why open source firmware is important
play

Why open source firmware is important Jessie Frazelle - @jessfraz - PowerPoint PPT Presentation

Oct 30, 2022 •155 likes •783 views

Why open source firmware is important Jessie Frazelle - @jessfraz Points of View 1. Security 2. Usability 3. Visibility First Point of View: Security... Software Software Operating System Kernel Firmware Hardware Software Software

  1. Why open source firmware is important Jessie Frazelle - @jessfraz

  2. Points of View 1. Security 2. Usability 3. Visibility

  3. First Point of View: Security...

  4. Software Software Operating System Kernel Firmware Hardware

  5. Software Software Software Software Hardware

  6. 💪 Software 💪 Software 💪 Software 💪 Software 💪 Hardware

  7. Ring 3: User space Ring 0: Kernel Ring -1: Hypervisor Ring -2: SMM, UEFI kernel Ring -3: Management Engine

  8. The code we don’t know about... Ring -2: SMM, UEFI kernel Ring -3: Management Engine

  9. System Management Mode - Originally used for power management - System hardware control - Proprietary designed code - Place where vendors add new features - Handle system events like memory or chipset errors - ½ kernel Ring -2: SMM, UEFI kernel

  10. UEFI Kernel - Extremely complex - Millions of lines of code - UEFI applications are active after boot - Security from obscurity - A bajillion features, extremely complex Ring -2: SMM, UEFI kernel

  11. Management Engine - Networking management - KVM management - Intel proprietary features - Can reimage your device even if it’s powered off - Can turn on node invisibly - Minux - SO MUCH MORE Ring -3: Management Engine

  13. That’s just one example of a bad attack but if you google you can easily find others...

  15. This is bad.

  16. It gets even worse.

  17. Intel Boot Guard

  18. Adds up to: 2½ other kernels/OSes… - They each have their own networking stacks, web servers (wtf) - The code can modify itself and persist across power cycles and reinstalls Ring -2: SMM, UEFI kernel Ring -3: Management Engine

  19. Adds up to: 2½ other kernels/OSes… - They are all incredibly and unnecessarily complex - THEY ALL HAVE EXPLOITS! Ring -2: SMM, UEFI kernel Ring -3: Management Engine

  20. Second Point of View: Usability...

  22. The results

  26. 29.2% Mentioned Firmware as a Pain Point

  27. So at what scale is firmware a pain?

  29. My hypothesis...

  30. Once you need to deal with the firmware it becomes a pain...

  31. Third Point of View: Visibility...

  32. Conway’s Law

  33. From the perspective of hardware engineers...

  34. “You’d be crazy to think hardware was ever intended to be used for isolating multiple users safely..”

  35. Spectre and Meltdown proved this to be true as well.

  36. From the perspective of firmware and kernel engineers…

  37. They want vendors to make their firmware do less, or give up the control to them.

  38. Vendors can rarely debug firmware issues…

  39. Oversights and lack of communication leads to...

  41. How did no one think about the BMC when building softlayer?

  42. I’ve personally seen these miscommunications happen in the container ecosystem as well...

  44. Miscommunications at various layers of the stack lead to bugs in the intersecting layers, based off incorrect assumptions.

  45. 💪 Software 💪 Software 💪 Software 💪 Software 💪 Hardware

  46. How do we fix these things? 1. Security 2. Usability 3. Visibility

  47. Open Source Firmware

  48. NERF : Non-Extensible Reduced Firmware

  49. NERF Goals - Make firmware less capable of doing harm - Make its actions more visible - Remove all runtime components - With ME we can’t remove all but we can take away the web server and IP stack - Remove UEFI IP stack and other drivers - Remove ME/UEFI self-reflash capability - Let linux manage flash updates

  50. Ring 3: User space Ring 0: Kernel Ring -1: Hypervisor Ring -2: SMM, UEFI kernel Ring -3: Management Engine

  51. Ring 3: User space Ring 0: Kernel Ring -1: Hypervisor Ring -2: SMM, UEFI kernel Ring -3: Management Engine

  52. Ring -1: Hypervisor Ring -2: SMM disabled Reduced UEFI ROM Linux kernel and Minimal userland Ring -3: Minimized Management Engine

  54. linuxboot device drivers, network stack, multi-user/tasking u-boot or coreboot environment silicon and DRAM initialization u-root userspace tools and bootloader, initramfs

  55. Why linux? - Single kernel works for several boards - Already quite vetted and has a lot of eyes on it since it is used quite extensively - Single, open source kernel versus the 2½ other kernels that were all different and most closed off - Improves boot reliability by replacing lightly-tested firmware drivers with hardened Linux drivers.

  56. Other wins - Firmware devs can build in tools they already know - When they need to write logic for signature verification, disk decryption, etc it’s in a language that is modern, easily auditable, maintainable, and readable - Memory safety wins as well since the language can be higher level

  57. Makes boot time 20x faster.

  58. Through open source, visibility, minimalism, and open communication we can push computing to a better, more secure place from the hardware up.

