By: Bo Feng, Alejandro Mera, and Long Lu, Northeastern University Dynamic testing or fuzzing of embedded firmware is severely limited by hardware-dependence and poor scalability, partly contribut...
The first part of @liba2k and mine research on UEFI just went online. This time it's merely a refresher on how to dump SPI flash memory, but the next posts in the series will be more innovative a...
By Michael Milvich Anvil is releasing a white paper today describing a technique that we have found useful to bypass secure boot on a number of embedded Linux devices where the file systems have ...
https://firmwaresecurity.com/2020/08/14/anvil-ventures-defeating-secure-boot-with-symlink-attacks/
acpiparse is a small utility which understands the format of common ACPI tables and can print them in a human-readable way. https://github.com/jhand2/acpiparse
https://firmwaresecurity.com/2020/08/11/acpiparse-utility-which-prints-info-on-common-acpi-tables/
This script makes Downgrade-able BIOS update file from Dell original BIOS updates. https://github.com/vuquangtrong/Dell-PFS-BIOS-Assembler
Intel® Thunderbolt™ Controller Advisory INTEL-SA-00411 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00411.html Intel® SSD DCT Advisory INTEL-SA-00406 https://www....
https://firmwaresecurity.com/2020/08/11/18-security-advisories-from-intel/
ZMK is a new keyboard firmware software project. It is based on Zeyphyr RTOS. I guess the main keyboard firmware alternatives are QMK and TMK. . https://zmkfirmware.dev/ As for security issues, n...
https://firmwaresecurity.com/2020/08/10/zmk-firmware-modern-open-source-keyboard-firmware/
Apparently the dump includes info on: Intel ME, Intel FSP, and “Lots of other things”… They were given to me by an Anonymous Source who breached them earlier this Year, more details about t...
https://firmwaresecurity.com/2020/08/06/intel-engineering-data-breach-including-firmware-internals/
Microsoft has a new Knowledgebase Article on UEFI SecureBoot DBX certs: On July 29, 2020, Microsoft published security advisory 200011 that describes a new vulnerability that’s related to Secur...
https://firmwaresecurity.com/2020/08/06/microsoft-offers-uefi-secure-boot-dbx-guidance/
Re: https://firmwaresecurity.com/2019/11/23/edk2-vscode-visual-studio-code-plugin-for-edkii-files/ and https://firmwaresecurity.com/2019/10/01/musupport-a-vs-code-extension-to-support-project-mu/...
https://firmwaresecurity.com/2020/08/04/uefi-code-defn-a-third-uefi-plugin-for-visual-studio-code/