why open source firmware is important
play

Why open source firmware is important Jessie Frazelle - @jessfraz - PowerPoint PPT Presentation

Oct 30, 2022 •155 likes •783 views

Why open source firmware is important Jessie Frazelle - @jessfraz Points of View 1. Security 2. Usability 3. Visibility First Point of View: Security... Software Software Operating System Kernel Firmware Hardware Software Software

  1. Why open source firmware is important Jessie Frazelle - @jessfraz

  2. Points of View 1. Security 2. Usability 3. Visibility

  3. First Point of View: Security...

  4. Software Software Operating System Kernel Firmware Hardware

  5. Software Software Software Software Hardware

  6. 💪 Software 💪 Software 💪 Software 💪 Software 💪 Hardware

  7. Ring 3: User space Ring 0: Kernel Ring -1: Hypervisor Ring -2: SMM, UEFI kernel Ring -3: Management Engine

  8. The code we don’t know about... Ring -2: SMM, UEFI kernel Ring -3: Management Engine

  9. System Management Mode - Originally used for power management - System hardware control - Proprietary designed code - Place where vendors add new features - Handle system events like memory or chipset errors - ½ kernel Ring -2: SMM, UEFI kernel

  10. UEFI Kernel - Extremely complex - Millions of lines of code - UEFI applications are active after boot - Security from obscurity - A bajillion features, extremely complex Ring -2: SMM, UEFI kernel

  11. Management Engine - Networking management - KVM management - Intel proprietary features - Can reimage your device even if it’s powered off - Can turn on node invisibly - Minux - SO MUCH MORE Ring -3: Management Engine

  13. That’s just one example of a bad attack but if you google you can easily find others...

  15. This is bad.

  16. It gets even worse.

  17. Intel Boot Guard

  18. Adds up to: 2½ other kernels/OSes… - They each have their own networking stacks, web servers (wtf) - The code can modify itself and persist across power cycles and reinstalls Ring -2: SMM, UEFI kernel Ring -3: Management Engine

  19. Adds up to: 2½ other kernels/OSes… - They are all incredibly and unnecessarily complex - THEY ALL HAVE EXPLOITS! Ring -2: SMM, UEFI kernel Ring -3: Management Engine

  20. Second Point of View: Usability...

  22. The results

  26. 29.2% Mentioned Firmware as a Pain Point

  27. So at what scale is firmware a pain?

  29. My hypothesis...

  30. Once you need to deal with the firmware it becomes a pain...

  31. Third Point of View: Visibility...

  32. Conway’s Law

  33. From the perspective of hardware engineers...

  34. “You’d be crazy to think hardware was ever intended to be used for isolating multiple users safely..”

  35. Spectre and Meltdown proved this to be true as well.

  36. From the perspective of firmware and kernel engineers…

  37. They want vendors to make their firmware do less, or give up the control to them.

  38. Vendors can rarely debug firmware issues…

  39. Oversights and lack of communication leads to...

  41. How did no one think about the BMC when building softlayer?

  42. I’ve personally seen these miscommunications happen in the container ecosystem as well...

  44. Miscommunications at various layers of the stack lead to bugs in the intersecting layers, based off incorrect assumptions.

  45. 💪 Software 💪 Software 💪 Software 💪 Software 💪 Hardware

  46. How do we fix these things? 1. Security 2. Usability 3. Visibility

  47. Open Source Firmware

  48. NERF : Non-Extensible Reduced Firmware

  49. NERF Goals - Make firmware less capable of doing harm - Make its actions more visible - Remove all runtime components - With ME we can’t remove all but we can take away the web server and IP stack - Remove UEFI IP stack and other drivers - Remove ME/UEFI self-reflash capability - Let linux manage flash updates

