Published at June 23, 2022 · Tomasz Żyjewski · 7 min read
The Fobnail Token is an open-source hardware USB device that helps to determine the integrity of the system. The purpose of this blog post is to present the development progress of this project. During this phase, we focused on researching OS for hosting Fobnail Attester...
Categories: security
Increasing the security of iMX platforms - JTAG fusing
Published at December 14, 2021 · Michał Kotyla · 9 min read
JTAG helps a lot of engineers during product development. It also may be helpful for adversaries. We tell you why and how to increase JTAG security in your product...
Categories: manufacturing security
Fobnail vs other boot security projects
Published at October 28, 2021 · Michał Żygowski · 11 min read
Have you ever thought about securing the boot process of your computer? No? This post will compare the available open source boot process hardening projects and explain the importance of signing and protection the software/operating system you launch. You will also get to know how the boot process may be secured even further and with the incoming Fobnail security token....
The backdoor to your firmware 2
Published at March 25, 2021 · Anastazja Lapanova · 6 min read
Firmware vulnerabilities in the light of recent attacks as a backdoor of the firmware - part 2...
Categories: firmware
Published at March 12, 2021 · Anastazja Lapanova · 5 min read
Firmware vulnerabilities in the light of recent attacks as a backdoor of the firmware...
Categories: firmware
What is IOMMU and how it can be used?
Published at January 13, 2021 · Marek Kasiewicz · 6 min read
Welcome to a new blogpost series dedicated to IOMMU. In this article, you can read what IOMMU is and find out if its use may be beneficial for you....
Application Security as an Every Developer's Responsibility
Published at November 13, 2020 · Piotr Nowosławski · 7 min read
The issue of web application security is becoming more and more popular. Currently, not only large organizations and corporations but also smaller businesses are forced by progress to transfer some of their activities to the Internet....
Categories: app-dev development security
Reasonably secure way to update your system firmware
Published at September 18, 2020 · Norbert Kamiński · 3 min read
As you may know from the previous blog post, the qubes-fwupd is the wrapper that allows you to update the firmware of your devices in the Qubes OS. This time I will briefly describe the new features, whereby you will securely update your system firmware....
TrenchBoot: Open Source DRTM. Multiboot2 support.
Published at September 7, 2020 · Krystian Hebel · 11 min read
This month we will show that not only Linux kernel can be started by TrenchBoot. We also did some drastic changes to the bootloader data format, so if you try to redo some older posts in the future and they do not seem to work, this is probably the place to look for hints....
TrenchBoot: Open Source DRTM. TPM event log all the way.
Published at August 13, 2020 · Krystian Hebel · 12 min read
We extended the TPM event log support to the Linux kernel. It is now possible to print all of the PCR extend operations performed and compare the hashes with files to see if anything is wrong....
Secure Application – Best coding practices
Published at July 23, 2020 · Malwina Mika · 7 min read
When building an application, we must assume that it will be exposed to attackers at all times and may be misused by ordinary recipients. The danger of the first group seems obvious, but what kind of risk a standard user brings?...
Categories: app-dev development security
DEV and IOMMU: a story of two DMA protection mechanisms
Published at July 3, 2020 · Krystian Hebel · 12 min read
Both DEV and IOMMU can help with protection against malicious DMA. This post roughly describes the difference between those two, as well as the impact they have on each other in the context of TrenchBoot...
TrenchBoot: Open Source DRTM. GRUB's new features and TPM event log.
Published at July 3, 2020 · Piotr Kleinschmidt · 17 min read
This blog post will show you what features we have added to GRUB and why they are useful from user's point of view. Also, there will be shown how to utilize TPM event logs and hence debug DRTM....
Qubes OS & 3mdeb 'minisummit' 2020 summation
Published at June 17, 2020 · Kamila Banecka · 8 min read
The second Qubes OS & 3mdeb minisummit is ahead of us. We had gone through four evenings of topics devoted to Qubes OS, so it is time for broad summation of the event....
Categories: firmware miscellaneous security
Starting TrenchBoot's Landing Zone from iPXE
Published at June 1, 2020 · Krystian Hebel · 10 min read
In this article we present support for starting Landing Zone from another bootloader: iPXE. It may not be as featureful as GRUB2, but it has enough juice to start DRTM using images obtained from a remote server...
Qubes OS and 3mdeb 'minisummit' 2020
Published at May 15, 2020 · Kamila Banecka · 5 min read
Once again, we will meet on QubesOs & 3mdeb minisummit 2020 discussing #QubesOS, #firmware, #coreboot, #security and #TPM related topics. All the event details are presented in the following blog post....
Categories: firmware miscellaneous security
Installing TrenchBoot in UEFI environments
Published at May 6, 2020 · Michał Żygowski · 17 min read
This blog post will show you how to install NixOS on UEFI platforms and how to install TrenchBoot on them....
User friendly tutorial for enabling HTTPS support in iPXE
Published at May 6, 2020 · Michał Żygowski · 5 min read
This article will show you how to replace old HTTP with much safer HTTPS when booting platforms/computers over network. You will read how to quickly incorporate open-source network booting solution based on coreboot and iPXE projects to your daily life....
TrenchBoot: Open Source DRTM. CI/CD system.
Published at May 5, 2020 · Piotr Kleinschmidt · 6 min read
How to improve development and validation process in our project? Automation? Of course! Let us introduce our CI/CD system. Find out how it actually works and what advantages it has....
TrenchBoot: Open Source DRTM. DRTM update and meta-trenchboot implementation
Published at April 30, 2020 · Piotr Kleinschmidt · 11 min read
Another release brings new updates in our Open Source DRTM project. Except for code changes, we have prepared our custom Linux image with DRTM. Also we set up CI/CD system for automation build and test. Read this article if you want to find out more details....
TrenchBoot: Open Source DRTM. Landing Zone validation.
Published at April 3, 2020 · Piotr Kleinschmidt · 25 min read
When you already know what is TrenchBoot, what is DRTM and how we enable it on AMD processors, we can move on to practice. I will show you how to configure all components and verify first of project's requirements....
TrenchBoot - Open Source DRTM for AMD processors. Project's basics.
Published at March 31, 2020 · Piotr Kleinschmidt · 11 min read
This is the first blog post of TrenchBoot series. It will introduce you to the project, its structure and environment. Additionally the reader will find out more about each component, how to setup the environment and configure the build....
Open Source DRTM with TrenchBoot for AMD processors. Introduction.
Published at March 28, 2020 · Piotr Kleinschmidt · 4 min read
This article starts an entire series of articles related to title project. By reading this blog post, you will find out why we have started such project and who is supporting us. Also, we bring you closer to main concept and goals....
Failure of ECC508A crypto coprocessor initial triage with SAM G55 Xplained Pro Evaluation Kit
Published at November 24, 2016 · Piotr Król · 7 min read
Some time ago (around August 2016) embedded community media were hit with hype around simplified flow for AWS IoT provisioning (1, 2, 3). I’m personally very interested in all categories related to those news: IoT - is 3mdeb business core and despite this term was largely abused these days, we just love to build connected embedded devices. Building this kind of devices is inherently related with firmware deployment, provisioning and update problems....
.png){kind=small}
