Replace Your Exploit-Ridden Firmware with Linux - Ronald Minnich, Google
Replace Your Exploit-Ridden Firmware with Linux - Ronald Minnich, Google
With the WikiLeaks release of the vault7 material, the security of the UEFI (Unified Extensible Firmware Interface) firmware used in most PCs and laptops is once again a concern. UEFI is a proprietary and closed-source operating system, with a codebase almost as large as the Linux kernel, that runs when the system is powered on and continues to run after it boots the OS (hence its designation as a “Ring -2 hypervisor"). It is a great place to hide exploits since it never stops running, and these exploits are undetectable by kernels and programs.
Our answer to this is NERF (Non-Extensible Reduced Firmware), an open source software system developed at Google to replace almost all of UEFI firmware with a tiny Linux kernel and initramfs. The initramfs file system contains an init and command line utilities from the u-root project (http://u-root.tk/), which are written in the Go language.
About Ronald G. Minnich
Ron Minnich is a Software Engineer at Google. He has contributed to many open source projects in the last several decades, including the Linux kernel (9p file system); the FreeBSD kernel (rfork); and Plan 9 (many different areas). He directed the team that ported Plan 9 to the Blue Gene supercomputers. He invented LinuxBIOS (now called coreboot) in 1999. He is one of the core contributors to the Harvey operating system. His most recent Linux Foundation talk was on how to build your own signed version of ChromeOS and resign your Chromebook with your personal keys in 2016.
Видео Replace Your Exploit-Ridden Firmware with Linux - Ronald Minnich, Google канала The Linux Foundation
With the WikiLeaks release of the vault7 material, the security of the UEFI (Unified Extensible Firmware Interface) firmware used in most PCs and laptops is once again a concern. UEFI is a proprietary and closed-source operating system, with a codebase almost as large as the Linux kernel, that runs when the system is powered on and continues to run after it boots the OS (hence its designation as a “Ring -2 hypervisor"). It is a great place to hide exploits since it never stops running, and these exploits are undetectable by kernels and programs.
Our answer to this is NERF (Non-Extensible Reduced Firmware), an open source software system developed at Google to replace almost all of UEFI firmware with a tiny Linux kernel and initramfs. The initramfs file system contains an init and command line utilities from the u-root project (http://u-root.tk/), which are written in the Go language.
About Ronald G. Minnich
Ron Minnich is a Software Engineer at Google. He has contributed to many open source projects in the last several decades, including the Linux kernel (9p file system); the FreeBSD kernel (rfork); and Plan 9 (many different areas). He directed the team that ported Plan 9 to the Blue Gene supercomputers. He invented LinuxBIOS (now called coreboot) in 1999. He is one of the core contributors to the Harvey operating system. His most recent Linux Foundation talk was on how to build your own signed version of ChromeOS and resign your Chromebook with your personal keys in 2016.
Видео Replace Your Exploit-Ridden Firmware with Linux - Ronald Minnich, Google канала The Linux Foundation
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
How Science is Taking the Luck out of Gambling - with Adam KucharskiTutorial: Building the Simplest Possible Linux System - Rob Landley, se-instruments.comThe Tragedy of systemdVPN & Remote Working - ComputerphileOSFC 2018 - coreboot rompayload | Ron MinnichKeynote: Linus Torvalds, Creator of Linux & Git, in conversation with Dirk Hohndel, VPBrian Delgado & Tejaswini Vibhute - ABC to XYZ of Writing System Management Mode (SMM) DriversElectrical experiments with plants that count and communicate | Greg GageLife Behind the Tinfoil: A Look at Qubes and Copperhead - Konstantin Ryabitsev, The Linux FoundationI Hope Google Doesn’t Ban Us... - Abusing Unlimited Google DriveHow to gain control of your free time | Laura Vanderkam34C3 - Bringing Linux back to server boot ROMs with NERF and HeadsKeynote: Linus Torvalds in conversation with Dirk HohndelReclaim your freedom with free libre software now - Richard Stallman of Free Software MovementOSFC 2019 - Adaptation of AMD Reference Firmware to coreboot© Using FSP 2.0Booting fasterThe Trouble with FreeBSDFirmware Security: Why It Matters and How You Can Have ItThere's more to life than being happy | Emily Esfahani SmithFrom zero to Kubernetes with OpenStack Ironic