  59. We can’t keep building on top of 💪 . We really need to care about the base we build on.

  60. Huge thanks to the firmware community for all their work on this!

  61. Ron Minnich Trammel Hudson Chris Koch Rick Altherr Zaolin

  62. Thanks for having me!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On this Rock I will build my System Why Open-Source Firmware matters Lucas Stach

On this Rock I will build my System Why Open-Source Firmware matters Lucas Stach

On this Rock I will build my System Why Open-Source Firmware matters Lucas Stach l.stach@pengutronix.de https://www.pengutronix.de About me Member of Pengutronix graphics and kernel team Low-level infrastructure guy Working on

499 views • 18 slides
Make Money With Open Source What is Open Source? Community Free software vs. open source

Make Money With Open Source What is Open Source? Community Free software vs. open source

Make Money With Open Source What is Open Source? Community Free software vs. open source Licenses: GPL vs. LGPL vs. MIT/Apache Foundations: Linux, Apache, Eclipse, Similar: Open Data, Open Hardware, Open Knowledge, ... Advantages of OS

508 views • 13 slides
Open Source Databases Peter Zaitsev, CEO Percona What a Year! Huge changes for Open Source and

Open Source Databases Peter Zaitsev, CEO Percona What a Year! Huge changes for Open Source and

The State of Open Source Databases Peter Zaitsev, CEO Percona What a Year! Huge changes for Open Source and Open Source databases RedHat Acquired by IBM Image Source: https://techcrunch.com/story/ibm-acquires-red-hat/ Open Source

663 views • 29 slides
Effective Validation of Firmware Enabling firmware development and validation to keep pace with

Effective Validation of Firmware Enabling firmware development and validation to keep pace with

Effective Validation of Firmware Enabling firmware development and validation to keep pace with hardware innovations. Tom Melham University of Oxford Problem Firmware today facing greater complexity and shorter schedules coded at low

478 views • 14 slides
Reinventing How America Votes Through Open Source Solutions Deborah Bryant OSU Open Source Lab

Reinventing How America Votes Through Open Source Solutions Deborah Bryant OSU Open Source Lab

Reinventing How America Votes Through Open Source Solutions Deborah Bryant OSU Open Source Lab Joseph Hall Center for Information Technology Policy, Princeton University Gregory Miller Open Source Digital Voting Foundation Visionaries on

942 views • 29 slides
Creating an Open Source Project Thiago Macieira Who am I? Open Source developer for 15 years

Creating an Open Source Project Thiago Macieira Who am I? Open Source developer for 15 years

Creating an Open Source Project Thiago Macieira Who am I? Open Source developer for 15 years Sofuware Architect at Intels Open Source Technology Center (OTC) and Tizen Platgorm Community Manager Maintainer of two modules in the Qt

649 views • 33 slides
1 A Comparison of Open Source Search A Comparison of Open Source Search Engines Engines

1 A Comparison of Open Source Search A Comparison of Open Source Search Engines Engines

Open Source Search Engines Why? Low cost: No licensing fees Source code available for customization Good for modest or even large data sizes Open-Source Search Engines and Challenges: Lucene/Solr Performance, Scalability

347 views • 13 slides
Automating Your Lights with Open Source Combining Open Source Hardware with Free and Open Source

Automating Your Lights with Open Source Combining Open Source Hardware with Free and Open Source

Automating Your Lights with Open Source Combining Open Source Hardware with Free and Open Source Software Leon Anavi Konsulko Group leon.anavi@konsulko.com leon@anavi.org FOSDEM 2018 Agenda Home automation and smart lightning Open

422 views • 30 slides
mITu Skillologies Open Source World http://mitu.co.in Existence of open source There is a

mITu Skillologies Open Source World http://mitu.co.in Existence of open source There is a

mITu Skillologies Open Source World http://mitu.co.in Existence of open source There is a vast increase in adoption of open source software solutions across the private enterprise, government associations and organizations, industries.

581 views • 18 slides
What is open source? Computer software where the source code is distributed under an open

What is open source? Computer software where the source code is distributed under an open

What is open source? Computer software where the source code is distributed under an open source license that allows anyone to study, change, improve and distribute the software. Promotes collaboration Community of developers

878 views • 16 slides
What is open source ? Computer software where the source code is distributed under an open

What is open source ? Computer software where the source code is distributed under an open

What is open source ? Computer software where the source code is distributed under an open source license that allows anyone to study, change, improve and distribute the software. Promotes collaboration Community of developers

462 views • 14 slides
What is open source? Computer sofuware where the source code is distributed under an open

What is open source? Computer sofuware where the source code is distributed under an open

What is open source? Computer sofuware where the source code is distributed under an open source license that allows anyone to study, change, improve and distribute the sofuware. Promotes collaboration Community of developers

439 views • 12 slides
The State of Open Source Databases Peter Zaitsev CEO, Percona October 1 st , 2019 Open Source

The State of Open Source Databases Peter Zaitsev CEO, Percona October 1 st , 2019 Open Source

