Explore firmware security in this 45-minute conference talk from linux.conf.au. Delve into the importance of firmware security and its impact on overall system security. Learn about recent vulnerabilities in system management mode, firmware-level hardware initialization scripts, and management engine compromises. Discover the latest advancements in firmware security research and their applications to projects like Coreboot and Libreboot. Gain insights into balancing security with the freedom to run desired software on your system. Understand the attack surface for firmware, vulnerability mitigation strategies, and the significance of firmware updates. Examine options for compatibility and advanced users in improving firmware security.
Overview
Syllabus
Intro
Just what is firmware?
Just what is code?
Why do we care about bugs in firmware?
What's the attack surface for firmware?
Where is firmware?
Welcome to System Management Mode
Not all runtime firmware is SMM
never touch untrusted data
Vulnerability mitigation
don't write bugs
But is it just about code quality?
How can we reduce attack surface?
Does Coreboot inherently save us?
What about the Management Engine? • Run the latest firmware
Firmware updates are important
Options for compatibility
Options for more advanced users
Options for super-advanced users
In summary
Taught by
linux.conf.au
