Firmware is the new Software
Trammell Hudson
Two Sigma
Secure firmware is the foundation of secure systems. If we want to build slightly more secure systems they will require open, auditable and measured firmware. If we can’t read and audit the firmware code, we can’t reason about what is going on during the critical phases of the boot process; if we can’t modify and reproducibly build the firmware, we can’t fix vulnerabilities or tailor it to our needs; and if the firmware isn’t measured and attested, we can’t be certain that our system hasn’t been tampered with.
LinuxBoot is a way to achieve all three of these properties and makes it possible to replace closed source, proprietary firmware with modern, well-tested and user-extensible code. In this talk I’ll present an overview of LinuxBoot, the Heads firmware, and how they work with moderately secure operating systems like Qubes to maintain a chain of trust from the reset vector to launching user VMs on laptops and servers.
⏭ | |
🔎 | Boot Integrity |
⬇ | Slides |
Source Code
- LinuxBoot
- Heads
- QubesOS
- dm-verity for signed, read-only filesystems
- ME Cleaner
- OpenBMC
- reproducible-builds.org
References
- Minnich, Google — Put SMM handlers in Linux, not coreboot: slides (ECC 2017)
- Minnich, Google — Replace your exploit-ridden firmware with Linux: slides · video (ELCE 2017)
- Matrosov — Who Watch BIOS Watchers: article · video (BlackHat 2017)
- Kollenda & Koppe — Reverse Engineering x86 Processor Microcode: paper · video · slides (2017)
- Google — Titan in depth (2017)
- Fang, Facebook — OpenBMC - A Customized Linux Distribution Running on BMC (ELC 2016 video)
- Rutkowska, Invisible Things Lab — Intel x86 considered harmful: paper · video (2015)
- Bulygin, Intel — Attacking Hypervisors Using Firmware and Hardware: slides · video (2015)
Presenter
- Hudson — 33c3: Bootstrapping slightly more secure systems (2016)