  50. Ring 3: User space Ring 0: Kernel Ring -1: Hypervisor Ring -2: SMM, UEFI kernel Ring -3: Management Engine

  51. Ring 3: User space Ring 0: Kernel Ring -1: Hypervisor Ring -2: SMM, UEFI kernel Ring -3: Management Engine

  52. Ring -1: Hypervisor Ring -2: SMM disabled Reduced UEFI ROM Linux kernel and Minimal userland Ring -3: Minimized Management Engine

  54. linuxboot device drivers, network stack, multi-user/tasking u-boot or coreboot environment silicon and DRAM initialization u-root userspace tools and bootloader, initramfs

  55. Why linux? - Single kernel works for several boards - Already quite vetted and has a lot of eyes on it since it is used quite extensively - Single, open source kernel versus the 2½ other kernels that were all different and most closed off - Improves boot reliability by replacing lightly-tested firmware drivers with hardened Linux drivers.

  56. Other wins - Firmware devs can build in tools they already know - When they need to write logic for signature verification, disk decryption, etc it’s in a language that is modern, easily auditable, maintainable, and readable - Memory safety wins as well since the language can be higher level

  57. Makes boot time 20x faster.

  58. Through open source, visibility, minimalism, and open communication we can push computing to a better, more secure place from the hardware up.

  59. We can’t keep building on top of 💪 . We really need to care about the base we build on.

  60. Huge thanks to the firmware community for all their work on this!

  61. Ron Minnich Trammel Hudson Chris Koch Rick Altherr Zaolin

  62. Thanks for having me!

Recommend

On this Rock I will build my System Why Open-Source Firmware matters Lucas Stach

On this Rock I will build my System Why Open-Source Firmware matters Lucas Stach

On this Rock I will build my System Why Open-Source Firmware matters Lucas Stach l.stach@pengutronix.de https://www.pengutronix.de About me Member of Pengutronix graphics and kernel team Low-level infrastructure guy Working on

499 views • 18 slides
Make Money With Open Source What is Open Source? Community Free software vs. open source

Make Money With Open Source What is Open Source? Community Free software vs. open source

Make Money With Open Source What is Open Source? Community Free software vs. open source Licenses: GPL vs. LGPL vs. MIT/Apache Foundations: Linux, Apache, Eclipse, Similar: Open Data, Open Hardware, Open Knowledge, ... Advantages of OS

508 views • 13 slides
Open Source Databases Peter Zaitsev, CEO Percona What a Year! Huge changes for Open Source and

Open Source Databases Peter Zaitsev, CEO Percona What a Year! Huge changes for Open Source and

The State of Open Source Databases Peter Zaitsev, CEO Percona What a Year! Huge changes for Open Source and Open Source databases RedHat Acquired by IBM Image Source: https://techcrunch.com/story/ibm-acquires-red-hat/ Open Source

663 views • 29 slides
Effective Validation of Firmware Enabling firmware development and validation to keep pace with

Effective Validation of Firmware Enabling firmware development and validation to keep pace with

Effective Validation of Firmware Enabling firmware development and validation to keep pace with hardware innovations. Tom Melham University of Oxford Problem Firmware today facing greater complexity and shorter schedules coded at low

478 views • 14 slides
Reinventing How America Votes Through Open Source Solutions Deborah Bryant OSU Open Source Lab

Reinventing How America Votes Through Open Source Solutions Deborah Bryant OSU Open Source Lab

Reinventing How America Votes Through Open Source Solutions Deborah Bryant OSU Open Source Lab Joseph Hall Center for Information Technology Policy, Princeton University Gregory Miller Open Source Digital Voting Foundation Visionaries on

942 views • 29 slides
Creating an Open Source Project Thiago Macieira Who am I? Open Source developer for 15 years

Creating an Open Source Project Thiago Macieira Who am I? Open Source developer for 15 years

Creating an Open Source Project Thiago Macieira Who am I? Open Source developer for 15 years Sofuware Architect at Intels Open Source Technology Center (OTC) and Tizen Platgorm Community Manager Maintainer of two modules in the Qt

