Newsflash

TPM-Fail: Now what?

Responsive image Trusted Platform Modules (TPMs)[1] are used in many (billions? of) desktop/embedded devices, mobile phones and tablets.
Why[2]?

▪ TPMs replace hardware security modules (HSM) and smart cards
▪ TPMs create a chain of trust - e.g. via programmable configuration registers (PCRs)
▪ TPMs protect sealed keys - only avail. to processor if system is healthy
▪ TPMs enable "strong" device identity - private/public key pairs stored in TPM

Now it looks like Trusted Platform Modules (TPMs) aren't so trustworthy after all.
A team of researchers discovered that they could quite easily extract private keys supposedly protected by TPMs made by Intel and STMicroelectronics via so called timing attacks, which they described as TPM-Fail[3].

What are the relevant CVEs and responses from chip manufacturers[3]?

▪ CVE-2019-11090 for Intel fTPM vulnerabilitiesl[4]

Response: INTEL-SA-00241[5]

▪ CVE-2019-16863 for STMicroelectronics TPM chipl[6]

Response: Information on ST's TPM firmware update[7]

[1] https://en.wikipedia.org/wiki/Trusted_Platform_Module
[2] http://blog.onboardsecurity.com/blog/trusted-computing-primary-use-cases
[3] http://tpm.fail/
[4] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11090
[5] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html
[6] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16863
[7] https://www.st.com/content/st_com/en/campaigns/tpm-update.html

Next public Embedded Linux: From Systems Architecture to Real-Time

Embedded Linux: From Systems Architecture to Real-Time

The next public version of

Our in-depth introduction to Embedded GNU/Linux

which will take place on 12th of Sept 2019 in English.

Course Objectives

To provide an understanding of the essentials of embedded GNU/Linux, how the bits and pieces fit together. What components are needed to build an embedded GNU/Linux system, where to get them from and how to configure/build/install them? Where to get help from? What about those software licenses? Hands-on exercises provide you with the necessary practical experience to go ahead and develop your own embedded GNU/Linux systems after completing this training successfully.

Description

This five day training class uses hands-on exercises combined with instruction to illustrate the concepts of embedded GNU/Linux. It is designed to bring you quickly up to speed. The philosophy, concepts and commands necessary to make effective use of GNU/Linux are described through a combination of theory and on-the-job training. Don't reinvent the wheel, but learn from an experienced trainer and take home a working knowledge of GNU/Linux and the ability to use it effectively in your own embedded development project.

For more details check here

Delivered as

public, 5-day training class
Munich/Germany, in English
timezone: (GMT+2)

16 Sep 2019, guaranteed to run

(optionally) Delivered as

In case you can not make it to the live session in Munich, you might want to join remotely (with) possibly limited hands-on experience during the training, but you get all the training material and examples so you can do the excercises on your own.

public/virtual, 5-day training class
virtual, in English
timezone: (GMT+2)

16 Sep 2019, guaranteed to run

Check out our other trainings

If you have any questions, I will be pleased to answer them here.

Regards,

Robert Berger
Embedded Software Specialist

Reliable Embedded Systems -
Robert Berger e.U.
Consulting Training Engineering
https://www.reliableembeddedsystems.com

To stay informed about our FreeRTOS trainings make sure you are subscribed here.
For information about our (Embedded) Linux trainings make sure you are subscribed here.

The 101 of ELF files on Linux: Understanding and Analysis

Responsive image Some of the true craftsmanship in the world we take for granted. One of these things is the common tools on Linux, like ps and ls. Even though the commands might be perceived as simple, there is more to it when looking under the hood. This is where ELF or the Executable and Linkable Format comes in. A file format that used a lot, yet truly understood by only a few. Let’s get this understanding with this introduction tutorial!

Full Story

U-Boot 2018.11 - the Good the Bad and the Ugly

Responsive image Most likely you know "The Good, the Bad and the Ugly Theme by Ennio Morricone".
Let's try to apply this catchy title in reverse order to U-Boot release 2018.11.

The ugly

The mkimage tool, which is part of the U-Boot distribution, is used e.g. to produce the legacy uImage kernel or newer uImage.FIT images. uImage contains a U-Boot header, which is supposed to be backwards compatible to the beginning of time. Well that's the theory. If something changes in a U-Boot release in this U-Boot header your favorite boot loader thinks it loads the wrong image type in case U-Boot and mkimage are built with different U-Boot versions. This is what's the case with U-Boot release 2018.11. So you might want to be careful if you use it. This patch Signed-off-by: Robert Berger restores backwards compatibility.

