Verified Boot: Surviving in the Internet of Insecure Things. Randall Spangler Chrome OS Firmware Lead
|
|
- Dominick Hill
- 1 years ago
- Views:
Transcription
1 Verified Boot: Surviving in the Internet of Insecure Things Randall Spangler Chrome OS Firmware Lead
2 Introduction Who am I? Chrome OS firmware engineer since 2009 Co-architect of the Chrome OS verified boot reference code But today, speaking as a Coreboot developer What do we want? A boot process that is secure, robust, and open. When do we want it? Seven years ago
3 Then and Now In 2009, focused on boot security for a new open-source laptop
4 Then and Now In 2009, focused on boot security for a new open-source laptop Now, there are a lot more devices.
5 Talk Outline What is verified boot? Idealized boot flow Verified boot in Coreboot today What's coming? How you can help
6 What is Verified Boot?
7 Verified Boot Means Different Things to People Normal User: It's running official stuff, which I trust. Open Source Developer: It's running my stuff, which I trust. Open Source User: It's running XXX developer's stuff, which I trust. Content Provider: It's running stuff, which I trust not to leak my content. Enterprise / Education: It's running official stuff I trust, but I don't trust my users.
8 What Do We Want To Protect? User and third-party data Stored on device Access to the cloud Owner's control of software running on the device Botnets Ransomware Schools must limit student device usage
9 Protecting Against Whom? Remote attackers (most important) Local attackers with casual access Local attackers with long-term access but not specialized tools (NEW!) Local attackers with specialized tools (Ha!) But not against legitimate device owners! You bought it, you can do what you want with it Hard tradeoffs to protect the other cases but still allow this
10 Only As Secure As Where You Start Mask ROM and efused keys are really read-only Also usually closed-source. (Backdoors, extra keys?) Who holds the signing keys? SPI Flash can be physically read-only (write protect pin) emmc / SATA / NVMe storage has its own upgradeable firmware
11 Only As Secure As the Worst Bug You Can Patch Read-only boot stage must do as little as possible RAM init should be in a later RW firmware stage Rollback protection for later boot stages Need lockable NV storage for this (TPM, or NVMs + discrete logic) Keys leak; better make them rollable too Updates need to be painless and may fail Multiple copies of RW firmware
12 Need a Robust Read-Only Recovery Path Minimal attack surface Recovery path itself is an attack vector for local attackers Network recovery is hard Triggering recovery mode Automatically, on verified boot failure Manually, by local user
13 What About Open Source Developers and Users? What's the point of being open source OS and firmware if you can't use your own? Developers should have access to all device functionality But not necessarily all pre-installed content keys Developers should be able to protect their devices too "Developer mode" does not mean "insecure mode"
14 Developer Modes Developer OS Mode Requires physical access to enable Warning screen or lights at boot time Developer Firmware Mode No warning screen possible Requires long-term physical access Enterprise owners need to be able to disable developer modes (reversibly!)
15 Performance Verified boot shouldn't hurt boot time significantly Verify only what you need for next stage Some ARM SoC boot a slow core first Hardware crypto support on some SoC (but can we trust it?)
