University of Cambridge > Talks.cam > Computer Laboratory Systems Research Group Seminar > Replace your exploit-ridden firmware with a Linux Kernel

Replace your exploit-ridden firmware with a Linux Kernel

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Marco Caballero.

Abstract: With the WikiLeaks release of the vault7 material, the security of the UEFI (Unified Extensible Firmware Interface) firmware used in most PCs and laptops is once again a concern. UEFI is a proprietary and closed-source operating system, with a codebase almost as large as the Linux kernel, that runs when the system is powered on and continues to run after it boots the OS (hence its designation as a “Ring -2 hypervisor”). It is a great place to hide exploits since it never stops running, and these exploits are undetectable by kernels and programs.

Our answer to this is NERF (Non-Extensible Reduced Firmware), an open source software system developed at Google to replace almost all of UEFI firmware with a tiny Linux kernel and initramfs. The initramfs file system contains an init and command line utilities from the u-root project (http://u-root.tk/), which are written in the Go language.

Bio: Ron Minnich is the inventor of LinuxBIOS, now known as coreboot. He is a member of the Technical Steering Committee for LinuxBoot, as well as co-leader of the Open Systems Firmware project at the Open Compute Project.

He has worked in firmware for 40 years and in the open source firmware area for 20. He started the LinuxBoot project in January 2017, being deployed at many companies. Ron has contributed to many open source operating systems, including FreeBSD, Plan 9, and Linux.

This talk is part of the Computer Laboratory Systems Research Group Seminar series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.

 

© 2006-2025 Talks.cam, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity