@qrs and I actually did discover TOCTOUs in the IBB phase :https://conference.hitb.org/hitbsecconf2019ams/materials/D1T1%20-%20Toctou%20Attacks%20Against%20Secure%20Boot%20-%20Trammell%20Hudson%20&%20Peter%20Bosch.pdf … https://github.com/tianocore/edk2-staging/tree/BootGuardTocTouVulnerabilityMitigation …
-
-
-
Well there we go! Great work. I'll add the link to your research to the blog post.
- Još 2 druga odgovora
Novi razgovor -
-
-
Nice article, although is there any chance you could bump up the contrast on the text on your site? My eyes aren't what they used to be.
-
Thanks! Ye so sorry. Reading on mobile is a disaster (unless you're speaking about PC?). I am going to address this asap
- Još 3 druga odgovora
Novi razgovor -
-
-
Nice write up. I’m a fan of modeling systems using Clark Wilson. We have some examples of this regarding the boot chain in https://legacy.gitbook.com/book/edk2-docs/understanding-the-uefi-secure-boot-chain/details …. You can find other docs on EDKII security at https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Security-White-Papers … including some threat modeling in https://legacy.gitbook.com/book/edk2-docs/edk-ii-secure-coding-guide/details …
-
Thanks so much Vincent. I stole the Clark Wilson thing from you of course. :) (From somewhere in the Intel BGT flow docs). Thanks for the resources. Super helpful.
Kraj razgovora
Novi razgovor -
-
-
Agree on why DRTM is suboptimal. Disagree on the SRTM reasoning: "The initial trust is rooted in the CPU+chipset vendor." That doesn't have to be true for SRTM - see Microsoft's Cerberus, or Google's Titan (https://ai.google/research/pubs/pub46352 … et al)
-
Thanks for pointing this out. I agree with you. I was speaking about SRTM as implemented in the run of the mill off-the-shelf Windows-based machine. I will amend the blog to make it clear that the root-of-trust is not necessarily the cpu vendor.
Kraj razgovora
Novi razgovor -
-
-
i absolutely love the implication in the opening sentence that most of us use voodoo extensively
-
Not far off the truth here.. :)
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.