16 Verified Boot Flow (simplified)
17 Read-Only (RO) Firmware Check for recovery request (manual or automatic) Check rewriteable (RW) firmware Two firmware slots (A, B) Verify firmware data key using root key (from RO) Verify firmware payload using firmware data key Rollback protection for both firmware data key and payload NV storage for firmware versions - roll forward (if needed) then lock (always) Jump to RW firmware
18 Rewritable (RW) Firmware Initialize components/devices DRAM, storage (emmc / SATA) Maybe display, keyboard, USB Check for Developer OS Mode Developer flag in lockable NV storage Bypasses kernel data key check (below) Warning screen with 30-sec timeout, bypass with key combo Normal users can disable developer OS mode from screen Developers can boot USB or legacy BIOS (SeaBIOS) if enabled
19 Rewritable (RW) Firmware (continued) Check OS Kernel Multiple kernel partitions in GPT with priority/tries fields Verify kernel data key using kernel subkey (from RW)...unless in developer OS mode (then any kernel data key will do) Verify kernel payload using kernel data key Rollback protection for both kernel data key and payload NV storage for kernel versions - roll forward (if needed) then lock (always) Jump to OS kernel
20 Recovery Firmware (read-only) Display recovery screen; wait for user to insert recovery media Use recovery key (from RO) to verify recovery OS kernel No rollback protection No developer mode NV storage for firmware, kernel versions left unlocked Local user can enable developer OS mode from firmware recovery screen Press physical key to confirm Store flag in lockable NV storage
21 Keys and More Keys Key Verifies Stored In Versioned Notes Root Key Firmware Data Key RO Firmware NO Private key in a locked room guarded by laser sharks; N of M present. RSA4096+ Firmware Data Key RW Firmware RW FW Header YES Private key on signing server. RSA4096. Kernel Subkey Kernel Data Key RW Firmware YES (as FW) Private key only needed to sign new kernel data key. RSA4096. Kernel Data Key OS Kernel OS Kernel Header YES Private key on signing server. RSA2048. Recovery Key Recovery OS Kernel RO Firmware NO Locked room and laser sharks. RSA Different than all keys above. Signs recovery installer, not payload.
22 Verified Boot in Coreboot Today
23 Vboot Reference Verified boot reference library, called by Coreboot and Depthcharge firmware/2lib, firmware/lib20 - "vboot 2" RW firmware verification Low memory footprint, designed to run in cache-as-ram firmware/include/vb2api.h - top level header for APIs firmware/lib - "vboot 1" OS kernel verification, firmware screen UI loops Still pretty specific to clamshell laptops and Chromeboxes Clunky; originally designed to be called from to UEFI BIOS firmware/lib/cryptolib - Software libraries for SHA, RSA firmware/lib/cgptlib - GPT parsing
24 Coreboot src/vendorcode/google/chromeos/ Recovery checking and RW firmware verification, using vboot_reference (2.0) library vboot2/vboot_logic.c - verstage_main(), calls into vboot_reference vboot2/antirollback.c - uses TPM to implement lockable NV storage vboot2/vboot_handoff.c - translation to old vboot1 shared data vbnv.c - NV storage (CMOS, SPI flash) for other state (recovery request, etc.)
25 Depthcharge OS kernel verification and firmware screens, using vboot_reference (1.0) library main.c, stages.c - thin wrapper around VbSelectAndLoadKernel() screens.c - boot screen compositing, display (but UI loop inside vboot1) callbacks/ - calls back into depthcharge from vboot_reference disk.c - read/write sector-based disk display.c - calls up to screens.c keyboard.c - get keystrokes nvstorage*.c - read/write non-lockable storage for vboot settings ec.c - interface to embedded controller for EC software sync tpm.c - TPM interface for lockable storage (but layer of calls inside vboot1)
26 What's Coming?
27 Device Form Factors Clamshell laptops Chromeboxes Tablets and routers EVERYTHING No matrixed keyboard - maybe just a button or two Depthcharge board/rush_ryu/keyboard.c No display - maybe just an LED or two Extremely cost sensitive What are we doing? Draw screens in depthcharge (vboot/screens.c) instead of compositing from bitmaps inside vboot_reference Moving UI loop from vboot_reference to depthcharge
28 Refactor Kernel Verification Currently, vboot1 assumes OS kernel on sector-based storage with GPT Want to support other storage types Raw NAND SPI flash What are we doing? Refactor kernel verification API in vboot_reference to be finer-grained Move higher-level logic to depthcharge Also purge the terrible coding style we used for vboot1
29 Verified CBFS Currently, RW firmware inefficiently verified as one big blob Want RAM init code in RW But before RAM init, not enough RAM to hold the RW firmware Don't want to load display assets or component firmware unless needed What we're doing et al.) Vboot only verifies RW CBFS metadata, including file data digests CBFS verifies digest of each file's data when loading that data
30 Better Support for Owner (vs. User) Control Original model: WP screw. Anyone with the device for 5 minutes is the owner. Schools don't like this. Students have screwdrivers too. NEW: Firmware Management Parameters (just checked into vboot_reference) Another lockable NV memory space Flag which tells RW firmware not to boot in developer OS mode Set/removed by enterprise enrollment Not present on normal individually-purchased devices Bonus for OS developers: expected kernel key hash RW firmware checks OS kernel data key in developer OS mode Now safe to allow booting from USB in developer OS mode
31 Protecting Content Keys On some SoC, DRM keys left exposed by mask ROM Entire RO firmware (Coreboot) verified by boot ROM, efused keys vboot_reference verifies root/recovery key matches expected hash from RO If not, clears DRM keys before (always) continuing to RW firmware Better: A small landing stage before verstage, verified by boot ROM, efused keys Check verstage and root/recovery keys against hash from landing stage Clear DRM keys on mismatch as above. Does nothing else! Always continues to verstage. Easy to inspect landing stage binary and make sure that's all it does.
