This document provides an introduction to secure boot. It begins with an overview of the topics to be covered, including attack surfaces, attack types, and basic defenses for embedded devices. It then describes the typical boot chain process, including the roles of the ROM bootloader, SPL, main bootloader, OS kernel, and initramfs. Finally, it discusses the basic chain of trust for secure boot and compares it to the PC bootchain, noting some vulnerabilities in the basic secure bootchain model.
Halvar Flake: Why Johnny can’t tell if he is compromisedArea41
This document discusses the difficulty of determining if a computer system is compromised. It outlines several checks that could be done to verify control, such as verifying signatures on software binaries, firmware, and scripts. However, it finds that all of these checks ultimately fail due to issues like a lack of transparency, lack of standardization, and the potential for signing keys to be stolen without detection. It argues that fundamental changes are needed to infrastructure and practices to enable determining control, such as reducing the number of trusted code signing authorities, increasing transparency in software updates and signing processes, and reducing opacity in firmware and coprocessors.
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...The Linux Foundation
The EFI secure boot is a protocol to verify authenticity of loaded and executed PE binary. Usually it is a second stage bootloader, e.g. GRUB2, or an OS kernel. The shim is an extension to the EFI secure boot which makes whole authentication process more flexible. The presentation will deal with the most important aspects of EFI secure boot and shim. Additionally, it will discuss how Xen hypervisor boot process can be protected with EFI secure boot and shim. However, this does not mean that everything is done and work out of the box. So, in the end it will be shown what is done to make EFI secure boot and shim usable when you boot Xen using GRUB2.
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...CODE BLUE
A Security Barrier Device protects PC and other control devices by relaying every port between the motherboard and the peripherals. The SBD is totally transparent from the PC and can be installed regardless of OS or application. At this presentation I will discuss the storage securing function achieved by the SBD relaying the SATA port.
The SBD has a security information disk only accessible to itself where it stores the access privilege information of the original disk in the PC. When the PC issues a data access request to the original disk, the SBD will reference the access privileges of that particular sector, if the sector is read-deny then returns dummy data of 0 , if the sector is write-deny then it won’t write to that sector. The SBD not only allows for sector based protection but also a file based protection. In case of a file write-deny, there were some issues with the disc related cache in memory not being synchronised or the pointer’s position to the file in regards to its directory being shifted , but I will show how it was solved.
I will also talk about the fact that a SBD is an effective protection against any malware that attempts to manipulate the boot data sector or system files, once it detects any access right violations it can shutdown the ethernet port remotely and thwart the spreading of malware.
Kenji Toda
At the National Institute of Advanced Industrial Science and Technology conducted research and development of 30 Gbps intrusion detection systems , 60 Gbps URL filtering systems and or network devices testing equipment for such systems. Currently co-developing security barrier devices with the Research and Development Control System Security Center. (Presented at international conferences regarding MST and real-time systems)
http://codeblue.jp/en-speaker.html#KenjiToda
This document discusses the history and evolution of bootkits from legacy BIOS to UEFI environments. It describes various bootkit techniques used in BIOS and UEFI, including MBR/VBR modification, hidden file systems, and replacing bootloaders. It also covers attacks against secure boot and forensic tools for analyzing firmware like HiddenFsReader and CHIPSEC.
The document discusses using a Trusted Platform Module (TPM) to securely store encryption keys for disk encryption on Linux. It describes configuring TPM to measure and seal an encryption key file using PCR registers. Modifications are made to initramfs and cryptroot scripts to support unsealing the key during boot without user input by using the TPM. While TPM provides secure storage, integrating it with Linux disk encryption requires additional configuration to get the key unsealed and passed to cryptsetup during early boot stages.
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...FFRI, Inc.
In this slide, we introduce the TrustZone of information that has published at this time in relation to ARMv8-M.
It is possible to separate/isolate the security level by adding the security state.
ARMv8-M architecture has a different mechanism than TrustZone to provide traditional ARMv8-A architecture, which is optimized for embedded systems.
This document discusses rootkits and firmware attacks on network devices like firewalls and routers. It analyzes the operating systems, access controls, and integrity measures of various devices from manufacturers like Fortinet, Juniper, Cisco, and Check Point. Many devices have weaknesses like unencrypted firmware, removable storage, and restricted but not eliminated root access. Attacks could target the BIOS, kernel, file system or applications to gain persistent hidden access. Demonstrations show how to rootkit Fortinet and Juniper devices by bypassing signature checks or installing malicious packages. In conclusion, many network devices prioritize functionality over integrity, leaving them vulnerable to supply chain attacks and firmware tampering. Regular integrity checks and secure development practices are recommended for
The document discusses Slimline Open Firmware (SLOF), an open source firmware implementation based on the Open Firmware standard. It provides an overview of SLOF, describing its modular design, platform support, code structure, filesystem structure, PCI probe infrastructure, display device support, and interfaces including the Open Firmware client interface and Runtime Abstraction Services.
Halvar Flake: Why Johnny can’t tell if he is compromisedArea41
This document discusses the difficulty of determining if a computer system is compromised. It outlines several checks that could be done to verify control, such as verifying signatures on software binaries, firmware, and scripts. However, it finds that all of these checks ultimately fail due to issues like a lack of transparency, lack of standardization, and the potential for signing keys to be stolen without detection. It argues that fundamental changes are needed to infrastructure and practices to enable determining control, such as reducing the number of trusted code signing authorities, increasing transparency in software updates and signing processes, and reducing opacity in firmware and coprocessors.
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...The Linux Foundation
The EFI secure boot is a protocol to verify authenticity of loaded and executed PE binary. Usually it is a second stage bootloader, e.g. GRUB2, or an OS kernel. The shim is an extension to the EFI secure boot which makes whole authentication process more flexible. The presentation will deal with the most important aspects of EFI secure boot and shim. Additionally, it will discuss how Xen hypervisor boot process can be protected with EFI secure boot and shim. However, this does not mean that everything is done and work out of the box. So, in the end it will be shown what is done to make EFI secure boot and shim usable when you boot Xen using GRUB2.
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...CODE BLUE
A Security Barrier Device protects PC and other control devices by relaying every port between the motherboard and the peripherals. The SBD is totally transparent from the PC and can be installed regardless of OS or application. At this presentation I will discuss the storage securing function achieved by the SBD relaying the SATA port.
The SBD has a security information disk only accessible to itself where it stores the access privilege information of the original disk in the PC. When the PC issues a data access request to the original disk, the SBD will reference the access privileges of that particular sector, if the sector is read-deny then returns dummy data of 0 , if the sector is write-deny then it won’t write to that sector. The SBD not only allows for sector based protection but also a file based protection. In case of a file write-deny, there were some issues with the disc related cache in memory not being synchronised or the pointer’s position to the file in regards to its directory being shifted , but I will show how it was solved.
I will also talk about the fact that a SBD is an effective protection against any malware that attempts to manipulate the boot data sector or system files, once it detects any access right violations it can shutdown the ethernet port remotely and thwart the spreading of malware.
Kenji Toda
At the National Institute of Advanced Industrial Science and Technology conducted research and development of 30 Gbps intrusion detection systems , 60 Gbps URL filtering systems and or network devices testing equipment for such systems. Currently co-developing security barrier devices with the Research and Development Control System Security Center. (Presented at international conferences regarding MST and real-time systems)
http://codeblue.jp/en-speaker.html#KenjiToda
This document discusses the history and evolution of bootkits from legacy BIOS to UEFI environments. It describes various bootkit techniques used in BIOS and UEFI, including MBR/VBR modification, hidden file systems, and replacing bootloaders. It also covers attacks against secure boot and forensic tools for analyzing firmware like HiddenFsReader and CHIPSEC.
The document discusses using a Trusted Platform Module (TPM) to securely store encryption keys for disk encryption on Linux. It describes configuring TPM to measure and seal an encryption key file using PCR registers. Modifications are made to initramfs and cryptroot scripts to support unsealing the key during boot without user input by using the TPM. While TPM provides secure storage, integrating it with Linux disk encryption requires additional configuration to get the key unsealed and passed to cryptsetup during early boot stages.
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...FFRI, Inc.
In this slide, we introduce the TrustZone of information that has published at this time in relation to ARMv8-M.
It is possible to separate/isolate the security level by adding the security state.
ARMv8-M architecture has a different mechanism than TrustZone to provide traditional ARMv8-A architecture, which is optimized for embedded systems.
This document discusses rootkits and firmware attacks on network devices like firewalls and routers. It analyzes the operating systems, access controls, and integrity measures of various devices from manufacturers like Fortinet, Juniper, Cisco, and Check Point. Many devices have weaknesses like unencrypted firmware, removable storage, and restricted but not eliminated root access. Attacks could target the BIOS, kernel, file system or applications to gain persistent hidden access. Demonstrations show how to rootkit Fortinet and Juniper devices by bypassing signature checks or installing malicious packages. In conclusion, many network devices prioritize functionality over integrity, leaving them vulnerable to supply chain attacks and firmware tampering. Regular integrity checks and secure development practices are recommended for
The document discusses Slimline Open Firmware (SLOF), an open source firmware implementation based on the Open Firmware standard. It provides an overview of SLOF, describing its modular design, platform support, code structure, filesystem structure, PCI probe infrastructure, display device support, and interfaces including the Open Firmware client interface and Runtime Abstraction Services.
The document summarizes a presentation given by Tomer Teller about the Stuxnet malware. It describes how Stuxnet infected industrial control systems by exploiting Windows vulnerabilities, spreading on removable drives, and ultimately reprogramming PLCs to sabotage Iran's nuclear program. Key infection techniques discussed include exploiting LNK and Print Spooler vulnerabilities, using autorun.inf files and rootkit techniques to propagate, and replacing DLL files to monitor and inject commands to PLCs.
Modern Bootkit Trends: Bypassing Kernel-Mode Signing PolicyAlex Matrosov
The document discusses modern bootkit trends such as bypassing kernel-mode signing policy checks. It describes how bootkits have evolved from user-mode to kernel-mode payloads. Specifically, it outlines techniques used by the Win64/Olmarik and Win64/Rovnix bootkits to bypass code integrity checks by abusing the Windows boot process, modifying the master boot record (MBR) and volume boot record (VBR), and altering the boot configuration data (BCD) to disable signing checks and enable test signing. The document provides details on how Olmarik loads hidden files and patches the MBR to substitute legitimate kernel files and install its kernel-mode driver during the Windows boot process.
The document discusses how modern Intel CPUs contain debugging features like JTAG that could enable hardware trojans if activated. It describes how the Intel Direct Connect Interface allows activating JTAG-like debugging over USB, potentially allowing full system control. It demonstrates activating DCI on a laptop through the UEFI and explains how to detect if DCI is enabled. The document warns that DCI could lead to a "new age of BadUSB" if used maliciously.
This document describes a protocol test generator that uses nested virtual machines and rollback mechanisms to perform exhaustive fuzz testing of protocol implementations. It proposes using a virtual test protocol to encapsulate test packets and control the target virtual machine. Special packets allow taking snapshots of the target VM state and rolling back to previous snapshots to repeatedly test protocol states with different fuzzed packets. The current prototype implements this approach with KVM and QEMU virtual machines to find bugs in TLS/SSL protocol implementations through fuzz testing of the handshake process.
The document discusses trusted execution environments (TEEs) and their importance in mobile security. It describes GlobalPlatform's standardization of the TEE model with a normal world and secure world separated by TrustedZone technology. The TEE provides secure services to client applications in the normal world through a trusted foundation or mobile security technology from vendors like Trusted Logic, TI, Nvidia, and Qualcomm. Examples of secure services include secure storage, cryptography, and implementations of digital rights management (DRM). Netflix is given as an example client application that could leverage TEE security for content protection.
Defeating x64: Modern Trends of Kernel-Mode RootkitsAlex Matrosov
Versions of Microsoft Windows 64 bits were considered resistant against kernel mode rootkits because integrity checks performed by the system code. However, today there are examples of malware that use methods to bypass the security mechanisms Implemented. This presentation focuses on issues x64 acquitectura security, specifically in the signature policies kernel mode code and the techniques used by modern malware to sauté. We analyze the techniques of penetration of the address space of kernel mode rootkits used by modern in-the-wild: - Win64/Olmarik (TDL4) - Win64/TrojanDownloader.Necurs (rootkit dropper) - NSIS / TrojanClicker.Agent.BJ (rootkit dropper) special attention is given to bootkit Win64/Olmarik (TDL4) for being the most prominent example of a kernel mode rootkit aimed at 64-bit Windows systems. Detail the remarkable features of TDL4 over its predecessor (TDL3/TDL3 +): the development of user mode components and kernel mode rootkit techniques used to bypass the HIPS, hidden and system files as bootkit functionality. Finally, we describe possible approaches to the removal of an infected computer and presents a free forensics tool for the dump file system hidden TDL.
This document describes an SDK (Software Development Kit) for firmware development. It outlines the need for an SDK, the software architecture of an SDK including its layering and structure, and the benefits of using an SDK. The SDK provides APIs that abstract low-level hardware details and simplify development. It includes components like drivers, libraries, header files, and sample code to access hardware peripherals. Using an SDK promotes code reuse, reduces development time, and allows for easier upgrades and migration between platforms.
Intel TXT (Trusted eXecution Technology) provides hardware-based security enhancements that establish a trusted computing environment. It integrates new security features into processors, chipsets, and other platform components to measure critical software components at launch and verify they match approved codes before granting execution. This allows establishing an isolated and protected environment to securely migrate workloads between hosts. The technology aims to increase security and protection of sensitive data and systems from malicious software.
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kuniyasu Suzaki
IWSEC2014(The 9th International Workshop on Security 弘前) で"Kernel Memory Protection by an Insertable Hypervisor which has VM Introspection and Stealth Breakpoints"
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3Linaro
LAS16-111: Raspberry Pi3, OP-TEE and JTAG debugging
Speakers:
Date: September 26, 2016
★ Session Description ★
ARM TrustZone is a critical technology for securing IoT devices and systems. But awareness of TrustZone and its benefits lags within the maker community as well as among enterprises. The first step to solving this problem is lowering the cost of access. Sequitur Labs and Linaro have joined forces to address this problem by making a port of OP-TEE available on the Raspberry Pi 3. The presentation covers the value of TrustZone for securing IoT and how customers can learn more through this joint effort.
Embedded systems security remains a challenge for many developers. Awareness of mature, proven technologies such as ARM TrustZone is very low among the Maker community as well as among enterprises. As a result this foundational technology is largely being ignored as a security solution. Sequitur Labs and Linaro have taken an innovative approach combining an Open Source solution – OP-TEE with Raspberry Pi 3. The Raspberry Pi 3 is one of the world’s most popular platforms among device makers. Its value as an educational tool for learning about embedded systems development is proven.