The bad

Making things worse is this announcement/patch on the U-Boot mailing list, which removes a lot of boards from the next U-Boot release 2019.01 if they are not converted to the Driver Model CONFIG_DM and if they don't use CONFIG_BLK.

arm: Remove s32v234evb board
arm: Remove ls1043ardb_sdcard_SECURE_BOOT board
arm: Remove ls1046ardb_sdcard_SECURE_BOOT board
arm: Remove colibri_imx6_nospl board
arm: Remove guruplug board
arm: Remove sniper board
arm: Remove omap3_zoom1 board
arm: Remove sksimx6 board
arm: Remove tbs2910 board
arm: Remove theadorable_debug board
arm: Remove devkit3250 board
arm: Remove pcm051_rev3 board
arm: Remove ds109 board
arm: Remove pcm058 board
arm: Remove am335x_shc_ict board
arm: Remove vining_2000 board
arm: Remove cm_t43 board
arm: Remove igep00x0 board
arm: Remove sheevaplug board
arm: Remove omap3_overo board
arm: Remove am335x_boneblack board
arm: Remove warp7 board
arm: Remove gwventana_gw5904 board
arm: Remove cairo board
arm: Remove pico-hobbit-imx7d board
arm: Remove mccmon6_sd board
arm: Remove apalis_imx6_nospl_it board
arm: Remove wandboard board
arm: Remove birdland_bav335a board
arm: Remove gurnard board
arm: Remove xpress_spl board
arm: Remove udoo_neo board
arm: Remove nas220 board
arm: Remove am335x_pdu001 board
arm: Remove snapper9260 board
arm: Remove pfla02 board
arm: Remove colibri_pxa270 board
arm: Remove work_92105 board
arm: Remove omap3_pandora board
arm: Remove cl-som-imx7 board
arm: Remove devkit8000 board
arm: Remove pengwyn board
arm: Remove dreamplug board
arm: Remove mx6sabreauto board
arm: Remove imx6q_logic board
arm: Remove zc5202 board
arm: Remove imx6dl_mamoj board
arm: Remove omap3_logic_somlv board
arm: Remove cm_t335 board
arm: Remove liteboard board
arm: Remove am43xx_evm_usbhost_boot board
arm: Remove chiliboard board
arm: Remove am335x_baltos board
arm: Remove kp_imx6q_tpc board
arm: Remove lsxhl board
arm: Remove udoo board
arm: Remove marsboard board
arm: Remove mx6sabresd board
arm: Remove dh_imx6 board
arm: Remove vinco board
arm: Remove ls1021atwr_sdcard_ifc_SECURE_BOOT board
arm: Remove mx6cuboxi board
arm: Remove ot1200 board
arm: Remove socfpga_stratix10 board
arm: Remove am65x_evm_a53 board
arm: Remove ap143 board
arm: Remove ap121 board
arm: Remove imgtec_xilfpga board
arm: Remove socfpga_de0_nano_soc board
arm: Remove clearfog board
arm: Remove socfpga_arria10 board
arm: Remove omap3_beagle board
arm: Remove helios4 board
arm: Remove socfpga_socrates board
arm: Remove socfpga_sr1500 board
arm: Remove ls1021aiot_sdcard board
arm: Remove socfpga_de10_nano board
arm: Remove socfpga_dbm_soc1 board
arm: Remove socfpga_de1_soc board
arm: Remove socfpga_sockit board
arm: Remove dns325 board
arm: Remove socfpga_is1 board
arm: Remove brppt1_mmc board
arm: Remove db-mv784mp-gp board
arm: Remove socfpga_arria5 board
arm: Remove socfpga_vining_fpga board
arm: Remove dra7xx_evm and dra7xx_hs_evm boards

You get the idea ;)
Quite a few of those boards (i.mx6, socfpga, sitara, zynq,...) are still happy members of my test farm running U-Boot 2018.11.

The good

Lets' wait what will happen with future U-Boot releases and ignore "The ugly" and "The bad". "The ugly" is already fixed and "The bad" will hopefully be ignored, so the slaughtering of widely used boards does not take place. We'll see soon.