32 Other Components Have Upgradeable Firmware EC, USB-C PD chips use "EC software sync" today. SATA, emmc, NVMe soon? Component has RO, RW firmware Depthcharge verifies component RW firmware hash vs. CBFS...and updates component as needed before jumping to OS Requires support from component firmware/hardware USB-C PD dead battery case is interesting Don't want PD chip talking to world from RO firmware But until it does, can't power up board all the way Need to boot SoC in low-power mode, just enough to verify components
33 The Goal Coreboot + Depthcharge have full support for verified boot by default As simple as setting a build flag and running a script to generate keys Flexible enough to customize for a wide range of form factors and use cases No excuse for device manufacturers not to have verified boot Support for open source developers Of both OS and firmware Transparency matters - need to be able to verify what the firmware does Security should not come at the expense of open source development on real devices
34 How You Can Help
35 How You Can Help Look at what we've done More eyeballs on verified boot code is a good thing Question our assumptions Contribute needed functionality (see what's coming, above). Think about security, particularly in the early boot stages (verstage, romstage) Keep being awesome Verified boot without coreboot is just a reference library Coreboot everywhere means verified boot can be everywhere too
36 Thank You!...Questions?
37 Backup
38 Design Docs Firmware design docs are in this section: Many docs are out of date, but still helpful to show our thought processes
Digging Into The Core of Boot
Digging Into The Core of Boot Yuriy Bulygin Oleksandr Bazhaniuk @c7zero @ABazhaniuk Agenda Intro Recap of MMIO BAR Issues in Coreboot & UEFI Coreboot ACPI GNVS Pointer Issue SMI Handler Issues in Coreboot
An Open Source Embedded Controller. Bill Richardson 2016 coreboot conference
An Open Source Embedded Controller Bill Richardson 2016 coreboot conference Chrome OS firmware engineer since 2009 Verified Boot Developer Mode Embedded Controller Case-closed debugging Some other stuff
FileWave 10 Webinar Q&A
FileWave 10 Webinar Q&A When will 10 be released? October 14 th, but you can sign up today to get into the beta program. Link: www.filewave.com/beta-program How stable is the beta? Should we use it for
How to create a trust anchor with coreboot.
