSEs and SMEs. The financing round was led by investors Breega, Y Combinator, and FCVC.
Liberarsi dai framework con i Web Component.pptxMassimo Artizzu
In Italian
Presentazione sulle feature e l'utilizzo dei Web Component nell sviluppo di pagine e applicazioni web. Racconto delle ragioni storiche dell'avvento dei Web Component. Evidenziazione dei vantaggi e delle sfide poste, indicazione delle best practices, con particolare accento sulla possibilità di usare web component per facilitare la migrazione delle proprie applicazioni verso nuovi stack tecnologici.
E-commerce Development Services- Hornet DynamicsHornet Dynamics
For any business hoping to succeed in the digital age, having a strong online presence is crucial. We offer Ecommerce Development Services that are customized according to your business requirements and client preferences, enabling you to create a dynamic, safe, and user-friendly online store.
14. FRU Temp.
sensor
…
Chassis board
14
Aufbau
Motherboard
private mgmt. busses
Processor
board
Memory
board
Zugriff mit
Benutzername
& Passwort
Baseboard
Management
Controller
(BMC)
System bus
NVS Storage
SDR
SEL
FRU
Chassis
mgmt.
(Satellite
Controller)
Sensors & Controls
Fan sensor
Temp. sensor
Power control
Reset control
…
FRU
Temp. s.
FRU
IPMB
LAN
interface
Serial
Port
Sharing
M/B
Serial
Controller
BMC
Serial
Controller
Serial/Modem
interface
Serial
Connector
LAN
Connector
PCI mgmt. bus
Network
(LAN)
Controller
Remote Mmgt. Card
(KVM over IP, ...)
Auxillary
IPMB Connector
ICMB
ICMB
bridge
System
interface
Redundant Power
board
FRU
Zugriff mit
root Rechten
15. 15
IPMI Sensor Klassen
Discrete (True/False) Threshold (Schwellwerte)
Mehrere Zustände möglich:
● bis zu 15 Status möglich
● jeder Status = 1 Bit
● mehrere aktive Statusbits möglich
Zustand abhängig von:
● Vergleich analoger Messert mit dem
Schwellwerten (Thresholds)
Liefert:
● allgemeine Zustände
● Sensor-spezifische Zustände
Liefert:
● analogen Messwert
● diskreten Status
Ähnliche Klasse OEM
● Bedeutung der Zustände werden
vom OEM definiert
16. 16
IPMI Sensor Klassen
Discrete Threshold
[root@test ~]# ipmitool sdr get "PS2 Status"
Sensor ID : PS2 Status (0x71)
Entity ID : 10.2 (Power Supply)
Sensor Type (Discrete): Power Supply
States Asserted : Power Supply
[Presence detected]
[Power Supply AC
lost]
Assertion Events : Power Supply
[Presence detected]
[Power Supply AC
lost]
Assertions Enabled : Power Supply
[Presence detected]
[Failure detected]
[Predictive failure]
[Power Supply AC
lost]
[...]
Deassertions Enabled : Power Supply
[...]
[root@test ~]# ipmitool sdr get "Fan 1"
Sensor ID : Fan 1 (0x50)
Entity ID : 29.1 (Fan
Device)
Sensor Type (Analog) : Fan
Sensor Reading : 5719 (+/0)
RPM
Status : ok
Nominal Reading : 6708.000
Normal Minimum : 2451.000
Normal Maximum : 10965.000
Lower critical : 1720.000
Lower noncritical
: 1978.000
Positive Hysteresis : 86.000
Negative Hysteresis : 86.000
Minimum sensor range : Unspecified
Maximum sensor range : Unspecified
Event Message Control : Perthreshold
Readable Thresholds : lcr lnc
Settable Thresholds : lcr lnc
Threshold Read Mask : lcr lnc
Assertion Events :
Assertions Enabled : lnclcrDeassertions
Enabled : lnclcr
17. $ sudo ipmisensors
outputsensorstate
interpretoemdata
Password:
ID | Name | Type | State | Reading | Units | Event
4 | System Temp | Temperature | Nominal | 27.00 | C | 'OK'
71 | Peripheral Temp | Temperature | Nominal | 35.00 | C | 'OK'
138 | CPU Temp | OEM Reserved | Nominal | N/A | N/A | 'Low'
205 | FAN 1 | Fan | Nominal | 1800.00 | RPM | 'OK'
… 942 | VBAT | Voltage | Nominal | 3.15 | V | 'OK'
1009 | VSB | Voltage | Nominal | 3.34 | V | 'OK'
1076 | AVCC | Voltage | Nominal | 3.38 | V | 'OK'
1143 | Chassis Intru | Physical Security | Critical | N/A | N/A | 'Gen...'
17
IPMI Sensoren OK
Critical
20. 20
IPMI Plugin
#!/usr/bin/perl
# check_ipmi_sensor: Nagios/Icinga plugin to check IPMI sensors
##
Copyright (C) 20092014
ThomasKrenn.
AG,
# additional contributors see changelog.txt
##
This program is free software; you can redistribute it and/or modify it under
[…]
Version 3.5 20141031
* Fix LAN Driver if called on localhost
Version 3.4 20140929
* Fix implicit array warning with split
* Add option to disable LAN protocol version 2.0
Version 3.3 20140606
* Print a warning if ipmisensors
only returned a single output row
* Ignore sudo errors and warnings in IPMI command output
(Thanks to Robert Heinzmann for contributing)
* Use LAN protocol version 2.0 per default
* Print empty output error only if return code was 0
* Exit the plugin with return code 3 if fru command fails
* Added an include list option to only include specific sensors
Version 3.2 20131028
* Added FRU serial number to output
29. 29
IPMI Firmware by ATEN / AMI
_ Mainboard-Hersteller
passen Firmware an
_ OS = Embedded Linux
_ IPMI Firmware Teile
Closed-Source
30. Wir empfehlen administrative Zugänge
wie IPMI- aber auch etwa SSH-Dienste
nicht offen im Internet zu betreiben,
30
sondern mittels Firewall/VPN den
Zugriff auf solche Dienste
ausschließlich berechtigten Personen
zu ermöglichen.
35. 35
#2 – User Management
sjfaiklaz afjhuijoh
Administrator
User
36. In short, the authentication process for IPMI 2.0 mandates
that the server send a salted SHA1 or MD5 hash of the
requested user's password to the client, prior to the client
authenticating.
36
#2 – User Management
A Penetration Tester's Guide to IPMI and BMCs (rapid7.com)
msf > use auxiliary/scanner/ipmi/ipmi_dumphashes
msf auxiliary(ipmi_dumphashes) > set RHOSTS 10.1.102.141
RHOSTS => 10.1.102.141
msf auxiliary(ipmi_dumphashes) > set THREADS 128
THREADS => 128
msf auxiliary(ipmi_dumphashes) > run
[+] 10.1.102.141:623 - IPMI - Hash found:
admin:14667523250000004ec525d3852f4fa73c93b674788217fe00000000000000
00000000000000000000000000000000000000000000000000140561646d696e:2c7
6e372d89ac7cd4e3bfecb423962f708d0741c
55. 55
root@debiantest:~#
storcli64
Storage Command Line Tool Ver 1.13.06 Sep 03, 2014
(c)Copyright 2014, LSI Corporation, All Rights Reserved.
