http://kernsec.org/wiki/index.php?title=Linux_Security_Summit_2014/Abstracts/Cook_1&feed=atom&action=historyLinux Security Summit 2014/Abstracts/Cook 1 - Revision history2024-03-28T18:00:01ZRevision history for this page on the wikiMediaWiki 1.36.1http://kernsec.org/wiki/index.php?title=Linux_Security_Summit_2014/Abstracts/Cook_1&diff=3504&oldid=prevJamesMorris at 16:01, 15 July 20142014-07-15T16:01:23Z<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 16:01, 15 July 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l5">Line 5:</td>
<td colspan="2" class="diff-lineno">Line 5:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Presenter ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Presenter ==</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Kees Cook</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Kees Cook<ins style="font-weight: bold; text-decoration: none;">, Google</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Abstract ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Abstract ==</div></td></tr>
</table>JamesMorrishttp://kernsec.org/wiki/index.php?title=Linux_Security_Summit_2014/Abstracts/Cook_1&diff=3501&oldid=prevJamesMorris: New page: == Title == Verified Component Firmware == Presenter == Kees Cook == Abstract == Privileged executable code running on a device is not limited to just the Boot Firmware and Kernel. On...2014-07-15T15:51:07Z<p>New page: == Title == Verified Component Firmware == Presenter == Kees Cook == Abstract == Privileged executable code running on a device is not limited to just the Boot Firmware and Kernel. On...</p>
<p><b>New page</b></p><div>== Title ==<br />
<br />
Verified Component Firmware<br />
<br />
== Presenter ==<br />
<br />
Kees Cook<br />
<br />
== Abstract ==<br />
<br />
Privileged executable code running on a device is not limited to<br />
just the Boot Firmware and Kernel. One major area that gets frequently<br />
overlooked is Component Firmware: firmware loaded on network interfaces,<br />
wifi and cellular wireless devices, hard drives, keyboards, etc. Some<br />
of these devices have direct DMA access to system physical memory, some<br />
have access to potentially sensitive information (keystrokes, network<br />
or storage data, etc). Presently, the Linux Kernel loads firmware from<br />
userspace via directly located files, data passed by uevent handlers, or<br />
by specialized updater tools that manipulate (potentially undocumented)<br />
device interfaces. There is no mechanism in place for the kernel to<br />
reason about the origin of the firmware, so it is possible for userspace<br />
to load malicious Component Firmware that could result in a compromised<br />
kernel or a component that persistently snoops on data.<br />
<br />
As was done for kernel module loading, I have introduced a new interface<br />
for firmware loading that operates on a file descriptor rather than<br />
arbitrary blobs passed from userspace. This allows a system to limit<br />
firmware loading to only known sources. For example, firmware loading<br />
could be limited to read-only crypto-verified storage, or with verified<br />
signatures.<br />
<br />
Additionally, I will present a methodology for evaluating Component<br />
Firmware risks based on the component's own level of firmware validation<br />
and the component's access to sensitive interfaces or data. With this,<br />
a plan for firmware that is loaded external to the kernel (entirely<br />
via userspace) can be developed, potentially leading to filtered device<br />
communication.</div>JamesMorris