How to create a trust anchor with coreboot. Trusted Computing vs Authenticated Code Modules Philipp Deppenwiese About myself Member of a hackerspace in germany. 10 years of experience in it-security. Did
COS 318: Operating Systems. File Systems. Topics. Evolved Data Center Storage Hierarchy. Traditional Data Center Storage Hierarchy
Topics COS 318: Operating Systems File Systems hierarchy File system abstraction File system operations File system protection 2 Traditional Data Center Hierarchy Evolved Data Center Hierarchy Clients
Firmware Updates for Internet of Things Devices
Firmware Updates for Internet of Things Devices Brendan Moran, Milosch Meriac, Hannes Tschofenig Drafts: draft-moran-suit-architecture draft-moran-suit-manifest 1 WHY DO WE CARE? 2 IoT needs a firmware
benefits for customers with subscriptions in CSP
Windows 10 upgrade benefits for customers with subscriptions in CSP Windows 10 upgrade benefits for customers Resources and guidance for organizations upgrading from Windows 7 and Windows 8/8.1 with subscriptions
I Want To Wipe My Computer Clean And Start Over Windows 7
I Want To Wipe My Computer Clean And Start Over Windows 7 How to delete everything on your laptop and start all over again You saved my life. How to wipe a laptop: Make sure your data is deleted before
Storage and File Hierarchy
COS 318: Operating Systems Storage and File Hierarchy Jaswinder Pal Singh Computer Science Department Princeton University (http://www.cs.princeton.edu/courses/cos318/) Topics Storage hierarchy File system
COS 318: Operating Systems
COS 318: Operating Systems File Systems: Abstractions and Protection Jaswinder Pal Singh Computer Science Department Princeton University (http://www.cs.princeton.edu/courses/cos318/) Topics What s behind
UEFI, SecureBoot, DeviceGuard, TPM a WHB (un)related technologies
GOLD PARTNER: Hlavní partner: Hlavní odborný partner: UEFI, SecureBoot, DeviceGuard, TPM a WHB (un)related technologies Ing. Ondřej Ševeček GOPAS a.s. MCSM:Directory MVP:Security CISA CISM CEH CHFI ondrej@sevecek.com
BIOS. Chapter The McGraw-Hill Companies, Inc. All rights reserved. Mike Meyers CompTIA A+ Guide to Managing and Troubleshooting PCs
BIOS Chapter 8 Overview In this chapter, you will learn how to Explain the function of BIOS Distinguish among various CMOS setup utility options Describe option ROM and device drivers Troubleshoot the
Statement of Volatility Dell PowerEdge R730 and R730XD
Statement of Volatility Dell PowerEdge R730 and R730XD Dell PowerEdge R730 and R730XD contains both volatile and non-volatile (NV) components. Volatile components lose their data immediately upon removal
Xerox Versant 3100 Press Xerox FreeFlow Print Server. Statement of Volatility Version 1.0
Xerox Versant 3100 Press Xerox FreeFlow Print Server Statement of Volatility Version 1.0 Xerox Versant 3100 Press FreeFlow Print Server Statement of Volatility 2017 Xerox Corporation. All rights reserved.
Statement of Volatility Dell DR6300, DR4300, and DR4300e
Statement of Volatility Dell DR6300, DR4300, and DR4300e Dell DR4300, DR4300e and DR6300 contain both volatile and non-volatile (NV) components. Volatile components lose their data immediately upon removal
Windows 7 Manual Update Install On New Hard Drive Fresh
Windows 7 Manual Update Install On New Hard Drive Fresh A new HDD + a working Windows install disk (not upgrade disk) should work. Solvednew hard drive install with fresh windows 7 can't find any network
Deploying Secure Boot: Key Creation and Management
presented by Deploying Secure Boot: Key Creation and Management UEFI Summer Summit July 16-20, 2012 Presented by Arie van der Hoeven (Microsoft Corporation) Updated 2011-06-01 1 Agenda Introduction Secure
Software Vulnerability Assessment & Secure Storage
Software Vulnerability Assessment & Secure Storage 1 Software Vulnerability Assessment Vulnerability assessment is the process of identifying flaws that reside in an OS, application software or devices
ECE 471 Embedded Systems Lecture 12
ECE 471 Embedded Systems Lecture 12 Vince Weaver http://www.eece.maine.edu/~vweaver vincent.weaver@maine.edu 8 October 2015 Announcements Homework grades have been sent out, let me know if you did not
For a complete list of modifications included in this update please refer to the Release Notes section at the bottom of this document.
