Newsflash

Newsflash

Responsive image Trusted Platform Modules (TPMs)[1] are used in many (billions? of) desktop/embedded devices, mobile phones and tablets.
Why[2]?

  • ▪ TPMs replace hardware security modules (HSM) and smart cards
  • ▪ TPMs create a chain of trust - e.g. via programmable configuration registers (PCRs)
  • ▪ TPMs protect sealed keys - only avail. to processor if system is healthy
  • ▪ TPMs enable "strong" device identity - private/public key pairs stored in TPM
Now it looks like Trusted Platform Modules (TPMs) aren't so trustworthy after all.
A team of researchers discovered that they could quite easily extract private keys supposedly protected by TPMs made by Intel and STMicroelectronics via so called timing attacks, which they described as TPM-Fail[3].


What are the relevant CVEs and responses from chip manufacturers[3]?

  • ▪ CVE-2019-11090 for Intel fTPM vulnerabilitiesl[4]
    • Response: INTEL-SA-00241[5]
  • ▪ CVE-2019-16863 for STMicroelectronics TPM chipl[6]
    • Response: Information on ST's TPM firmware update[7]

[1] https://en.wikipedia.org/wiki/Trusted_Platform_Module
[2] http://blog.onboardsecurity.com/blog/trusted-computing-primary-use-cases
[3] http://tpm.fail/
[4] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11090
[5] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html
[6] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16863
[7] https://www.st.com/content/st_com/en/campaigns/tpm-update.html

Embedded Linux: From Systems Architecture to Real-Time
Embedded Linux: From Systems Architecture to Real-Time

Responsive image Some of the true craftsmanship in the world we take for granted. One of these things is the common tools on Linux, like ps and ls. Even though the commands might be perceived as simple, there is more to it when looking under the hood. This is where ELF or the Executable and Linkable Format comes in. A file format that used a lot, yet truly understood by only a few. Let’s get this understanding with this introduction tutorial!

Full Story

Responsive image Most likely you know "The Good, the Bad and the Ugly Theme by Ennio Morricone".
Let's try to apply this catchy title in reverse order to U-Boot release 2018.11.

The ugly

The mkimage tool, which is part of the U-Boot distribution, is used e.g. to produce the legacy uImage kernel or newer uImage.FIT images. uImage contains a U-Boot header, which is supposed to be backwards compatible to the beginning of time. Well that's the theory. If something changes in a U-Boot release in this U-Boot header your favorite boot loader thinks it loads the wrong image type in case U-Boot and mkimage are built with different U-Boot versions. This is what's the case with U-Boot release 2018.11. So you might want to be careful if you use it. This patch Signed-off-by: Robert Berger restores backwards compatibility.

The bad

Making things worse is this announcement/patch on the U-Boot mailing list, which removes a lot of boards from the next U-Boot release 2019.01 if they are not converted to the Driver Model CONFIG_DM and if they don't use CONFIG_BLK.
  • arm: Remove s32v234evb board
  • arm: Remove ls1043ardb_sdcard_SECURE_BOOT board
  • arm: Remove ls1046ardb_sdcard_SECURE_BOOT board
  • arm: Remove colibri_imx6_nospl board
  • arm: Remove guruplug board
  • arm: Remove sniper board
  • arm: Remove omap3_zoom1 board
  • arm: Remove sksimx6 board
  • arm: Remove tbs2910 board
  • arm: Remove theadorable_debug board
  • arm: Remove devkit3250 board
  • arm: Remove pcm051_rev3 board
  • arm: Remove ds109 board
  • arm: Remove pcm058 board
  • arm: Remove am335x_shc_ict board
  • arm: Remove vining_2000 board
  • arm: Remove cm_t43 board
  • arm: Remove igep00x0 board
  • arm: Remove sheevaplug board
  • arm: Remove omap3_overo board
  • arm: Remove am335x_boneblack board
  • arm: Remove warp7 board
  • arm: Remove gwventana_gw5904 board
  • arm: Remove cairo board
  • arm: Remove pico-hobbit-imx7d board
  • arm: Remove mccmon6_sd board
  • arm: Remove apalis_imx6_nospl_it board
  • arm: Remove wandboard board
  • arm: Remove birdland_bav335a board
  • arm: Remove gurnard board
  • arm: Remove xpress_spl board
  • arm: Remove udoo_neo board
  • arm: Remove nas220 board
  • arm: Remove am335x_pdu001 board
  • arm: Remove snapper9260 board
  • arm: Remove pfla02 board
  • arm: Remove colibri_pxa270 board
  • arm: Remove work_92105 board
  • arm: Remove omap3_pandora board
  • arm: Remove cl-som-imx7 board
  • arm: Remove devkit8000 board
  • arm: Remove pengwyn board
  • arm: Remove dreamplug board
  • arm: Remove mx6sabreauto board
  • arm: Remove imx6q_logic board
  • arm: Remove zc5202 board
  • arm: Remove imx6dl_mamoj board
  • arm: Remove omap3_logic_somlv board
  • arm: Remove cm_t335 board
  • arm: Remove liteboard board
  • arm: Remove am43xx_evm_usbhost_boot board
  • arm: Remove chiliboard board
  • arm: Remove am335x_baltos board
  • arm: Remove kp_imx6q_tpc board
  • arm: Remove lsxhl board
  • arm: Remove udoo board
  • arm: Remove marsboard board
  • arm: Remove mx6sabresd board
  • arm: Remove dh_imx6 board
  • arm: Remove vinco board
  • arm: Remove ls1021atwr_sdcard_ifc_SECURE_BOOT board
  • arm: Remove mx6cuboxi board
  • arm: Remove ot1200 board
  • arm: Remove socfpga_stratix10 board
  • arm: Remove am65x_evm_a53 board
  • arm: Remove ap143 board
  • arm: Remove ap121 board
  • arm: Remove imgtec_xilfpga board
  • arm: Remove socfpga_de0_nano_soc board
  • arm: Remove clearfog board
  • arm: Remove socfpga_arria10 board
  • arm: Remove omap3_beagle board
  • arm: Remove helios4 board
  • arm: Remove socfpga_socrates board
  • arm: Remove socfpga_sr1500 board
  • arm: Remove ls1021aiot_sdcard board
  • arm: Remove socfpga_de10_nano board
  • arm: Remove socfpga_dbm_soc1 board
  • arm: Remove socfpga_de1_soc board
  • arm: Remove socfpga_sockit board
  • arm: Remove dns325 board
  • arm: Remove socfpga_is1 board
  • arm: Remove brppt1_mmc board
  • arm: Remove db-mv784mp-gp board
  • arm: Remove socfpga_arria5 board
  • arm: Remove socfpga_vining_fpga board
  • arm: Remove dra7xx_evm and dra7xx_hs_evm boards
You get the idea ;)
Quite a few of those boards (i.mx6, socfpga, sitara, zynq,...) are still happy members of my test farm running U-Boot 2018.11.

The good

Lets' wait what will happen with future U-Boot releases and ignore "The ugly" and "The bad". "The ugly" is already fixed and "The bad" will hopefully be ignored, so the slaughtering of widely used boards does not take place. We'll see soon.