http://kernsec.org/wiki/index.php?action=history&feed=atom&title=Linux_Security_Summit_2014%2FAbstracts%2FCook_1 2026-05-07T12:04:20Z Revision history for this page on the wiki MediaWiki 1.36.1 http://kernsec.org/wiki/index.php?title=Linux_Security_Summit_2014/Abstracts/Cook_1&diff=3504&oldid=prev 2014-07-15T16:01:23Z

<p></p> <table style="background-color: #fff; color: #202122;" data-mw="interface"> <col class="diff-marker" /> <col class="diff-content" /> <col class="diff-marker" /> <col class="diff-content" /> <tr class="diff-title" lang="en"> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 16:01, 15 July 2014</td> </tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l5">Line 5:</td> <td colspan="2" class="diff-lineno">Line 5:</td></tr> <tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Presenter ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Presenter ==</div></td></tr> <tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr> <tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Kees Cook</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Kees Cook<ins style="font-weight: bold; text-decoration: none;">, Google</ins></div></td></tr> <tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr> <tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Abstract ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Abstract ==</div></td></tr> </table>

JamesMorris http://kernsec.org/wiki/index.php?title=Linux_Security_Summit_2014/Abstracts/Cook_1&diff=3501&oldid=prev 2014-07-15T15:51:07Z

<p>New page: == Title == Verified Component Firmware == Presenter == Kees Cook == Abstract == Privileged executable code running on a device is not limited to just the Boot Firmware and Kernel. On...</p> <p><b>New page</b></p><div>== Title ==<br /> <br /> Verified Component Firmware<br /> <br /> == Presenter ==<br /> <br /> Kees Cook<br /> <br /> == Abstract ==<br /> <br /> Privileged executable code running on a device is not limited to<br /> just the Boot Firmware and Kernel. One major area that gets frequently<br /> overlooked is Component Firmware: firmware loaded on network interfaces,<br /> wifi and cellular wireless devices, hard drives, keyboards, etc. Some<br /> of these devices have direct DMA access to system physical memory, some<br /> have access to potentially sensitive information (keystrokes, network<br /> or storage data, etc). Presently, the Linux Kernel loads firmware from<br /> userspace via directly located files, data passed by uevent handlers, or<br /> by specialized updater tools that manipulate (potentially undocumented)<br /> device interfaces. There is no mechanism in place for the kernel to<br /> reason about the origin of the firmware, so it is possible for userspace<br /> to load malicious Component Firmware that could result in a compromised<br /> kernel or a component that persistently snoops on data.<br /> <br /> As was done for kernel module loading, I have introduced a new interface<br /> for firmware loading that operates on a file descriptor rather than<br /> arbitrary blobs passed from userspace. This allows a system to limit<br /> firmware loading to only known sources. For example, firmware loading<br /> could be limited to read-only crypto-verified storage, or with verified<br /> signatures.<br /> <br /> Additionally, I will present a methodology for evaluating Component<br /> Firmware risks based on the component's own level of firmware validation<br /> and the component's access to sensitive interfaces or data. With this,<br /> a plan for firmware that is loaded external to the kernel (entirely<br /> via userspace) can be developed, potentially leading to filtered device<br /> communication.</div>

JamesMorris