help lists
all the commands with their usage. E.g. storcli help
<command> help gives
details about a particular command. E.g. storcli add help
List of commands:
Commands Description
add
Adds/creates a new element to controller like VD,Spare..etc
delete Deletes an element like VD,Spare
show Displays information about an element
set Set a particular value to a property
get Get a particular value to a property
compare Compares particular value to a property
start Start background operation
stop Stop background operation
pause Pause background operation
resume Resume background operation
download Downloads file to given device
expand expands size of given drive
insert inserts new drive for missing
transform downgrades the controller
/cx Controller specific commands
/ex Enclosure specific commands
/sx Slot/PD specific commands
/vx Virtual drive specific commands
/dx Disk group specific commands
/fall Foreign configuration specific commands
/px Phy specific commands
/[bbu|cv] Battery Backup Unit, Cachevault commands
56. $ /usr/lib/nagios/plugins/check_lsi_raid vv
Warning (LD Warn) [c0/v0_Consist = Warning (No)]|
CV_Temperature=22;70;85 ROC_Temperature=57;80;90
c0/e252/s0_Drive_Temperature=21;40;45
c0/e252/s1_Drive_Temperature=21;40;45
Used storcli commands:
/
usr/bin/sudo /usr/sbin/storcli64 /c0 /cv show status
/
usr/bin/sudo /usr/sbin/storcli64 adpallinfo a0
/
usr/bin/sudo /usr/sbin/storcli64 /c0/vall show all
/
usr/bin/sudo /usr/sbin/storcli64 /c0/vall show init
/
usr/bin/sudo /usr/sbin/storcli64 /c0/eall/sall show all
/
usr/bin/sudo /usr/sbin/storcli64 /c0/eall/sall show initialization
/
usr/bin/sudo /usr/sbin/storcli64 /c0/eall/sall show rebuild
Warning sensors:
c0/
v0_Consist (No)
56
check_lsi_raid
57. Warum adpallinfo a0?
„storcli /0 show all …
blocks the whole raid card
i/o for … upto ~4 seconds“
57
58. Warum adpallinfo a0?
„storcli /0 show all …
blocks the whole raid card
i/o for … upto ~4 seconds“
58
59. 59
check_lsi_raid
$ /usr/lib/nagios/plugins/check_lsi_raid h
check_lsi_raid: Nagios/Icinga plugin to check LSI Raid Controller status
Pulgin version: 2.0
Copyright (C) 20132014
ThomasKrenn.
AG
Current updates available at
http://git.thomaskrenn.
com/check_lsi_raid.git
This Nagios/Icinga Plugin checks LSI RAID controllers for controller,
physical device, logical device, BBU and CV warnings and errors.
In order for this plugin to work properly you need to add the nagios
user to your sudoers file (or create a new one in /etc/sudoers.d/).
Usage:
[ h
| help
]
Display this help page
[ v
| vv
| vvv
| verbose
]
Sets the verbosity level.
No v
is the normal single line output for Nagios/Icinga, v
is a
more detailed version but still usable in Nagios. vv
is a
multiline output for debugging configuration errors or more
detailed information. vvv
is for plugin problem diagnosis.
For further information please visit:
http://nagiosplug.sourceforge.net/developerguidelines.
html#AEN39
[ V
version
]
Displays the plugin and, if available, the version if StorCLI.
[ C
<num> | controller
<num> ]
Specifies a controller number, defaults to 0.
...
64. 64
$ sudo arcconf
| UCLI | Adaptec by PMC uniform command line interface
| UCLI | Version 1.6 (B21062)
| UCLI | (C) Adaptec by PMC 20032014
| UCLI | All Rights Reserved
ATAPASSWORD | setting password on a physical drive
COPYBACK | toggles controller copy back mode
CREATE | creates a logical device
CONSISTENCYCHECK | toggles the controller background consistency check mode
DELETE | deletes one or more logical devices
ERRORTUNABLE | sets error tunable profiles on the controller
EXPANDERLIST | Lists the Expanders Connected to the Controller
EXPANDERUPGRADE | updates expander firmware
FAILOVER | toggles the controller automatic failover mode
GETCONFIG | prints controller information
GETLOGS | gets controller log information
GETPERFORM | gets the parameters for a performance mode
GETSMARTSTATS | gets the SMART statistics
GETSTATUS | displays the status of running tasks
GETVERSION | prints version information for all controllers
IDENTIFY | blinks LEDS on device(s) connected to a controller
IMAGEUPDATE | update physical device firmware
KEY | installs a Feature Key onto a controller
MODIFY | performs RAID Level Migration or Online Capacity Expansion
PHYERRORLOG | displays PHY error logs for controller or device or an
| expander PHY
PRESERVECACHE | changes the cache preservation settings on the controller
RESCAN | checks for new or removed drives
RESETSTATISTICSCOUNTERS | resets the controller statistics counters
ROMUPDATE | updates controller firmware
SAVESUPPORTARCHIVE | saves the support archive
SETALARM | controls the controller alarm, if present
...