GALAXY S 2.2 UPDATE New features and enhancements - Speed enhancements - Flash 10.x support - Samsung Media Hub - Save apps to your SD card to save internal memory - Support for new Google apps and other
Ios 7 Manual Restore From Icloud Slow >>>CLICK HERE<<<
Ios 7 Manual Restore From Icloud Slow Learn how to stop an icloud Restore that is stuck in progress in less than a minute. the content, maybe up to a day on a slow connection and an almost full iphone,
How To Install Flash Firefox Android Tablet Os On Hp
How To Install Flash Firefox Android Tablet Os On Hp Adobe may have cut support for Flash in Android Jelly Bean and beyond, but it's not don't officially support Flash, it's really easy to add Flash support
Embedded System Security Mobile Hardware Platform Security
1 Embedded System Security Mobile Hardware Platform Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Summer Term 2017 Acknowledgement This slide set
Android Gingerbread Manually Update To Jelly Bean Features
Android Gingerbread Manually Update To Jelly Bean 4.1.2 Features How to upgrade android 4.0, 4.1, 4.1.1, 4.1.2, 4.2.2 to 4.3 jellybean, 4.4, 4.4.1, 4.4.3, 4.4.4. Install latest Official Android 2.3.6 Gingerbread
BIOS Update Release Notes
BIOS Update Release Notes PRODUCTS: NUC5i3RYH, NUC5i3RYK, NUC5i5RYH, NUC5i5RYK, NUC5i7RYH (Standard BIOS) BIOS Version 0369 - RYBDWi35.86A.0369.2018.0305.1050 Date: March 05, 2018 o o Updated CPU Microcode
AMD Ryzen Threadripper NVMe RAID Quick Start Guide RC Release Version 1.0
AMD Ryzen Threadripper NVMe RAID Quick Start Guide RC-9.1.0 Release Version 1.0 1 P a g e Contents 1 GENERAL INFORMATION... 3 1.1 Purpose... 3 1.2 System requirements... 3 1.3 Information about supported
Embedded System Security Mobile Hardware Platform Security
1 Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Summer Term 2016 Acknowledgement This slide set is based on slides provided by
Using NVDIMM under KVM. Applications of persistent memory in virtualization
Using NVDIMM under KVM Applications of persistent memory in virtualization Stefan Hajnoczi About me QEMU contributor since 2010 Focus on storage, tracing, performance Work in Red
BIOS Update Release Notes
BIOS Update Release Notes PRODUCTS: NUC5i3RYH, NUC5i3RYK, NUC5i5RYH, NUC5i5RYK, NUC5i7RYH (Standard BIOS) BIOS Version 0359 RYBDWi35.86A.0359.2016.0906.1028 Date: September 06, 2016 Memory Reference Code:
Windows 7 Manual Update Install Clean Disk. Space >>>CLICK HERE<<<
Windows 7 Manual Update Install Clean Disk Space How to Clean up the WinSxS Directory and Free Up Disk Space on Windows Server 2008 -andfree-up-disk-space-with-a-new-update-for-windows-7-sp1-clients.aspx
Personal Cloud Self Protecting Self Encrypting Storage Devices
Personal Cloud Self Protecting Self Encrypting Storage Devices Robert Thibadeau, Ph.D. Chairman & CEO Drive Trust Alliance Bright Plaza, Inc. & School of Computer Science Carnegie Mellon University Takeaways
Trusted Computing. William A. Arbaugh Department of Computer Science University of Maryland cs.umd.edu
Trusted Computing William A. Arbaugh Department of Computer Science University of Maryland waa @ cs.umd.edu http://www.cs.umd.edu/~waa Getting Started Would you like to know what software is running on
How To Install Windows Xp Without Cd Rom Drive Bootable Usb And Floppy
How To Install Windows Xp Without Cd Rom Drive Bootable Usb And Floppy You can install Windows XP from USB drive or any removable drive. Try this procedure here to prepare bootable pen drive and install
OP-TEE Using TrustZone to Protect Our Own Secrets
OP-TEE Using TrustZone to Protect Our Own Secrets ROM-Code Bootloader Kernel Root File System ELC Europe 2017, 23.10.2016 Marc Kleine-Budde Slide 1 - http://www.pengutronix.de - 2017-10-23
BIOS Setup. User s Guide. (For Skylake-W Platform) Rev.1.1
BIOS Setup (For Skylake-W Platform) User s Guide Rev.1.1 Copyright 2017 GIGA-BYTE TECHNOLOGY CO., LTD. All rights reserved. The trademarks mentioned in this manual are legally registered to their respective
Manually Install Windows Updates Xp On 7 Laptop Using Usb Drive
Manually Install Windows Updates Xp On 7 Laptop Using Usb Drive A simple and useful guide to easily install Windows 7 on USB flash drives and external UPDATE: If you're having issues with this guide. please
BIOS Update Release Notes
BIOS Update Release Notes PRODUCTS: NUC5i3RYH, NUC5i3RYK, NUC5i5RYH, NUC5i5RYK, NUC5i7RYH (Standard BIOS) BIOS Version 0350 - RYBDWi35.86A.0350.2015.0812.1722 Date: August 12, 2015 ME Firmware: 10.0.45.1024
Evaluation Guide for ASP.NET Web CMS and Experience Platforms
Evaluation Guide for ASP.NET Web CMS and Experience Platforms CONTENTS Introduction....................... 1 4 Key Differences...2 Architecture:...2 Development Model...3 Content:...4 Database:...4 Bonus:
Forensics Challenges. Windows Encrypted Content John Howie CISA CISM CISSP Director, Security Community, Microsoft Corporation
Forensics Challenges Windows Encrypted Content John Howie CISA CISM CISSP Director, Security Community, Microsoft Corporation Introduction Encrypted content is a challenge for investigators Makes it difficult
How To Swap Ps3 Slim Hard Drive Without. Formatting >>>CLICK HERE<<<
How To Swap Ps3 Slim Hard Drive Without Formatting In terms of the rack you may try looking for the PS3 Slim HDD cage on ebay. have the formatting issue, but swapping drives over on one PS4 will likely
Seatools Set Capacity Manually
Seatools Set Capacity Manually Note: The MBR Partitions can define a disk drive capacity up to 2.2TB. Windows operating systems that boot from an MBR are therefore limited to 2.2TB per MBR. The ability
CIS Operating Systems I/O Systems & Secondary Storage. Professor Qiang Zeng Fall 2017
CIS 5512 - Operating Systems I/O Systems & Secondary Storage Professor Qiang Zeng Fall 2017 Previous class Memory subsystem How to allocate physical memory? How to do address translation? How to be quick?
UEFI and the Security Development Lifecycle
presented by UEFI and the Security Development Lifecycle Spring 2018 UEFI Seminar and Plugfest March 26-30, 2018 Presented by Tim Lewis (Insyde Software) Agenda The Threat Is Real The Security Development
Format Hard Drive Using Windows 7 Recovery Disk
Format Hard Drive Using Windows 7 Recovery Disk Jun 8, 2015. If it's not possible to create a recovery disk using this method, is it possible to backup Hey guys, I'm looking to format my hard-drive and
Technology in Action. Chapter Topics. Participation Question. Participation Question. Participation Question 8/8/11
Technology in Action Chapter 6 Understanding and Assessing Hardware: Evaluating Your System 1 Chapter Topics To buy or to upgrade? Evaluating your system CPU RAM Storage devices Video card Sound card System
Security in NVMe Enterprise SSDs
Security in NVMe Enterprise SSDs Radjendirane Codandaramane, Sr. Manager, Applications, Microsemi August 2017 1 Agenda SSD Lifecycle Security threats in SSD Security measures for SSD August 2017 2 SSD
Painless switch from proprietary hypervisor to QEMU/KVM. Denis V. Lunev
Painless switch from proprietary hypervisor to QEMU/KVM Denis V. Lunev den@openvz.org Contents Some words about Parallels Cloud Server 6 Choices to be made Performance results Status and future plans Parallels
I/O Hardwares. Some typical device, network, and data base rates
Input/Output 1 I/O Hardwares Some typical device, network, and data base rates 2 Device Controllers I/O devices have components: mechanical component electronic component The electronic component is the
Improve productivity with modernized PCs and Windows 10. Christopher Choong, DTM Field Marketing Manager