Sequitur Labs have also enabled bare metal debugging via JTag on the Pi 3 enhancing the value of the Pi 3 as an educational tool for embedded systems development.
The presentation will focus on
ARM v8a architecture and instruction set
ARM Trusted Firmware
TrustZone and OP-TEE basics
JTAG and bare metal debugging the Raspberry Pi 3
★ Resources ★
Etherpad: pad.linaro.org/p/las16-111
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-111/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
Trusted computing introduction and technical overviewSajid Marwat
Trusted computing aims to increase confidence in computing platforms by enabling platforms to prove their integrity and identity. The Trusted Computing Group is developing an open standard for a trusted platform module (TPM) that can reliably measure a platform's software state, attest to its identity and properties, and protect confidential data. The TPM acts as a root of trust and provides mechanisms for platform authentication, integrity reporting, and protected storage that enable trust in remote platforms and their expected behavior.
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelThe Linux Foundation
In era of cloud computing, security is becoming more and more critical for customers. In existing HW/SW architecture hypervisor does not protect tenants against the cloud provider and thus the supplied operating system and hardware. Intel Software Guard Extension (SGX) provides a mechanism that addresses this scenario. It aims at protecting user-level software from attacks from other processes, the operating system, and even physical attackers. Intel SGX makes such protection possible through the use of enclave, which is a protected area in userspace application where the code/data cannot be accessed directly by any software from outside. This presentation intends to give you an introduction of Intel SGX technology, including what it is, how it works, and the existing SW stack to enable SGX for customers, followed by introduction of our work to support SGX virtualization in Xen hypervisor, including the high-level design, current status and future plan.
LCU13: An Introduction to ARM Trusted FirmwareLinaro
Resource: LCU13
Name: An Introduction to ARM Trusted Firmware
Date: 28-10-2013
Speaker: Andrew Thoelke
Video: http://www.youtube.com/watch?v=q32BEMMxmfw
"Session ID: HKG18-223
Session Name: HKG18-223 - Trusted Firmware M : Trusted Boot
Speaker: Tamas Ban
Track: LITE
★ Session Summary ★
An overview of the trusted boot concept and firmware update on the ARMv8-M based platform and how MCUBoot acts as a BL2 bootloader for TF-M.
Trusted Firmware M
In October 2017, Arm announced the vision of Platform Security Architecture (PSA) - a common framework to allow everyone in the IoT ecosystem to move forward with stronger, scalable security and greater confidence. There are three key stages to the Platform Security Architecture: Analysis, Architecture and Implementation which are described at https://developer.arm.com/products/architecture/platform-security-architecture.
_Trusted Firmware M, i.e. TF-M, is the Arm project to provide an open source reference implementation firmware that will conform to the PSA specification for M-Class devices. Early access to TF-M was released in December 2017 and it is being made public during Linaro Connect. The implementation should be considered a prototype until the PSA specifications reach release state and the code aligns._
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/hkg18/hkg18-223/
Presentation: http://connect.linaro.org.s3.amazonaws.com/hkg18/presentations/hkg18-223.pdf
Video: http://connect.linaro.org.s3.amazonaws.com/hkg18/videos/hkg18-223.mp4
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2018 (HKG18)
19-23 March 2018
Regal Airport Hotel Hong Kong
---------------------------------------------------
Keyword: LITE
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"
This document proposes a standardized interface for collaborating on power management across operating systems on ARM devices. It suggests defining a set of APIs to handle powering down and up CPUs for idle states, hot plug, secondary boot, and CPU migration. These APIs would take parameters like the affinity level, resume address, and context ID to enable saving and restoring state across OS layers. Implementing this interface with calls like IdlePowerDown, CPUAdd, CPURemove, CPUSwitchIn, and CPUSwitchOut could facilitate collaboration between Linux, hypervisors, and trusted operating systems on power management.
Defeating x64: The Evolution of the TDL RootkitAlex Matrosov
n this presentation we will be discussing the evolution of the notorious rootkit TDL (classified by ESET as Win32/Olmarik and Win64/Olmarik) which in its latest incarnation is the first widespread rootkit to target 64-bit versions of Microsoft Windows operating systems. The most striking features of the rootkit are its ability to bypass Microsoft Windows Driver Signature Checking in order to load its malicious driver, and its implementation of its own hidden encrypted file system, in which to store its malicious components. Between its first appearance on the malware scene and the present its architecture has been drastically changed several times to adapt to new systems and respond to countermeasures introduced by antivirus and HIPS software. In the presentation we will cover the the following topics: the evolution of the user-mode and kernel-mode components of the rootkit; techniques it has used to bypass HIPS; modifications to the hidden file system; bootkit functionality; tne recently introduced ability to infect x64 operating systems; and, finally, approaches to removing the rootkit from an infected system. In addition, we will present our free forensic tool for dumping the hidden rootkit file system.
Secret of Intel Management Engine by Igor SkochinskyCODE BLUE
Intel Management Engine ("ME") is a dedicated microcontroller embedded in all recent Intel motherboard chipsets. It works independently from the main CPU, can be active even when the rest of the system is powered off, and has a dedicated connection to the network interface for out-of-band networking which bypasses the main CPU and the installed OS. It not only performs the management tasks for which it was originally designed, but also implements features such as Intel Identity Protection Technology (IPT), Protected Audio-Video Path, Intel Anti-Theft, Intel TPM, NFC communication and more. There is not much info available about how exactly it works, and this talk aims to fill the gap and describe the low-level details.
Igor Skochinsky
Igor Skochinsky is currently one of the main developers of the world-famous Interactive Disassembler and Hex-Rays Decompiler. Even before joining Hex-Rays in 2008 he had been interested in reverse engineering for a long time and had brief periods of Internet fame after releasing a dumper for DRM-ed iTunes files (QTFairUse6) and hacking the original Amazon Kindle. He spoke previously at Recon, Breakpoint and Hack.LU.
Rloader, alternative tech to achieve fast boot time for ARM Linuxmatt_hsu
There are many approaches to speed up boot time for embedded device. One of the interesting tech is based hibernation. Rloader is based on this kind of tech.
The document summarizes a presentation given by Tomer Teller about the Stuxnet malware. It describes how Stuxnet infected industrial control systems by exploiting Windows vulnerabilities, spreading on removable drives, and ultimately reprogramming PLCs to sabotage Iran's nuclear program. Key infection techniques discussed include exploiting LNK and Print Spooler vulnerabilities, using autorun.inf files and rootkit techniques to propagate, and replacing DLL files to monitor and inject commands to PLCs.
Modern Bootkit Trends: Bypassing Kernel-Mode Signing PolicyAlex Matrosov
The document discusses modern bootkit trends such as bypassing kernel-mode signing policy checks. It describes how bootkits have evolved from user-mode to kernel-mode payloads. Specifically, it outlines techniques used by the Win64/Olmarik and Win64/Rovnix bootkits to bypass code integrity checks by abusing the Windows boot process, modifying the master boot record (MBR) and volume boot record (VBR), and altering the boot configuration data (BCD) to disable signing checks and enable test signing. The document provides details on how Olmarik loads hidden files and patches the MBR to substitute legitimate kernel files and install its kernel-mode driver during the Windows boot process.
The document discusses how modern Intel CPUs contain debugging features like JTAG that could enable hardware trojans if activated. It describes how the Intel Direct Connect Interface allows activating JTAG-like debugging over USB, potentially allowing full system control. It demonstrates activating DCI on a laptop through the UEFI and explains how to detect if DCI is enabled. The document warns that DCI could lead to a "new age of BadUSB" if used maliciously.
This document describes a protocol test generator that uses nested virtual machines and rollback mechanisms to perform exhaustive fuzz testing of protocol implementations. It proposes using a virtual test protocol to encapsulate test packets and control the target virtual machine. Special packets allow taking snapshots of the target VM state and rolling back to previous snapshots to repeatedly test protocol states with different fuzzed packets. The current prototype implements this approach with KVM and QEMU virtual machines to find bugs in TLS/SSL protocol implementations through fuzz testing of the handshake process.
The document discusses trusted execution environments (TEEs) and their importance in mobile security. It describes GlobalPlatform's standardization of the TEE model with a normal world and secure world separated by TrustedZone technology. The TEE provides secure services to client applications in the normal world through a trusted foundation or mobile security technology from vendors like Trusted Logic, TI, Nvidia, and Qualcomm. Examples of secure services include secure storage, cryptography, and implementations of digital rights management (DRM). Netflix is given as an example client application that could leverage TEE security for content protection.
Defeating x64: Modern Trends of Kernel-Mode RootkitsAlex Matrosov
Versions of Microsoft Windows 64 bits were considered resistant against kernel mode rootkits because integrity checks performed by the system code. However, today there are examples of malware that use methods to bypass the security mechanisms Implemented. This presentation focuses on issues x64 acquitectura security, specifically in the signature policies kernel mode code and the techniques used by modern malware to sauté. We analyze the techniques of penetration of the address space of kernel mode rootkits used by modern in-the-wild: - Win64/Olmarik (TDL4) - Win64/TrojanDownloader.Necurs (rootkit dropper) - NSIS / TrojanClicker.Agent.BJ (rootkit dropper) special attention is given to bootkit Win64/Olmarik (TDL4) for being the most prominent example of a kernel mode rootkit aimed at 64-bit Windows systems. Detail the remarkable features of TDL4 over its predecessor (TDL3/TDL3 +): the development of user mode components and kernel mode rootkit techniques used to bypass the HIPS, hidden and system files as bootkit functionality. Finally, we describe possible approaches to the removal of an infected computer and presents a free forensics tool for the dump file system hidden TDL.
This document describes an SDK (Software Development Kit) for firmware development. It outlines the need for an SDK, the software architecture of an SDK including its layering and structure, and the benefits of using an SDK. The SDK provides APIs that abstract low-level hardware details and simplify development. It includes components like drivers, libraries, header files, and sample code to access hardware peripherals. Using an SDK promotes code reuse, reduces development time, and allows for easier upgrades and migration between platforms.
Intel TXT (Trusted eXecution Technology) provides hardware-based security enhancements that establish a trusted computing environment. It integrates new security features into processors, chipsets, and other platform components to measure critical software components at launch and verify they match approved codes before granting execution. This allows establishing an isolated and protected environment to securely migrate workloads between hosts. The technology aims to increase security and protection of sensitive data and systems from malicious software.
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kuniyasu Suzaki
IWSEC2014(The 9th International Workshop on Security 弘前) で"Kernel Memory Protection by an Insertable Hypervisor which has VM Introspection and Stealth Breakpoints"
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3Linaro
LAS16-111: Raspberry Pi3, OP-TEE and JTAG debugging
Speakers:
Date: September 26, 2016
★ Session Description ★
ARM TrustZone is a critical technology for securing IoT devices and systems. But awareness of TrustZone and its benefits lags within the maker community as well as among enterprises. The first step to solving this problem is lowering the cost of access. Sequitur Labs and Linaro have joined forces to address this problem by making a port of OP-TEE available on the Raspberry Pi 3. The presentation covers the value of TrustZone for securing IoT and how customers can learn more through this joint effort.
Embedded systems security remains a challenge for many developers. Awareness of mature, proven technologies such as ARM TrustZone is very low among the Maker community as well as among enterprises. As a result this foundational technology is largely being ignored as a security solution. Sequitur Labs and Linaro have taken an innovative approach combining an Open Source solution – OP-TEE with Raspberry Pi 3. The Raspberry Pi 3 is one of the world’s most popular platforms among device makers. Its value as an educational tool for learning about embedded systems development is proven.
Sequitur Labs have also enabled bare metal debugging via JTag on the Pi 3 enhancing the value of the Pi 3 as an educational tool for embedded systems development.
The presentation will focus on
ARM v8a architecture and instruction set
ARM Trusted Firmware
TrustZone and OP-TEE basics
JTAG and bare metal debugging the Raspberry Pi 3
★ Resources ★
Etherpad: pad.linaro.org/p/las16-111
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-111/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
Trusted computing introduction and technical overviewSajid Marwat
Trusted computing aims to increase confidence in computing platforms by enabling platforms to prove their integrity and identity. The Trusted Computing Group is developing an open standard for a trusted platform module (TPM) that can reliably measure a platform's software state, attest to its identity and properties, and protect confidential data. The TPM acts as a root of trust and provides mechanisms for platform authentication, integrity reporting, and protected storage that enable trust in remote platforms and their expected behavior.
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelThe Linux Foundation
In era of cloud computing, security is becoming more and more critical for customers. In existing HW/SW architecture hypervisor does not protect tenants against the cloud provider and thus the supplied operating system and hardware. Intel Software Guard Extension (SGX) provides a mechanism that addresses this scenario. It aims at protecting user-level software from attacks from other processes, the operating system, and even physical attackers. Intel SGX makes such protection possible through the use of enclave, which is a protected area in userspace application where the code/data cannot be accessed directly by any software from outside. This presentation intends to give you an introduction of Intel SGX technology, including what it is, how it works, and the existing SW stack to enable SGX for customers, followed by introduction of our work to support SGX virtualization in Xen hypervisor, including the high-level design, current status and future plan.
LCU13: An Introduction to ARM Trusted FirmwareLinaro
Resource: LCU13
Name: An Introduction to ARM Trusted Firmware
Date: 28-10-2013
Speaker: Andrew Thoelke
Video: http://www.youtube.com/watch?v=q32BEMMxmfw
"Session ID: HKG18-223
Session Name: HKG18-223 - Trusted Firmware M : Trusted Boot
Speaker: Tamas Ban
Track: LITE
★ Session Summary ★
An overview of the trusted boot concept and firmware update on the ARMv8-M based platform and how MCUBoot acts as a BL2 bootloader for TF-M.
Trusted Firmware M
In October 2017, Arm announced the vision of Platform Security Architecture (PSA) - a common framework to allow everyone in the IoT ecosystem to move forward with stronger, scalable security and greater confidence. There are three key stages to the Platform Security Architecture: Analysis, Architecture and Implementation which are described at https://developer.arm.com/products/architecture/platform-security-architecture.
_Trusted Firmware M, i.e. TF-M, is the Arm project to provide an open source reference implementation firmware that will conform to the PSA specification for M-Class devices. Early access to TF-M was released in December 2017 and it is being made public during Linaro Connect. The implementation should be considered a prototype until the PSA specifications reach release state and the code aligns._
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/hkg18/hkg18-223/
Presentation: http://connect.linaro.org.s3.amazonaws.com/hkg18/presentations/hkg18-223.pdf
Video: http://connect.linaro.org.s3.amazonaws.com/hkg18/videos/hkg18-223.mp4
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2018 (HKG18)
19-23 March 2018
Regal Airport Hotel Hong Kong
---------------------------------------------------
Keyword: LITE
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"
This document proposes a standardized interface for collaborating on power management across operating systems on ARM devices. It suggests defining a set of APIs to handle powering down and up CPUs for idle states, hot plug, secondary boot, and CPU migration. These APIs would take parameters like the affinity level, resume address, and context ID to enable saving and restoring state across OS layers. Implementing this interface with calls like IdlePowerDown, CPUAdd, CPURemove, CPUSwitchIn, and CPUSwitchOut could facilitate collaboration between Linux, hypervisors, and trusted operating systems on power management.
Defeating x64: The Evolution of the TDL RootkitAlex Matrosov
n this presentation we will be discussing the evolution of the notorious rootkit TDL (classified by ESET as Win32/Olmarik and Win64/Olmarik) which in its latest incarnation is the first widespread rootkit to target 64-bit versions of Microsoft Windows operating systems. The most striking features of the rootkit are its ability to bypass Microsoft Windows Driver Signature Checking in order to load its malicious driver, and its implementation of its own hidden encrypted file system, in which to store its malicious components. Between its first appearance on the malware scene and the present its architecture has been drastically changed several times to adapt to new systems and respond to countermeasures introduced by antivirus and HIPS software. In the presentation we will cover the the following topics: the evolution of the user-mode and kernel-mode components of the rootkit; techniques it has used to bypass HIPS; modifications to the hidden file system; bootkit functionality; tne recently introduced ability to infect x64 operating systems; and, finally, approaches to removing the rootkit from an infected system. In addition, we will present our free forensic tool for dumping the hidden rootkit file system.
Secret of Intel Management Engine by Igor SkochinskyCODE BLUE
Intel Management Engine ("ME") is a dedicated microcontroller embedded in all recent Intel motherboard chipsets. It works independently from the main CPU, can be active even when the rest of the system is powered off, and has a dedicated connection to the network interface for out-of-band networking which bypasses the main CPU and the installed OS. It not only performs the management tasks for which it was originally designed, but also implements features such as Intel Identity Protection Technology (IPT), Protected Audio-Video Path, Intel Anti-Theft, Intel TPM, NFC communication and more. There is not much info available about how exactly it works, and this talk aims to fill the gap and describe the low-level details.
Igor Skochinsky
Igor Skochinsky is currently one of the main developers of the world-famous Interactive Disassembler and Hex-Rays Decompiler. Even before joining Hex-Rays in 2008 he had been interested in reverse engineering for a long time and had brief periods of Internet fame after releasing a dumper for DRM-ed iTunes files (QTFairUse6) and hacking the original Amazon Kindle. He spoke previously at Recon, Breakpoint and Hack.LU.
Rloader, alternative tech to achieve fast boot time for ARM Linuxmatt_hsu
There are many approaches to speed up boot time for embedded device. One of the interesting tech is based hibernation. Rloader is based on this kind of tech.
Enabling TPM 2.0 on coreboot based devicesPiotr Król
This talk was presented during European coreboot Conference 2017 in Bochum. In this talk we walk through procedures required for enabling TPM 2.0 using LPC interface. We implemented that support as part of our ongoing maintainances of PC Engines apu series (AMD G-series) platform.
Video is available here: https://youtu.be/Yjb9n5p3giI
The presentation discusses upgrading Linux security with SecureBoot on Ubuntu 18.04 LTS. It covers safety backup prerequisites, enabling SecureBoot, signing third-party kernel drivers, and demonstrates checking SecureBoot settings through listing keys, verifying signatures, and enabling or disabling validation.
Chipsec is an open source framework for assessing platform security. It can be used to find vulnerabilities in system firmware like BIOS, UEFI and Mac EFI. Some examples shown include exploiting S3 resume boot script vulnerabilities to gain persistence, attacking hypervisors via SMM pointers, and checking for issues with MMIO BAR registers. The tool can also detect "problems" like unlocked firmware, missing hardware protections, and analyze real-world malware implants targeting firmware like DerStarke and HackingTeam UEFI rootkits.
The document discusses the booting process of the BeagleBone Black. It begins with an overview of the PC and BeagleBone booting processes. It then covers booting through an SD card, including partitioning and creating a root filesystem. The document introduces bootloaders like U-Boot, describes serial booting, and how to add commands to U-Boot. It provides hands-on examples of bringing up the BeagleBone board from recovery.
Joanna Rutkowska Subverting Vista Kernelguestf1a032
The document discusses techniques for subverting the Windows Vista kernel protection mechanisms and loading unsigned code. It describes:
1) Forcing kernel drivers to page out to the pagefile by allocating large amounts of memory, then modifying the paged out code in the pagefile to inject shellcode without requiring a signature.
2) The concept of an undetectable "Blue Pill" malware that could install itself on-the-fly by exploiting AMD64 SVM virtualization extensions to move the operating system into a virtual machine controlled by a thin hypervisor.
3) Challenges of handling nested virtual machines to prevent detection when the system is already compromised by "Blue Pill" malware.
Have a quick overview of most of the embedded linux components and their details. How ti build Embedded Linux Hardware & Software, and developing Embedded Products
From Linux kernel livepatches to encryption to ASLR to compiler optimizations and configuration hardening, we strive to ensure that Ubuntu 16.04 LTS is the most secure Linux distribution out of the box.
These slides try to briefly explain:
- what we do to secure Ubuntu
- how the underlying technology works
- when the features took effect in Ubuntu
This document discusses bootloaders for embedded systems. It defines a bootloader as the first code executed after a system powers on or resets that is responsible for loading the operating system kernel. The document then describes the tasks of a bootloader like initializing hardware, loading binaries from storage, and providing a shell. It outlines the booting process differences between desktops and embedded systems. Finally, it focuses on the universal bootloader U-Boot, describing its directory structure, configuration, building process, and commands.
Hardware backdooring is practical : slidesMoabi.com
This presentation will demonstrate that permanent backdooring of hardware is practical. We have built a generic proof of concept malware for the intel architecture, Rakshasa, capable of infecting more than a hundred of different motherboards. The first net effect of Rakshasa is to disable NX permanently and remove SMM related fixes from the BIOS, resulting in permanent lowering of the security of the backdoored computer, even after complete earasing of hard disks and reinstallation of a new operating system. We shall also demonstrate that preexisting work on MBR subvertions such as bootkiting and preboot authentication software bruteforce can be embedded in Rakshasa with little effort. More over, Rakshasa is built on top of free software, including the Coreboot project, meaning that most of its source code is already public. This presentation will take a deep dive into Coreboot and hardware components such as the BIOS, CMOS and PIC embedded on the motherboard, before detailing the inner workings of Rakshasa and demo its capabilities. It is hoped to raise awareness of the security community regarding the dangers associated with non open source firmwares shipped with any computer and question their integrity. This shall also result in upgrading the best practices for forensics and post intrusion analysis by including the afore mentioned firmwares as part of their scope of work.
It's a pivotal challenge to update the software in embedded systems due to many restrictions such as unreliable network and power supply, limited bandwidth, harsh environment, etc. This slide aims to provide the background knowledge and the open source tool to achieve the software update in embedded systems.
This document provides a summary of a presentation on securing Citrix environments. The presenter discusses securing physical servers by disabling boot from removable devices, setting BIOS passwords, and enabling the Trusted Platform Module (TPM). They also cover hypervisor hardening for XenServer, including using TrustedGRUB to secure the boot process and enable full disk encryption with TPM. For Windows hypervisors, they discuss using BitLocker encryption and storing recovery keys in Active Directory.
The document describes Vector's Flash Bootloader product, which allows for efficient and reliable reprogramming of ECUs via various bus systems without removing the ECU. It discusses the Flash Bootloader's functions, configuration, availability and optional features like security, fast programming options, bootloader updating, and flashing via XCP during development. The document also briefly introduces Vector's vFlash programming tool.
The document provides an overview of softcore processors, including Xilinx Microblaze, Xilinx Picoblaze, and DUGONG. It discusses what softcore processors are, how they compare to hard cores, and how they typically fit into a design with peripherals connected via buses. Case studies of Microblaze and Picoblaze are presented, focusing on their features, uses, and interfacing. Picoblaze is highlighted as a small but powerful option for control and configuration. DUGONG is presented as a custom softcore designed for interface control and data movement within an FPGA.
Blue Hat IL 2019 - Hardening Secure Boot on Embedded Devices for Hostile Envi...Cristofaro Mune
This talk has been presented at Microsoft BlueHat IL 2019 security conference, by Niek Timmers, Albert Spruyt and Cristofaro Mune.
Secure boot is the fundamental building block of the security implemented in a large variety of devices. From mobile phones, to Internet of Things (IoT) or Electronic Control Units (ECUs) found in modern cars.
In this talk we focus on software and hardware attacks that may be carried on against Secure Boot implementations. We leverage our decade long experience in reviewing and attacking secure boot on embedded devices from different industries
After a brief introduction, an overview of common attack patterns is provided, by discussing real vulnerabilities, exploits and attacks as case studies.
We then discuss two new attacks, not discussed or demonstrated before, with the purpose of bringing new insights.
The first one, takes place before CPU is even started, showing that a larger attack surface than usually explored is available.
This also shows that FI can affect pure HW implementations, with no SW involved.
The second one is an Encrypted Secure Boot bypass, yielding direct code execution. It is performed by using Fault Injection only and with a single glitch.
Contrary to common beliefs, we show that FI-only attacks are possible against an Encrypted Secure Boot implementation, without requiring any encryption key.
This shows that the need of reconsidering FI attacks impact and that encrypting boot stages alone is not a sufficient FI countermeasure.
We also discuss countermeasures and possible mitigations throughout the whole presentation.
With this talk, we hope to bring innovative and fresh material to a topic, which is a cornerstone of modern Product Security.
The presentation at BlueHat IL 2019 featured the live demo of an Encrypted Secure Boot bypass attack.
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
Odoo ERP software
Odoo ERP software, a leading open-source software for Enterprise Resource Planning (ERP) and business management, has recently launched its latest version, Odoo 17 Community Edition. This update introduces a range of new features and enhancements designed to streamline business operations and support growth.
The Odoo Community serves as a cost-free edition within the Odoo suite of ERP systems. Tailored to accommodate the standard needs of business operations, it provides a robust platform suitable for organisations of different sizes and business sectors. Within the Odoo Community Edition, users can access a variety of essential features and services essential for managing day-to-day tasks efficiently.
This blog presents a detailed overview of the features available within the Odoo 17 Community edition, and the differences between Odoo 17 community and enterprise editions, aiming to equip you with the necessary information to make an informed decision about its suitability for your business.
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
8 Best Automated Android App Testing Tool and Framework in 2024.pdfkalichargn70th171
Regarding mobile operating systems, two major players dominate our thoughts: Android and iPhone. With Android leading the market, software development companies are focused on delivering apps compatible with this OS. Ensuring an app's functionality across various Android devices, OS versions, and hardware specifications is critical, making Android app testing essential.
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
Zoom is a comprehensive platform designed to connect individuals and teams efficiently. With its user-friendly interface and powerful features, Zoom has become a go-to solution for virtual communication and collaboration. It offers a range of tools, including virtual meetings, team chat, VoIP phone systems, online whiteboards, and AI companions, to streamline workflows and enhance productivity.
Microservice Teams - How the cloud changes the way we workSven Peters
A lot of technical challenges and complexity come with building a cloud-native and distributed architecture. The way we develop backend software has fundamentally changed in the last ten years. Managing a microservices architecture demands a lot of us to ensure observability and operational resiliency. But did you also change the way you run your development teams?
Sven will talk about Atlassian’s journey from a monolith to a multi-tenanted architecture and how it affected the way the engineering teams work. You will learn how we shifted to service ownership, moved to more autonomous teams (and its challenges), and established platform and enablement teams.
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemPeter Muessig
Learn about the latest innovations in and around OpenUI5/SAPUI5: UI5 Tooling, UI5 linter, UI5 Web Components, Web Components Integration, UI5 2.x, UI5 GenAI.
Recording:
https://www.youtube.com/live/MSdGLG2zLy8?si=INxBHTqkwHhxV5Ta&t=0
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeAftab Hussain
Understanding variable roles in code has been found to be helpful by students
in learning programming -- could variable roles help deep neural models in
performing coding tasks? We do an exploratory study.
- These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia
SOCRadar's Aviation Industry Q1 Incident Report is out now!
The aviation industry has always been a prime target for cybercriminals due to its critical infrastructure and high stakes. In the first quarter of 2024, the sector faced an alarming surge in cybersecurity threats, revealing its vulnerabilities and the relentless sophistication of cyber attackers.
SOCRadar’s Aviation Industry, Quarterly Incident Report, provides an in-depth analysis of these threats, detected and examined through our extensive monitoring of hacker forums, Telegram channels, and dark web platforms.
SMS API Integration in Saudi Arabia| Best SMS API ServiceYara Milbes
Discover the benefits and implementation of SMS API integration in the UAE and Middle East. This comprehensive guide covers the importance of SMS messaging APIs, the advantages of bulk SMS APIs, and real-world case studies. Learn how CEQUENS, a leader in communication solutions, can help your business enhance customer engagement and streamline operations with innovative CPaaS, reliable SMS APIs, and omnichannel solutions, including WhatsApp Business. Perfect for businesses seeking to optimize their communication strategies in the digital age.
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesQuickdice ERP
Explore the seamless transition to e-invoicing with this comprehensive guide tailored for Saudi Arabian businesses. Navigate the process effortlessly with step-by-step instructions designed to streamline implementation and enhance efficiency.
