Newsflash
TPM-Fail: Now what?
Trusted Platform Modules (TPMs)[1] are used in many (billions? of) desktop/embedded devices, mobile phones and tablets.
Why[2]?
- ▪ TPMs replace hardware security modules (HSM) and smart cards
- ▪ TPMs create a chain of trust - e.g. via programmable configuration registers (PCRs)
- ▪ TPMs protect sealed keys - only avail. to processor if system is healthy
- ▪ TPMs enable "strong" device identity - private/public key pairs stored in TPM
What are the relevant CVEs and responses from chip manufacturers[3]?
- ▪ CVE-2019-11090 for Intel fTPM vulnerabilitiesl[4]
- Response: INTEL-SA-00241[5]
- ▪ CVE-2019-16863 for STMicroelectronics TPM chipl[6]
- Response: Information on ST's TPM firmware update[7]
[1] https://en.wikipedia.org/wiki/Trusted_Platform_Module [2] http://blog.onboardsecurity.com/blog/trusted-computing-primary-use-cases [3] http://tpm.fail/ [4] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11090 [5] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html [6] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16863 [7] https://www.st.com/content/st_com/en/campaigns/tpm-update.html
Next public Embedded Linux: From Systems Architecture to Real-Time
|
|
| Embedded Linux: From Systems Architecture to Real-Time |
|
The next public version of Our in-depth introduction to Embedded GNU/Linuxwhich will take place on 12th of Sept 2019 in English.
Course ObjectivesTo provide an understanding of the essentials of embedded GNU/Linux, how the bits and pieces fit together. What components are needed to build an embedded GNU/Linux system, where to get them from and how to configure/build/install them? Where to get help from? What about those software licenses? Hands-on exercises provide you with the necessary practical experience to go ahead and develop your own embedded GNU/Linux systems after completing this training successfully.DescriptionThis five day training class uses hands-on exercises combined with instruction to illustrate the concepts of embedded GNU/Linux. It is designed to bring you quickly up to speed. The philosophy, concepts and commands necessary to make effective use of GNU/Linux are described through a combination of theory and on-the-job training. Don't reinvent the wheel, but learn from an experienced trainer and take home a working knowledge of GNU/Linux and the ability to use it effectively in your own embedded development project.For more details check here Delivered as
(optionally) Delivered asIn case you can not make it to the live session in Munich, you might want to join remotely (with) possibly limited hands-on experience during the training, but you get all the training material and examples so you can do the excercises on your own.
Check out our other trainings
If you have any questions, I will be pleased to answer them here. Regards, Robert Berger To stay informed about our FreeRTOS trainings make sure you are subscribed here. For information about our (Embedded) Linux trainings make sure you are subscribed here. |
The 101 of ELF files on Linux: Understanding and Analysis
Some of the true craftsmanship in the world we take for granted. One of these things is the common tools on Linux, like ps and ls. Even though the commands might be perceived as simple, there is more to it when looking under the hood. This is where
ELF
or the Executable and Linkable Format comes in. A file format that used a lot, yet truly understood by only a few. Let’s get this understanding with this introduction tutorial!
U-Boot 2018.11 - the Good the Bad and the Ugly
Most likely you know "The Good, the Bad and the Ugly Theme by Ennio Morricone".
Let's try to apply this catchy title in reverse order to U-Boot release 2018.11.
The ugly
Themkimage tool, which is part of the U-Boot distribution, is used e.g. to produce the legacy uImage kernel or newer uImage.FIT images. uImage contains a U-Boot header, which is supposed to be backwards compatible to the beginning of time. Well that's the theory. If something changes in a U-Boot release in this U-Boot header your favorite boot loader thinks it loads the wrong image type in case U-Boot and mkimage are built with different U-Boot versions. This is what's the case with U-Boot release 2018.11. So you might want to be careful if you use it.
This patch Signed-off-by: Robert Berger restores backwards compatibility.
The bad
Making things worse is this announcement/patch on the U-Boot mailing list, which removes a lot of boards from the next U-Boot release 2019.01 if they are not converted to the Driver ModelCONFIG_DM and if they don't use CONFIG_BLK.
