Replace Your Exploit-Ridden Firmware with Linux - Ronald Minnich, Google
With the WikiLeaks release of the vault7 material, the security of the UEFI (Unified Extensible Firmware Interface) firmware used in most PCs and laptops is once again a concern. UEFI is a proprietary …
| Talk Title | Replace Your Exploit-Ridden Firmware with Linux - Ronald Minnich, Google |
| Speakers | Ron Minnich (Software Engineer, Google) |
| Conference | Open Source Summit Europe |
| Conf Tag | |
| Location | Prague, Czech Republic |
| Date | Oct 21-27, 2017 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
With the WikiLeaks release of the vault7 material, the security of the UEFI (Unified Extensible Firmware Interface) firmware used in most PCs and laptops is once again a concern. UEFI is a proprietary and closed-source operating system, with a codebase almost as large as the Linux kernel, that runs when the system is powered on and continues to run after it boots the OS (hence its designation as a “Ring -2 hypervisor"). It is a great place to hide exploits since it never stops running, and these exploits are undetectable by kernels and programs. Our answer to this is NERF (Non-Extensible Reduced Firmware), an open source software system developed at Google to replace almost all of UEFI firmware with a tiny Linux kernel and initramfs. The initramfs file system contains an init and command line utilities from the u-root project (http://u-root.tk/), which are written in the Go language.
![Insecure Containers? Continuous Defense Against Open Source Exploits [A]](/2017/images/all/lf_huffc03acb4b89c823f315cae16e4b2e6b_29065_700x350_resize_q75_box.jpg)