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Tkos secure boot_lecture_20190605
1. Slide 1/43
Introduction to Secure Boot
Jonathan Ben-Avraham
TkOS
June 5, 2019
Revision 0.2
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
2. 1 Preliminaries Slide 2/43
Lecture Overview
1 Preliminaries
Tk Open Systems Ltd
Topics Covered
Embedded Device Attack Surfaces
Attack Types
Security Limitations
Basic Defenses
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
3. 1 Preliminaries 1 Slide 3/43
Tk Open Systems Ltd
Embedded Linux Consulting Company founded in 1996
Oces in Jerusalem (2), Yokneam (1)
21 Employees, 3 contractors, looking to hire new talent
Hundreds of Linux kernel patches contributed, U-Boot,
Buildroot, linux-mtd
Board Support Packages and Board Bring-up
ARM, Intel, Atmel and Xilinx MPSoC
Linux, FreeRTOS, SysGo PikeOS and Greenhills Integrity
DevOps, Linux sysadmin
yba@tkos.co.il
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
4. 1 Preliminaries 2 Slide 4/43
Topics Covered
Attack types and defenses
Description of the bootchain common to most systems
Signicance of an immutable root of trust for secure boot
Description of basic secure boot
Relation of TPM to secure boot
Isolation technologies for protecting the boot environment
Isolation technologies in the run-time environment
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
5. 1 Preliminaries 3 Slide 5/43
Embedded Device Attack Surfaces
Physical attack surface
Embedded devices - consumer, medical, industrial
Communication infrastructure - routers, deployed equipment
Weapons, drones
Logical attack surface
Servers, routers, other physically secure infrastructure
Telephones, laptops
Human attack surface
Security policy, separation of duties, training, controls
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
6. 1 Preliminaries 4 Slide 6/43
Attack Types
Invasive, SoC level
Electron microscope plus Chipjuice, similar tools
Non-invasive, board level
JTAG
Logic analyzer
Side-channel analysis
Network probe or exploit
Human factor attack
spies, corruption, information leakage, self-attack
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
7. 1 Preliminaries 5 Slide 7/43
Security Limitations
Any circuit can be reverse engineered and copied
Any persistent storage can be read unless erased
But data can be hidden or defensively destroyed
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
8. 1 Preliminaries 6 Slide 8/43
Basic Defenses
Hardware level - tamper fuses, anti-tamper memory
components, self-destructive components
Logic level - unique keys per individual device to protect
against class exploits
Human level - security policies, separation of duties, training
and control
For the remainder of this talk about secure boot, We assume
that all of these defenses have been implemented and that the
attack surface is logical at the board level
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
9. 2 Basic Secure Boot Slide 9/43
Lecture Overview
2 Basic Secure Boot
Overview of Basic Secure Boot
Boot Chain
Typical Embedded Bootchain
ROM Bootloader
ROM Bootloader Functions
Second Program Loader (SPL)
Main Bootloader
OS Kernel
Initramfs (Initial RAM Filesystem)
Basic Secure Boot Chain of Trust
Comparison with PC Bootchain
Basic Secure Bootchain Vulnerabilities
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
10. 2 Basic Secure Boot 1 Slide 10/43
Overview of Basic Secure Boot
Bootchain and boot environment
Authentication with digital signatures
Optional encrypting executables
Hardware and software isolation of the boot context
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
11. 2 Basic Secure Boot 2 Slide 11/43
Boot Chain
The boot chain is the set of instructions that device executes
between power-on and application initialization.
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
12. 2 Basic Secure Boot 3 Slide 12/43
Typical Embedded Bootchain
Microcode ROM bootloader, First stage bootloader, Primary
bootloader
SPL, (Second Program Loader) MLO (memory locator) in
TI terminology
Main bootloader - aboot, x-loader, U-Boot, GRUB
OS kernel or hypervisor
Initramfs (initial RAM lesystem)
Root lesystem
Device application code
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
13. 2 Basic Secure Boot 4 Slide 13/43
ROM Bootloader
Installed on the SoC by the vendor but sometimes can be
updated
Size in tens of KB
No user interface - does not assume a serial port is available
Runs from internal SoC NVRAM
Some implementations can be fused OTP (optionally) to make
immutable
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
14. 2 Basic Secure Boot 5 Slide 14/43
ROM Bootloader Functions
Initializes clocks, power supplies and media peripherals
Selects boot media (optional)
Reads SPL le from boot media and loads to SRAM
Veries SPL digital signature (optional)
Decrypts SPL (optional)
Starts SPL execution
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
15. 2 Basic Secure Boot 6 Slide 15/43
Second Program Loader (SPL)
Small enough (typically less than 64KB) to run in SRAM
Resides on internal or external media
Runs from persistent media or SRAM
Initializes just enough hardware (SDRAM at least) to boot the
next stage
Can boot an OS kernel directly (called Falcon mode in
U-Boot)
Highly SoC-specic
Might not even initialize a serial port for console output but
usually does
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
16. 2 Basic Secure Boot 7 Slide 16/43
Main Bootloader
Provides extra boot functionality such as network boot
Typically 200-700 KB size
Runs from SDRAM
Supports a wide range of peripheral devices
Can select kernel, device tree blobs (DTB's), initramfs (initial
RAM lesystem) les
Can have a command line interface
Can be scriptable - can be used to automate software
installation
Can often use SoC crypto engine to verify digital signatures
Not always required or desired, i.e. xed boot conguration
and minimal boot time required
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
17. 2 Basic Secure Boot 8 Slide 17/43
OS Kernel
Re-allocates SDRAM, replacing memory-resident main
bootloader code
Can mount an initramfs or mount a root lesystem directly
Can have encrypted lesystem drivers to mount from
encrypted media
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
18. 2 Basic Secure Boot 9 Slide 18/43
Initramfs (Initial RAM Filesystem)
Typically a small lesystem of 1-5 MB containing a libc of
some type and a shell (command-line) interpreter
Can load additional device driver les (kernel modules)
Can check read-only lesystem signatures or hashes
Can install OTA OS updates
Can mount encrypted root lesystem and transfer control
(switch_root)
Not always required or desired - increases boot time
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
19. 2 Basic Secure Boot 10 Slide 19/43
Basic Secure Boot Chain of Trust
Digital certicates, decryption keys and hashes stored in the
SoC's OTP ash and fused (immutable root of trust)
Boot ROM - fused read-only (immutable) by developer in
production mode
SPL, main bootloader - encrypted and signed, veried by boot
ROM
Kernel and initramfs - encrypted and signed, veried by main
bootloader
Initramfs mounts encrypted root lesystem from media using
encryption key in OTP NVRAM
Root lesystem script checks digital signature of application
le, then executes
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
20. 2 Basic Secure Boot 11 Slide 20/43
Comparison with PC Bootchain
BIOS or UEFI is provided by board vendor
Cannot easily be modied or replaced by developer
Source code is not usually provided
BIOS and UEFI provide equivalent of boot ROM, SPL and
some features of main bootloader
BIOS's do not provide encryption services or immutable data
storage
UEFI provides encryption services, but...
Requires vendor-provided hardware immutability such as Intel
Boot Guard.