- arm: Remove s32v234evb board
- arm: Remove ls1043ardb_sdcard_SECURE_BOOT board
- arm: Remove ls1046ardb_sdcard_SECURE_BOOT board
- arm: Remove colibri_imx6_nospl board
- arm: Remove guruplug board
- arm: Remove sniper board
- arm: Remove omap3_zoom1 board
- arm: Remove sksimx6 board
- arm: Remove tbs2910 board
- arm: Remove theadorable_debug board
- arm: Remove devkit3250 board
- arm: Remove pcm051_rev3 board
- arm: Remove ds109 board
- arm: Remove pcm058 board
- arm: Remove am335x_shc_ict board
- arm: Remove vining_2000 board
- arm: Remove cm_t43 board
- arm: Remove igep00x0 board
- arm: Remove sheevaplug board
- arm: Remove omap3_overo board
- arm: Remove am335x_boneblack board
- arm: Remove warp7 board
- arm: Remove gwventana_gw5904 board
- arm: Remove cairo board
- arm: Remove pico-hobbit-imx7d board
- arm: Remove mccmon6_sd board
- arm: Remove apalis_imx6_nospl_it board
- arm: Remove wandboard board
- arm: Remove birdland_bav335a board
- arm: Remove gurnard board
- arm: Remove xpress_spl board
- arm: Remove udoo_neo board
- arm: Remove nas220 board
- arm: Remove am335x_pdu001 board
- arm: Remove snapper9260 board
- arm: Remove pfla02 board
- arm: Remove colibri_pxa270 board
- arm: Remove work_92105 board
- arm: Remove omap3_pandora board
- arm: Remove cl-som-imx7 board
- arm: Remove devkit8000 board
- arm: Remove pengwyn board
- arm: Remove dreamplug board
- arm: Remove mx6sabreauto board
- arm: Remove imx6q_logic board
- arm: Remove zc5202 board
- arm: Remove imx6dl_mamoj board
- arm: Remove omap3_logic_somlv board
- arm: Remove cm_t335 board
- arm: Remove liteboard board
- arm: Remove am43xx_evm_usbhost_boot board
- arm: Remove chiliboard board
- arm: Remove am335x_baltos board
- arm: Remove kp_imx6q_tpc board
- arm: Remove lsxhl board
- arm: Remove udoo board
- arm: Remove marsboard board
- arm: Remove mx6sabresd board
- arm: Remove dh_imx6 board
- arm: Remove vinco board
- arm: Remove ls1021atwr_sdcard_ifc_SECURE_BOOT board
- arm: Remove mx6cuboxi board
- arm: Remove ot1200 board
- arm: Remove socfpga_stratix10 board
- arm: Remove am65x_evm_a53 board
- arm: Remove ap143 board
- arm: Remove ap121 board
- arm: Remove imgtec_xilfpga board
- arm: Remove socfpga_de0_nano_soc board
- arm: Remove clearfog board
- arm: Remove socfpga_arria10 board
- arm: Remove omap3_beagle board
- arm: Remove helios4 board
- arm: Remove socfpga_socrates board
- arm: Remove socfpga_sr1500 board
- arm: Remove ls1021aiot_sdcard board
- arm: Remove socfpga_de10_nano board
- arm: Remove socfpga_dbm_soc1 board
- arm: Remove socfpga_de1_soc board
- arm: Remove socfpga_sockit board
- arm: Remove dns325 board
- arm: Remove socfpga_is1 board
- arm: Remove brppt1_mmc board
- arm: Remove db-mv784mp-gp board
- arm: Remove socfpga_arria5 board
- arm: Remove socfpga_vining_fpga board
- arm: Remove dra7xx_evm and dra7xx_hs_evm boards
Quite a few of those boards (i.mx6, socfpga, sitara, zynq,...) are still happy members of my test farm running U-Boot 2018.11.
The good
Lets' wait what will happen with future U-Boot releases and ignore "The ugly" and "The bad". "The ugly" is already fixed and "The bad" will hopefully be ignored, so the slaughtering of widely used boards does not take place. We'll see soon.Software Security is a Programming Languages Issue
Why teach security in a programming languages course? Doesn’t it belong in, well, a security course?
The 6 Types Of Cyber Attacks To Protect Against In 2018
It’s every system administrator’s worst nightmare. Hackers gain access to your
system, stealing mission-critical information, locking sensitive files, or
leaking proprietary information to the public.