The State of Open Source Databases Peter Zaitsev CEO, Percona October 1 st , 2019 Open Source Software Amazing times for Open Source Software! Commercial Success Fantastic Success of Open Source Based Businesses! RedHat Acquired by IBM

1.19k views • 52 slides
Open Komodo: An Open Source IDE For Open Languages For Open Languages Own Your IDE Eric

Open Komodo: An Open Source IDE For Open Languages For Open Languages Own Your IDE Eric

Open Komodo: An Open Source IDE For Open Languages For Open Languages Own Your IDE Eric Promislow ActiveState Software Inc. OpenKomodo: Own Your IDE Copenhagen, Denmark April 2, 2008 1 History Perl for Windows Active Python,

820 views • 65 slides
Creating Open Source Electronic Hardware with Open Source Software Tom Anderson Overview

Creating Open Source Electronic Hardware with Open Source Software Tom Anderson Overview

Creating Open Source Electronic Hardware with Open Source Software Tom Anderson Overview Open Source hardware (This is the smallest font) Business model Example circuit, concept -> production Make circuit boards with Open

806 views • 78 slides
1 Version 2: MIT, 1983 Bazaar Model Richard Stallman was Characteristics include

1 Version 2: MIT, 1983 Bazaar Model Richard Stallman was Characteristics include

Open Source Idea? SHARE and the Origins of Open The basic idea behind open source is very simple: When programmers can read, Source Software: 1953-1972 redistribute, and modify the source code for a piece of software, the software evolves.

530 views • 8 slides
Verified Boot and Free Software: Reconciling Freedom and Security Paul Kocialkowski

Verified Boot and Free Software: Reconciling Freedom and Security Paul Kocialkowski

Verified Boot and Free Software: Reconciling Freedom and Security Paul Kocialkowski contact@paulk.fr Monday July 4 th 2016 Introducing Verified Boot and Related Issues Introducing Verified Boot and Related Issues Bootup Process BIOS History

947 views • 39 slides
Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure

Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure

Top 10 Secure Boot mistakes Jasper van Woudenberg (Job de Haas) jasper@riscure.com @jzvw 1 Secure Boot Theory Internal boot ROM 1 st stage boot loader N th stage Verify signature Optional decrypt boot loader OS / Application 2

517 views • 25 slides
Project 1: Bootloader COS 318 Fall 2015 Project 1:

Project 1: Bootloader COS 318 Fall 2015 Project 1:

Project 1: Bootloader COS 318 Fall 2015 Project 1: Schedule Design Review - Monday, 9/28 - 10-min Ime slots from 1:30pm-6:20pm - Write funcIons

731 views • 27 slides
Stoned Bootkit Peter Kleissner Table of Contents 1. Introduction 1. About 2. Technical

Stoned Bootkit Peter Kleissner Table of Contents 1. Introduction 1. About 2. Technical

Stoned Bootkit Peter Kleissner Table of Contents 1. Introduction 1. About 2. Technical Overview 3. Windows Boot Environment 2. Stoned Architecture 1. Plugins 2. Boot Applications 3. Bootkit Installation & Usage 4. General

723 views • 38 slides
SE SECU CURE BO BOOT F FOR F FPGAS HE HEADS HA HARDWARE E AND EM EMBED EDDED ED DESIG

SE SECU CURE BO BOOT F FOR F FPGAS HE HEADS HA HARDWARE E AND EM EMBED EDDED ED DESIG

SE SECU CURE BO BOOT F FOR F FPGAS HE HEADS HA HARDWARE E AND EM EMBED EDDED ED DESIG IGN AND SECURIT ITY LAB Lab Director Fareena Saqib, Assistant Professor Email: fsaqib@uncc.edu Office: EPIC 2164 Phone: 704-687-8098 Wh Why

556 views • 20 slides
Fundraising and Finance November 6, 2019 CAMPAIGN FINANCE COMPLIANCE DISCLAIMER Presentation

Fundraising and Finance November 6, 2019 CAMPAIGN FINANCE COMPLIANCE DISCLAIMER Presentation

Campaign Boot Camp: Fundraising and Finance November 6, 2019 CAMPAIGN FINANCE COMPLIANCE DISCLAIMER Presentation is for educational purposes only and designed for candidates who plan to raise or spend $2,000 or more on their election

984 views • 71 slides
Experiences booting one million virtual machines (and a few tools we developed) Ron Minnich Don

Experiences booting one million virtual machines (and a few tools we developed) Ron Minnich Don

Experiences booting one million virtual machines (and a few tools we developed) Ron Minnich Don Rudish 08961 - Scalable Computing R & D Eurosys 2010 Minnich, Rudish, Gentile, Armstrong, Wylie, Pedretti, Thompson Experiences booting one

692 views • 38 slides
Prak%kum The Bioinforma%cs Lab Week 1: Installing a Linux

Prak%kum The Bioinforma%cs Lab Week 1: Installing a Linux

Prak%kum The Bioinforma%cs Lab Week 1: Installing a Linux OS Stefan Seemayer Boot CD prepara%on Can boot from USB s%ck (on most

68 views • 6 slides

More recommend