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
21. 2 Basic Secure Boot 12 Slide 21/43
Basic Secure Bootchain Vulnerabilities
Basic secure bootchain is actually pretty good, but:
No hardware enforced media isolation
Application programs have access to media containing SPL,
main bootloader and kernel, allowing copying for later analysis
Direct access to TPM or SoC crypto engine
Application programs have direct access to SoC crypto engine
or TPM allowing exploitation of vulnerabilities
Later bootchain crypto keys must be stored in later images
A root lesystem dm_crypt key must be sequestered in the
bootloader, or initramfs
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
22. 3 NXP HABv4 Slide 22/43
Lecture Overview
3 NXP HABv4
NXP HABv4 Overview
Typical HABv4 Use Case
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
23. 3 NXP HABv4 1 Slide 23/43
NXP HABv4 Overview
Provides infrastructure for basic secure boot on i.MX50,
i.MX53, i.MX6, i.MX7 and i.MX8
Uses RSA public key cryptography
Implemented in silicon in the SoC crypto engine IP block
Extends the SoC boot ROM functionality
Provides digital signature checking and decryption functions
for a boot image
Adds from 15 to 25 ms per MB of boot image to boot time
Extends the U-Boot SPL and main bootloader to provide
digital signature checking and decryption
Well documented, provides tools for image signing
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
24. 3 NXP HABv4 2 Slide 24/43
Typical HABv4 Use Case
i.MX6 ROM boot authenticates and decrypts combined boot
image on eMMC boot partition
Encrypted boot image contains SPL, U-Boot and Linux kernel
and initramfs
Initramfs can mount a dm_crypt root lesystem using a
cleartext encryption key
The initramfs switch_roots to the root lesystem
The kernel frees the initramfs memory, destroying the cleartext
dm_crypt key
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
25. 4 Trusted Platform Module Slide 25/43
Lecture Overview
4 Trusted Platform Module
TPM Overview
TPM Functions
TPM Implementations
TPM Summary
Comparison of HABv4 to TPM
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
26. 4 Trusted Platform Module 1 Slide 26/43
TPM Overview
ISO/IEC 11889
A TPM is similar to a USB or parallel-port software license
dongle
Can tie the software on a device to a unique physical
encryption key
Can contain hashes of les or lesystems to verify integrity
Together with external persistent storage provides immutable
root of trust
Contains an unknowable RSA private key (the SRK) for
sub-key encryption
Facilitates per-unit media encryption keys
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
27. 4 Trusted Platform Module 2 Slide 27/43
TPM Functions
Provides a xed set of standardized functions, both at boot
time and afterwards:
Random number generation
Automatic RSA key generation
SHA-1 and SHA-256 hash generation
Hash-based software metrics to detect modied software and
to enforce DRM
Asymmetric (and symmetric in TPM 2.0) encryption functions
External private key encryption using TPM device internal key
(Storage Root Key - SRK)
Often implemented as a surface mount component with SPI
interface
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
28. 4 Trusted Platform Module 3 Slide 28/43
TPM Implementations
TPM can be implemented as:
Discrete chip - often with tamper resistance
Integrated TPM on SoC
Firmware TPM - must be protected by additional means such
as a Trusted Execution Environment
Software - A software TPM can be protected by running in a
virtual machine
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
29. 4 Trusted Platform Module 4 Slide 29/43
TPM Summary
Wide range of vendor discretion in hardware and software
functions an implementation methods.
There is nothing magic about a TPM hardware implementation
Its presence does not in itself provide security
Data encrypted with an SRK is unrecoverable if the TPM is
reset or broken
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
30. 4 Trusted Platform Module 5 Slide 30/43
Comparison of HABv4 to TPM
NXP i.MX crypto engine can store decryption keys (the root of
trust) that the developer generates
But it cannot generate keys by itself
A TPM generates its SRK by itself, internally
But the SRK private key cannot be exported from the TPM,
only the public key is exported
TPM does not store certicates or the root of trust, external
persustent storage is required
HABv4 basic secure boot can use the same private key for
many device units
A TPM-based secure boot uses keys that are unique to each
device
NXP i.MX crypto engine OTP is not designed to store
software metric hashes
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
31. 5 Boot Isolation Slide 31/43
Lecture Overview
5 Boot Isolation
Co-Processor Isolation of Boot Context
ARM TrustZone Design
ARM TrustZone Advantages
Secure Boot using ARM TrustZone
Boot Isolation using a Software Hypervisor
Comparison of ARM TrustZone with Hypervisor Isolation
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
32. 5 Boot Isolation 1 Slide 32/43
Co-Processor Isolation of Boot Context
The boot context is the SPL and main bootloader code, and
optionally the OS kernel and initramfs
Isolation achieved by adding a physical co-processor for boot
loading
The boot co-processor shares the same SDRAM as the main
processor
The boot media is accessible to the co-processor but not to
the main processor
TPM accessible only to co-processor
Examples: AMD Platform Security Processor (PSP),
Qualcomm 8084
Advantages: Complete isolation of boot media from
application environment
Disadvantages: A lot of extra silicon
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
33. 5 Boot Isolation 2 Slide 33/43
Co-processor Boot
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
34. 5 Boot Isolation 3 Slide 34/43
ARM TrustZone Design
A co-processor implemented as a processor mode with banked
CPU registers
Like ARM FIQ mode, but with extensions for bus and memory
access
Like Hyperthreading or hardware virtualization in Intel x86
architecture
Separated bus access mode
Separated SDRAM access mode - 33rd address bit
Available on Cortex-A architectures
Enables creation of a Trusted Execution Environment (TEE)
Implementation is highly SoC designer dependent
Is not itself virtualizable with ARM hardware virtualization -
only one per core
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
35. 5 Boot Isolation 4 Slide 35/43
ARM TrustZone Design
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
36. 5 Boot Isolation 5 Slide 36/43
ARM TrustZone Advantages
Low silicon overhead compared with co-processor
Powerful - can run a general operating system such as Linux -
M4 cannot
Flexible functionality - can be extended after deployment with
trustlets
Can have access to all buses and devices - unlike boot
co-processor
Can monitor the Rich World OS and media continuously
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
37. 5 Boot Isolation 6 Slide 37/43
Secure Boot using ARM TrustZone
Depends on SoC implementation of the TrustZone
Boot ROM starts the CPU in TrustZone mode and boots the
SPL in SRAM
SPL copies the main bootloader, or a trusted OS kernel and
lesystem into SDRAM
The trusted OS copies the application kernel into SDRAM, sets
the program counter and moves the CPU to non-trusted mode
There are now two distinct OS kernels in SDRAM
...and two distinct OS's running on the same CPU core
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
38. 5 Boot Isolation 7 Slide 38/43
Boot Isolation using a Software Hypervisor
The hypervisor code is trusted but constant (not exible as in
TEE)
The hypervisor runs in privileged mode
The application domains run in unprivileged mode
To run in a hypervisor domain, standard OS's such as Linux
must built to support paravirtualization
Major Linux distros provide dual mode kernels
A Linux kernel running as a hypervisor domain (guest) runs in
unprivileged mode
Communication between application domains via hypervisor
message queue only
Hypervisor conguration determines domain peripheral access
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
39. 5 Boot Isolation 8 Slide 39/43
Hypervisor Isolation
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
40. 5 Boot Isolation 9 Slide 40/43
Comparison of ARM TrustZone with Hypervisor Isolation
Hypervisors provide software isolation, TrustZone is
hardware isolation
Hypervisor is CPU-only, does not segregate bus access, so is
open to DMA attacks
Hypervisors can generally be ported to many dierent
non-ARM architectures
A hypervisor can be run as an ARM Rich World OS to provide
a hybrid security model
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
41. 6 Other Isolation Technologies Slide 41/43
Lecture Overview
6 Other Isolation Technologies
Intel Software Guard Extensions (SGX)
SGX Use Case
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
42. 6 Other Isolation Technologies 1 Slide 42/43
Intel Software Guard Extensions (SGX)
CPU Memory Encryption engine (MEE) for on-the-y
encryption and decryption of code and data memory enclaves
Available in both privileged and non-privileged modes
Prevents even privileged code outside the enclave from reading
from the enclave
Writes to persistent storage from enclaves are automatically
encrypted
Designed for user-space application self-defense against
privileged attacks
Code run in enclaves must be signed, to prevent running
malware in an enclave
Allows running an application securely even on a hacked OS
Implementation of crypto functions on the CPU chip prevents
inter-chip bus snoop attacks
Requires a very large amount of silicon
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2
43. 6 Other Isolation Technologies 2 Slide 43/43
SGX Use Case
Proprietary, signed applications are distributed in encrypted
form
A wrapper program creates an enclave for the application code
The wrapper program initiates decryption the proprietary
application inside the enclave
The application runs in the enclave - neither the OS not the
wrapper can see it's code or data
SGX is not supported in Linux yet, although a patch set
available
Intro to Secure Boot Copyright c Tk Open Systems 2019 Revision 0.2