649 views • 33 slides
1 A Comparison of Open Source Search A Comparison of Open Source Search Engines Engines

1 A Comparison of Open Source Search A Comparison of Open Source Search Engines Engines

Open Source Search Engines Why? Low cost: No licensing fees Source code available for customization Good for modest or even large data sizes Open-Source Search Engines and Challenges: Lucene/Solr Performance, Scalability

347 views • 13 slides
Automating Your Lights with Open Source Combining Open Source Hardware with Free and Open Source

Automating Your Lights with Open Source Combining Open Source Hardware with Free and Open Source

Automating Your Lights with Open Source Combining Open Source Hardware with Free and Open Source Software Leon Anavi Konsulko Group leon.anavi@konsulko.com leon@anavi.org FOSDEM 2018 Agenda Home automation and smart lightning Open

422 views • 30 slides
mITu Skillologies Open Source World http://mitu.co.in Existence of open source There is a

mITu Skillologies Open Source World http://mitu.co.in Existence of open source There is a

mITu Skillologies Open Source World http://mitu.co.in Existence of open source There is a vast increase in adoption of open source software solutions across the private enterprise, government associations and organizations, industries.

581 views • 18 slides
What is open source? Computer software where the source code is distributed under an open

What is open source? Computer software where the source code is distributed under an open

What is open source? Computer software where the source code is distributed under an open source license that allows anyone to study, change, improve and distribute the software. Promotes collaboration Community of developers

878 views • 16 slides
What is open source ? Computer software where the source code is distributed under an open

What is open source ? Computer software where the source code is distributed under an open

What is open source ? Computer software where the source code is distributed under an open source license that allows anyone to study, change, improve and distribute the software. Promotes collaboration Community of developers

462 views • 14 slides
What is open source? Computer sofuware where the source code is distributed under an open

What is open source? Computer sofuware where the source code is distributed under an open

What is open source? Computer sofuware where the source code is distributed under an open source license that allows anyone to study, change, improve and distribute the sofuware. Promotes collaboration Community of developers

439 views • 12 slides
The State of Open Source Databases Peter Zaitsev CEO, Percona October 1 st , 2019 Open Source

The State of Open Source Databases Peter Zaitsev CEO, Percona October 1 st , 2019 Open Source

The State of Open Source Databases Peter Zaitsev CEO, Percona October 1 st , 2019 Open Source Software Amazing times for Open Source Software! Commercial Success Fantastic Success of Open Source Based Businesses! RedHat Acquired by IBM

1.19k views • 52 slides
Open Komodo: An Open Source IDE For Open Languages For Open Languages Own Your IDE Eric

Open Komodo: An Open Source IDE For Open Languages For Open Languages Own Your IDE Eric

Open Komodo: An Open Source IDE For Open Languages For Open Languages Own Your IDE Eric Promislow ActiveState Software Inc. OpenKomodo: Own Your IDE Copenhagen, Denmark April 2, 2008 1 History Perl for Windows Active Python,

820 views • 65 slides
Creating Open Source Electronic Hardware with Open Source Software Tom Anderson Overview

Creating Open Source Electronic Hardware with Open Source Software Tom Anderson Overview

Creating Open Source Electronic Hardware with Open Source Software Tom Anderson Overview Open Source hardware (This is the smallest font) Business model Example circuit, concept -> production Make circuit boards with Open

806 views • 78 slides
1 Version 2: MIT, 1983 Bazaar Model Richard Stallman was Characteristics include

1 Version 2: MIT, 1983 Bazaar Model Richard Stallman was Characteristics include

Open Source Idea? SHARE and the Origins of Open The basic idea behind open source is very simple: When programmers can read, Source Software: 1953-1972 redistribute, and modify the source code for a piece of software, the software evolves.

