Firmware security, why it matters and how you can have it
Matthew Garrett
https://2019.linux.conf.au/schedule/presentation/110/
A system is only as secure as the least secure component it depends on. Hardening the kernel is a vital part of developing a secure operating system, but if the firmware underneath the kernel is insecure then attackers have an opportunity to sidestep your security and compromise you anyway.
Firmware security research is a rapidly growing field, but the wider world is unaware of a lot of the output. Over recent users we've seen vulnerabilities involving exploitation of code running in system management mode, taking advantage of firmware-level hardware initialisation scripts run on resume from suspend, and even compromise of the management engine - an entirely separate computer that lives inside your chipset.
There's a huge amount of work being done to improve this, but you probably haven't heard about it. This presentation will cover how the state of the art is shifting, along with a discussion of how much of this applies to projects such as Coreboot and Libreboot and whether it's possible to obtain the same level of security without compromising the freedom to run whatever you want on your system.
linux.conf.au is a conference about the Linux operating system, and all aspects of the thriving ecosystem of Free and Open Source Software that has grown up around it. Run since 1999, in a different Australian or New Zealand city each year, by a team of local volunteers, LCA invites more than 500 people to learn from the people who shape the future of Open Source. For more information on the conference see https://linux.conf.au/
#linux.conf.au #linux #foss #opensource
Видео Firmware security, why it matters and how you can have it канала linux.conf.au
https://2019.linux.conf.au/schedule/presentation/110/
A system is only as secure as the least secure component it depends on. Hardening the kernel is a vital part of developing a secure operating system, but if the firmware underneath the kernel is insecure then attackers have an opportunity to sidestep your security and compromise you anyway.
Firmware security research is a rapidly growing field, but the wider world is unaware of a lot of the output. Over recent users we've seen vulnerabilities involving exploitation of code running in system management mode, taking advantage of firmware-level hardware initialisation scripts run on resume from suspend, and even compromise of the management engine - an entirely separate computer that lives inside your chipset.
There's a huge amount of work being done to improve this, but you probably haven't heard about it. This presentation will cover how the state of the art is shifting, along with a discussion of how much of this applies to projects such as Coreboot and Libreboot and whether it's possible to obtain the same level of security without compromising the freedom to run whatever you want on your system.
linux.conf.au is a conference about the Linux operating system, and all aspects of the thriving ecosystem of Free and Open Source Software that has grown up around it. Run since 1999, in a different Australian or New Zealand city each year, by a team of local volunteers, LCA invites more than 500 people to learn from the people who shape the future of Open Source. For more information on the conference see https://linux.conf.au/
#linux.conf.au #linux #foss #opensource
Видео Firmware security, why it matters and how you can have it канала linux.conf.au
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Booting fasterWriting Viruses for Fun, not Profit"TPM based attestation - how can we use it for good?" - Matthew Garrett (LCA 2020)See what your computer is doing with Ftrace utilities"What UNIX Cost Us" - Benno Rice (LCA 2020)How to Disappear CompletelyDoes making the kernel harder make making the kernel harder?RCU's First-Ever CVE, and How I Lived to Tell the TaleFPGA based mobile phone: Creating a truly open and trustable mobile communications device"The ZFS filesystem" - Philip Paeps (LCA 2020)systemd - The Good PartsThe Tragedy of systemdLets LISP like it's 1959STM32 Development Boards (literally) Falling From The SkyHow Much Do You Trust That Package? Understanding The Software Supply ChainMaking C Less Dangerous in the Linux kernel"The New COBOL" - Benno Rice (PyCon AU 2019)But Mummy I don't want to use CUDA - Open source GPU compute"Write a single library to handle all input devices, it'll be easy" they said...