Hands on Introduction to ARM Firmware using the 96Boards HiKey

Hands on Introduction to ARM Firmware using the 96Boards HiKey

This ARM Cortex-A53, 8-core, 2GB DDR3, board is amazing! I'm an entry-level ARM security enthusiast and this board feels like the perfect starting place for TrustZone and a secure/verified boot research.

Hikey supports the ARM Trusted Firmware and OP-TEE reference specifications so we can *clone* from Github, compile, and flash rather effortlessly. We can write the secure 'ROM', secure world operating system, and the non-trusted firmware executing in the normal world.

Read More

Minnowboard Max: Quickstart UEFI Secure Boot

Minnowboard Max: Quickstart UEFI Secure Boot

This is the first of a collection of posts related to Intel's Minnowboard MAX development board. It begins with a barebones quick start leading to the simplest UEFI-based secure boot and paves the way towards a Secure Root of Trust Measurement (SRTM), where the "root" is the UEFI platform code.

By the end of the article the Minnowboard MAX will boot a Ubuntu 14.04 operating system using a signed shim bootloader, signed GRUB stage 2 bootloader, and signed Linux 3.xx kernel. The UEFI platform code will not be changed, meaning the out-of-the-box firmware will remain (no flashing), and any kernel modules or Linux executables will remain unsigned and unmeasured. 

Read More

A Compendium to UEFI Hacking

A Compendium to UEFI Hacking

There are quite a few operating/execution environments running below or before an Operating System's kernel. Computer science calls protection domains "Rings" and an Operating system's kernel is called "Ring 0" or "Supervisor mode". Researchers have called the lower-level environments Ring -1 (Hypervisor mode), and Ring -3 ("system management mode"), and they are fairly apt-names. I like to bundle all of these into a scary-but-funny-and-fitting name subzero, dun dun dun!

Intel and the UEFI (Universal Extensible Firmware Interface) forum embody a really awesome subzero concept highlighted in the UEFI acronym-expansion. That is, applying standards to highly-privileged protection domains allows software engineers and vendors to take advantage of each other's development and security improvements. Never-the-less, standards and their implementation-specific variations attract security researches too!!

Read More