3/3/2023 0 Comments Insyde acpi bios update![]() ![]() Intel has announced support for the CHIPSEC tool which evaluates the register settings in the motherboard chips to see if they are correctly configured to protect the firmware and boot process. The USRT provides a single point of contact for researchers to report their findings and disseminate those to silicon, software and system vendors.Īt the same time, various UEFI Forum members, including Intel and my own company, Insyde Software, are producing domain-specific tools to test for certain well-known classes of vulnerabilities that are specific to our products. So the UEFI Forum responded by creating the USRT (UEFI Security Response Team), headed up by friend and former colleague, Dr. But the security researchers and hackers began picking those apart, looking for and finding corner cases. The various software initiatives (including the open source ones) have followed quickly behind to implement these standards. ![]() The UEFI Forum has recognized this for a while and responded by creating a flexible OS secure boot and secure firmware update strategy in version 2.4 of the specification. With UEFI, the firmware has also become more capable and standardized, so more resources are theoretically available Since firmware occupies such a privileged position in the software stack, successfully compromising it opens up a world of malware possibilities. Recent Black Hat presentations have increasingly focused on the vulnerabilities to be found in open source and closed source firmware implementations. The OEMs (and firmware vendors) are now find themselves in the hot seat. Now, with security: even if the user doesn't do something dumb, it is possible that the system is not ok. The assumption was: if you don't do something dumb, your system will be ok. 'security' will eclipse 'lost my password', 'can't flash my BIOS' and 'overclocking' as the top firmware story in 2015.įor each of the previous hot firmware topics, the focus was on the user doing something correctly or incorrectly. Nonetheless, as CTO of Insyde Software, I guess its also an unenviable part of my job. Predictions are notoriously fraught with peril and I am usually off-base or overly optimistic in mine. I stepped out on a limb this year and made a prediction. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |