Krystian Hebel

Firmware Engineer interested mostly in things deliberately omitted from documentation. Thinks C is high-level language, can write something in Verilog but doesn’t know how to read it yet.

Social media profiles

Check GitHub profile

Articles (21)

TrenchBoot: Open Source DRTM. TPM event log all the way.

Published at August 13, 2020 ·  12 min read

We extended the TPM event log support to the Linux kernel. It is now possible to print all of the PCR extend operations performed and compare the hashes with files to see if anything is wrong....

Categories: firmware security

DEV and IOMMU: a story of two DMA protection mechanisms

Published at July 3, 2020 ·  12 min read

Both DEV and IOMMU can help with protection against malicious DMA. This post roughly describes the difference between those two, as well as the impact they have on each other in the context of TrenchBoot...

Categories: firmware security

Starting TrenchBoot's Landing Zone from iPXE

Published at June 1, 2020 ·  10 min read

In this article we present support for starting Landing Zone from another bootloader: iPXE. It may not be as featureful as GRUB2, but it has enough juice to start DRTM using images obtained from a remote server...

Categories: firmware security

Trying to fix ESXi 6.7.0 boot issue, part one

Published at March 4, 2020 ·  14 min read

First mentions that updated versions of VMware's ESXi 6.7.0 installer doesn't start on PC Engines platforms come from the beginning of 2019. Older versions of ESXi worked fine. 'Shutting down firmware services...' is the last line printed before hang or reboot....

Categories: firmware os-dev

VMX exit reasons and handlers

Published at January 23, 2020 ·  14 min read

After long break, this is the third post in the hypervisor series. We will see how VMX helps with virtualization of restricted instructions and how Bareflank allows for implementation of handlers for them. At the end we will show how to write and add our own handler....

Categories: firmware

How L4 Genode hypervisor stands against proprietary RTOS solution

Published at January 10, 2020 ·  5 min read

A microkernel is a minimal computer operating system kernel which provides no operating system services at all, only the mechanisms needed to implement such services. A concept is tolerated inside the μ-kernel only if moving it outside the kernel would prevent the implementation of the system’s required functionality. In this article we will show our considerations on using L4 microkernels on VM....

Categories: os-dev

Reproducible builds

Published at May 22, 2019 ·  3 min read

Recently we made sure that every build of PC Engines' firmware is built in a reproducible manner. This short post shows what exactly does it mean and why this should be important to firmware developers....

Categories: firmware

Building and running Bareflank

Published at May 15, 2019 ·  13 min read

In this second post of a series, we will build and start our first hypervisor. It won't do much just yet, but it is good to get known with its build system....

Categories: firmware

5 terms every hypervisor developer should know

Published at April 30, 2019 ·  11 min read

This is the first post of a series about developing bare-metal hypervisors. It introduces to Intel's VMX technology, describes interactions between a virtual machine and a hypervisor as well as gives some insight on the control structures required. This post should give some theoretical knowledge base required for the next ones, in which we will implement a basic hypervisor....

Categories: firmware

How to mitigate ROCA TPM vulnerability?

Published at April 17, 2019 ·  10 min read

ROCA vulnerability was discovered (October 2017) in a software library, RSALib, provided by Infineon Technologies. That library is also used in TPM modules. When this vulnerability is present, a pair of prime numbers used for generating RSA keys is chosen from a small subset of all available prime numbers. This results in a great loss of entropy. Details and exact numbers can be found here. UPDATE 2021-10-20: provided new link for TPM firmware updates (old one was no longer working), added info about patch for openssl-1....

Categories: firmware security