Friday, August 31, 2012

Training?

I received this mail recently


From: Anders Amundson [mailto:anders.amundson@techstream.com]
Sent: Thursday, August 23, 2012 1:05 PM
To: Zimmer, Vincent
Subject: UEFI, BIOS, Tiano, and PC Architecture Training

Dear Vincent,

The transition to UEFI is happening fast.

Microsoft’s announcement that new computers shipping with Windows 8 pre-installed must be certified in UEFI mode has made the industry move fast to migrate all platforms to this firmware architecture. Today there are both ARM- and Intel Atom-based smartphones on the market that use UEFI, and in the x86 space products ranging from laptops to high-end servers now expose their UEFI interface.

If you have started porting your products, including development-, testing-, validation-, and integration-tools, as well as your custom pre-OS applications, to run on UEFI you are on your way to take advantage of this migration.

If you still are focused on legacy BIOS, or other boot firmware, it is time to start the migration, and it is getting urgent.

In either case Techstream® can help you get to UEFI faster and easier.

We have the experience: Over the last 15 years, we have delivered hundreds of Tiano, UEFI PI, UEFI architecture, and legacy BIOS courses all over the world, and to virtually all major players in the industry.

Our current firmware-related offerings are:

Tiano and UEFI Architecture. Most UEFI implementations on x86-64, ARM, and Itanium use the highly flexible, modular, and platform independent, architecture defined by the UEFI Forum’s PI (Platform Initialization) Specification, based on the early stages of Intel’s Tiano architecture.

This course takes you through all of the UEFI PI’s and Tiano’s phases and interfaces. For the full outline, please go to www.techstream.com/209.htm.

I think that I'll pass.


Vincent

Sunday, August 26, 2012

One conference down, one to go....

Back fromToorCamp, 2012.   To get a sense of the event, check out the closing video  http://www.youtube.com/watch?v=Q7IeJ0HGK6o.  Here are a few pictures of the camp I snapped on my phone, including the dome in the distance.

The camp site was right next to the beach, too.   Neah Bay is the northwest-most point of the continental US, so the Pacific Ocean formed the back yard for the talk.



The main dome hosted the various talks.   Here's a closer view, including the podium in the back:
I delivered my talk on firmware security on Thursday afternoon.   A link to my foils for
“UEFI Secure Boot and challenges in platform firmware” can be found at https://docs.google.com/open?id=0BxgB4JDywk3MWnM0WmNXMHBTcm8.   The other talks were a mix of information security and the maker movement leading up to my presentation, so I treated my discussion of firmware security alongside a a review of the UDK2010 open source implementation of UEFI Secure Boot and the user controls enabled via Custom Mode on IA32 machines.   Insightful questions both during the talk and with the researchers afterward.

Other interesting talks included Dan Griffin's discussion on TPM's and UEFI, which largely focused on measured boot from the operating system perspective.  This talk was a shortened version of his DEFCON talk 
https://docs.google.com/file/d/0B7n3jaMQDSNCeDJBd2tnRGIxbDA/edit#.    Dan Kaminsky also spoke about all things security, including weaknesses of random number generators http://dankaminsky.com/2012/08/15/dakarand/.  Other interesting perspectives from DanK included how type safe language are not the security panacea since different machine on the network are written in different languages, so all communications must convert data to strings.  And it is in these strings that attacks, injections, and vulnerabilities occur.   Hearing both Seattle Dan's speak alone was worth the trip.

On top of the great info-sec talks, on Friday I had the opportunity to attend a session by George Dyson http://en.wikipedia.org/wiki/George_Dyson_(science_historian) on Project Orion http://en.wikipedia.org/wiki/Project_Orion_(nuclear_propulsion)



And speak with George afterward.
I was as much inspired by his discussions of Orion, my read of his recent book on the history of the computer http://www.amazon.com/Turings-Cathedral-Origins-Digital-Universe/dp/0375422773, and of course, kayaks http://www.amazon.com/Baidarka-Kayak-George-Dyson/dp/088240315X/ref=sr_1_4?s=books&ie=UTF8&qid=1346014068&sr=1-4.   Regrettably, the only hard copy of a book related to  George I brought along to the camp was the book 'about' George and his father Freeman http://en.wikipedia.org/wiki/Freeman_Dyson
But I asked for an autograph anyway.

Overall, I enjoyed having the opportunity to participate in this type of conference.   The spirit of creation, invention and curiosity was infectious and shared by all.   And the accommodations were quite interesting, too.


Next stop is the Intel Developer Forum in San Francisco on September 10.   I suspect that my hotel will be a little further detached from Mother Nature, though.

Cheers

Saturday, August 4, 2012

A recent whitepaper posted and an upcoming talk


A Tour Beyond BIOS into UEFI Secure Boot at the download location http://sourceforge.net/projects/edk2/files/General%20Documentation/A_Tour_Beyond_BIOS_into_UEFI_Secure_Boot_White_Paper.pdf/download was recently posted.    My co-author Lee Rosenbaum and I provide a integrity model for an extensible pre-OS that motivates UEFI Secure Boot



along with a review of the implementation at tianocore.org.   I provide an overview of some of the material in the paper at the toorcamp talk next Thursday near Neah Bay.

Roy Hopkins of Intel/McAfee and I https://intel.activeevents.com/sf12/scheduler/speakers.do will be presenting Intel and McAfee: Hardening and Harnessing the Secure Platform on Tuesday, September 11, at the Intel Developer Forum in San Francisco, CA. The topics will include:

-UEFI and Platform Initialization (PI) security overview
-Hardening the platform and development assurance practices
-Introducing McAfee* Endpoint Encryption
-Value proposition of a secured preboot
-Maintain the chain of trust.

I look forward to meeting people in SF next month.