Wednesday, September 26, 2018

East, and further east

Since I last blogged the Open Compute Project Open System workstream https://www.opencompute.org/files/2018OCP-OSF-OpenEDKII-Workstream.pdf has continued to evolve https://docs.google.com/document/d/1DWFdPrZlifSxznirN4r5QemmBEi6-1Fpfy0lac77arQ/edit. Part of the feedback from that community helped inform the decision to liberalize the Intel FSP license, too https://www.phoronix.com/scan.php?page=news_item&px=Intel-Better-FSP-License. A theme here includes trying to ease system development.

A lot of those efforts were driven out of the Seattle area, but I made my first sojourn east to https://www.platformsecuritysummit.com/ for https://www.platformsecuritysummit.com/2018/speaker/zimmer/. I followed the Trammell Hudson's presentation, which is always tough given his presentation prowess. This reminded me of the time when the Toorcamp organizer put my EFI defense talk immediately after Dan Griffin's EFI attack talk. In the end I got to know Dan and appreciated his offensive work since great offense inspires more strident defense.

The platform security summit was a great opportunity to engage with companies concerned about the transparency of open platforms, system assurance, and firmware. There has been a lot of discussion about moving to RUST https://www.rust-lang.org/en-US/, including the sentiment from Ron Minnich about today's proliferation of ring 0 C code "Too much writing of code, too little thought about not writing code, and it's all too easy nowadays just to barf out a couple KLOCs without thinking things through."  I'm especially interest in the potential ability to do verification actions, such as http://plv.mpi-sws.org/rustbelt/.

I was pondering that while traveling back from DC when I bumped into David Aucsmith
Aucsmith https://www.root9b.com/leadership/david-aucsmith/ while awaiting a return flight to Seattle. Dave provided me the insight the use Ceremonies https://eprint.iacr.org/2007/399.pdf as a model for system provisioning back at CanSecWest in 2015 in addition to the legendary contributions he made at Intel. I asked Dave what he though of language based security, such as RUST, and he simply replied to me, "If this is such as consideration, why haven't you been coding in Ada https://en.wikipedia.org/wiki/Ada_(programming_language)?" coreboot even has a Ada runtime https://github.com/coreboot/coreboot/tree/master/src/lib/gnat and I don't see much community support, so maybe Dave is on to something.....

After returning to Seattle, I steeled myself for the 'further east' journey, namely visiting Erlangen, Germany for https://osfc.io/. I am honored to have been invited to deliver the keynote https://osfc.io/talks/keynote for this multi-firmware community event. What a passage of time since it makes 15 years since my first Intel Developer Forum solo talk https://github.com/vincentjzimmer/Documents/blob/master/EFI_Specification_Evolution_Final_04%20-%202003.pdf. Fast forward and I get to make a solo keynote.

Ironically, my keynote preceded Trammell's security keynote and he amazing slip-streamed my image into slide 10 of his deck https://osfc.io/uploads/talk/paper/2/OSFC_Security_Keynote.pdf


I tried not to 'preach' about firmware, especially since the event was held in a Church.


I also had the opportunity to provide security overviews w/ Maggie for the security hack-a-thon at the event.


I was definitely among my firmware brethren, of which I was reminded with pages like 'booting is hard.' Yes, it is.

Here's a shot of the event location from the outside.


I mentioned the Intel Firmware Support Package (FSP) in the event. That evening event a Swiss engineer answer my query about what I was eating with "It's like an FSP. We know what's on the outside,



but often not what's on the inside."

Nice. Firmware humor on top of the technical conversation and information exchange flow. Speaking of flow, I was reminded of the importance to share knowledge when an engineer early in his career asked for a signature of https://www.apress.com/us/book/9781484200711

Since last blogging I'm happy to have also participated in documenting more of the Intel platform behaviors, albeit the small core SOC https://firmware.intel.com/sites/default/files/uefi_firmware_enabling_guide_for_the_intel_atom_processor_e3900_series.pdf, too. To me it's another tactic on how to scale knowledge and empower communities.

Finally, I'm glad to be back in the Pacific Northwest this week. Today and tomorrow I'm at Blue Hat https://www.microsoft.com/en-us/msrc/bluehat-conference which is a short walk from the Intel office. And no presenter-angst.


So no multi-hour flights, security lines, or strange hotel rooms


If you're around Blue Hat and catch this blog, say hello.


© 2018, Vincent ZimmerThis work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License 


Post a Comment