65. check_adaptec_raid Update
$ ./check_adaptec_raid p
/usr/sbin/arcconf
AACRAID CRITICAL (Ctrl #1): [ZMM critical]
$ ./check_adaptec_raid h
ThomasKrenn
Adaptec Raid Controller Nagios/Icinga Plugin Version: 1.0
Copyright (C) 20092013
ThomasKrenn.
AG
Current updates available via git at:
65
http://git.thomaskrenn.
com/check_adaptec_raid.git
This Nagios/Icinga Plugin checks ADAPTEC RAIDControllers
for Controller,
PhysicalDevice
and Logical Device warnings and errors.
In order for this plugin to work properly you need to add the
nagiosuser
to your sudoers file (or create a new one in /etc/sudoers.d/).
This is required as arcconf must be called with sudo permissions.
Usage:
[ C
<Controller number> ] [ LD
<Logical device number> ]
[ PD
<Physical device number> ] [ T
<Warning Temp., Crit. Temp.> ]
[ h
| help
]
Display this help page
[ v
| vv
| vvv
| verbose
]
Sets the verbosity level
no v
single line output for Nagios/Icinga
v
single line with more details
...
geplant
(2015)
66. VMware? → CIM Provider erwartet
_ aktuell:
66
_ „CIM Provider“ für remote arcconf
_ Adaptec MSM in einer VM
_ künftig:
_ „echter“ CIM Provider
76. ja cool, aber was ist mit RAID Controllern?
...
[d|
device
<path to device being checked>]
Specify the device being monitored. If multiple devices should be
checked provide the 'd'
option multiple times.
E.g. 'd
/dev/sda d
/dev/sdb'
For devices behind LSI RAID controllers specify 'megaraid' and then the
device number, e.g. 'd
megaraid6'. Use storcli to find out the
corresponding device numbers.
For devices behind Adaptec RAID controllers specify '/dev/sg<X>' where
<X> is the number for your device. Use e.g. sg_scan to find the device.
You must also use 'O
sat' or 'O
scsi' according to the device
interface. This are extra options only necessary for '/dev/sg<X>'
devices.
76
...
77. ja cool, aber was ist mit RAID Controllern?
$ /usr/lib/nagios/plugins/check_smart_attributes
> d
megaraid6
> dbj
/etc/nagiosplugins/
config/check_smartdb.json
OK (megaraid6) |
megaraid6_Temperature_Internal=26
megaraid6_Media_Wearout_Indicator=100;16;6
megaraid6_Host_Writes_32MiB=70283
megaraid6_Host_Reads_32MiB=1650800
$ /usr/lib/nagios/plugins/check_smart_attributes
> d
megaraid7
> dbj
/etc/nagiosplugins/
config/check_smartdb.json
Warning (megaraid7) [megaraid7_CRC_Error_Count = Warning]|
megaraid7_Temperature_Internal=34
megaraid7_Media_Wearout_Indicator=098;16;6
megaraid7_Host_Writes_32MiB=189904
megaraid7_Host_Reads_32MiB=29658
77
80. NVIDIA: „angezeigte
Lüfterdrehzahl lässt nicht
darauf schließen, ob sich der
Lüfter tatsächlich dreht.“
80
„es ist jene Drehzahl, mit der der Lüfter-Algorithmus versucht den Lüfter zu betreiben.“
wir empfehlen:
„Temperatursensor“
81. 81
Plugins - Future
_ Überwachung von
FW-Versionen
_ RAID Consistency
Checks
_ Temperatur von
10GBit NICs
(siehe Intel X540 FAQs)
83. 83
Relax ...
_ alle Plugins unter git.thomas-krenn.com
_ alle Plugins erfüllen
Plugin Developer Guidelines (-h für Hilfe)
_ „Plugin Entwicklung für Einsteiger“
von Alexander Wirt heute um 14:15h