530 views • 8 slides
Open Source Software/Hardware Decoupling Open Source Software (OpenStack, CORD)

Open Source Software/Hardware Decoupling Open Source Software (OpenStack, CORD)

Design principles for 5G Toward a new paradigm, All-IT Network architecture Unbundling Open Source Software/Hardware Decoupling Open Source Software (OpenStack, CORD) Unbundled Function Blocks Open Source Hardware (OCP,

180 views • 15 slides
Front-end Firmware Transition and Documentation Status/Plans/Proposals Kurtis Nishimura

Front-end Firmware Transition and Documentation Status/Plans/Proposals Kurtis Nishimura

Front-end Firmware Transition and Documentation Status/Plans/Proposals Kurtis Nishimura University of Hawaii December 14, 2012 US Firmware Meeting 1 v2 Firmware Version 2 firmware is largely done: New interface to the DAQ

273 views • 5 slides
OPEN SOURCE PROGRAMS + THEIR ETHICAL DEVELOPMENT AND FUTURE OPEN SOURCE PROGRAMS PROVIDE A

OPEN SOURCE PROGRAMS + THEIR ETHICAL DEVELOPMENT AND FUTURE OPEN SOURCE PROGRAMS PROVIDE A

OPEN SOURCE PROGRAMS + THEIR ETHICAL DEVELOPMENT AND FUTURE OPEN SOURCE PROGRAMS PROVIDE A VIABLE FOUNDATION FOR THE SUSTAINABLE FUTURE OF THE WORLD S CREATIVE ECONOMY. FIGURE A Figure A. Skok, 2012, p. 13 WHAT IS AN OPEN SOURCE PROGRAM?

343 views • 8 slides
VSI's Open Source Strategy Plans and schemes for Open Source so9ware on OpenVMS Bre% Cameron /

VSI's Open Source Strategy Plans and schemes for Open Source so9ware on OpenVMS Bre% Cameron /

VSI's Open Source Strategy Plans and schemes for Open Source so9ware on OpenVMS Bre% Cameron / Camiel Vanderhoeven April 2016 AGENDA Cloud Programming languages UNIX compa;bility Integra;on technologies Analy;cs Databases

946 views • 40 slides
Challenges in Open-source RISC-V Implementations Differentiation & Customization Open Source

Challenges in Open-source RISC-V Implementations Differentiation & Customization Open Source

Challenges in Open-source RISC-V Implementations Differentiation & Customization Open Source Hardware Promises and Hopes Great way to collaborate Faster development thanks to readily available IP (e.g. peripherals, ) Very

411 views • 17 slides
Component Firmware http://outflux.net/slides/2014/lss/firmware.pdf Linux Security Summit, Chicago

Component Firmware http://outflux.net/slides/2014/lss/firmware.pdf Linux Security Summit, Chicago

Component Firmware http://outflux.net/slides/2014/lss/firmware.pdf Linux Security Summit, Chicago 2014 Kees Cook <keescook@chromium.org> (pronounced Case) Overview Wait, which firmware? Threats Update methods

311 views • 20 slides
Databases Peter Zaitsev Percona You Might Know I am passionate about Open Source Databases

Databases Peter Zaitsev Percona You Might Know I am passionate about Open Source Databases

Maximizing the Power and Value of Open Source Databases Peter Zaitsev Percona You Might Know I am passionate about Open Source Databases 2 Open Source Databases Leading in Growth Source: https://db-engines.com/en/ranking 3 Long Term

708 views • 42 slides
Open-source without headaches Edwin Dalmaijer @esdalmaijer 20 November 2018 Wait, isnt open

Open-source without headaches Edwin Dalmaijer @esdalmaijer 20 November 2018 Wait, isnt open

Open-source without headaches Edwin Dalmaijer @esdalmaijer 20 November 2018 Wait, isnt open source a Good Thing ? To science , open-source if unequivocally good Tools are free and open to public scrutiny Wait, isnt open source a

649 views • 45 slides

More recommend