Improve productivity with modernized PCs and Windows 10 Christopher Choong, DTM Field Marketing Manager Impressive innovation. Inside and out. 3 4 It s an important time to refresh Design Every product
Instructions For Reformatting A Hard Drive >>>CLICK HERE<<<
Instructions For Reformatting A Hard Drive Windows 7 Fat32 1tb Make external harddrive compatible with mac and windows computer, How to format using. This happened once before and reformatting fixed it
6.033 Computer System Engineering
MIT OpenCourseWare http://ocw.mit.edu 6.033 Computer System Engineering Spring 2009 For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms. 6.033 2009 Lecture
Lecture 3 MOBILE PLATFORM SECURITY
Lecture 3 MOBILE PLATFORM SECURITY You will be learning: What techniques are used in mobile software platform security? What techniques are used in mobile hardware platform security? Is there a common
BACKUP, CLONE OR IMAGE? WHY YOU SHOULD BE INTERESTED
BACKUP, CLONE OR IMAGE? WHY YOU SHOULD BE INTERESTED BACKUP For most people, this means making copies of important files. If the originals are lost, damaged or inaccessible, the copies can be used. Usually,
How To Get All Google Play Apps On Rooted Android Phones 2012
How To Get All Google Play Apps On Rooted Android Phones 2012 Each Android application can have one or multiple services. They run in the Is there a way to undo the changes this app makes to your phone?
Meltdown and Spectre - understanding and mitigating the threats (Part Deux)
Meltdown and Spectre - understanding and mitigating the threats (Part Deux) Gratuitous vulnerability logos Jake Williams @MalwareJake SANS / Rendition Infosec sans.org / rsec.us @SANSInstitute / @RenditionSec
Integrity-checked block devices with device mapper. Mandeep Baines Will Drewry
Integrity-checked block devices with device mapper Mandeep Baines Will Drewry Huh? We'll talk about our efficient device mapper target that provides read-only access to blocks from another block device
How To Force Restore A Computer That Won Boot Up After System
How To Force Restore A Computer That Won Boot Up After System If your computer won't start up normally, you may need to use a disk repair utility This can occur after an improper shutdown, forced restart,
File Systems. Information Server 1. Content. Motivation. Motivation. File Systems. File Systems. Files
Content File Systems Hengming Zou, Ph.D. Files Disk scheduling, file structure, indexed files Directories File system implementation File system performance Example file systems 2006-4-29 1 2006-4-29 2
How To Completely Wipe A External Hard Drive Macbook Pro Retina
How To Completely Wipe A External Hard Drive Macbook Pro Retina Twitter: twitter.com/italkapple Links to hard drives commy Macbook Pro to my. Boost your Mac's performance and reclaim hard-drive space with
RAIFFEISENBANK BULGARIA
RAIFFEISENBANK BULGARIA IT thought leader chooses EMC XtremIO and VMware for groundbreaking VDI project OVERVIEW ESSENTIALS Industry Financial services Company Size Over 3,000 employees, assets of approximately
Binary Blobs Attack!!!
Binary Blobs Attack!!! Zach Pfeffer () Embedded Linux Conference 2012 I'm working on a movie... Here's the script... 8 AM - San Jose Philip...stretches, pees, starts checking mail Working Title: Binary
Manually Making Computer Faster Windows 7
Manually Making Computer Faster Windows 7 Starter Run To remove programs, press the Windows key + r to open the Run box. Adding more memory may not necessarily make your computer run faster. You can either
New Approaches to Connected Device Security
New Approaches to Connected Device Security Erik Jacobson Architecture Marketing Director Arm Arm Techcon 2017 - If you connect it to the Internet, someone will try to hack it. - If what you put on the
ECE 598 Advanced Operating Systems Lecture 2
ECE 598 Advanced Operating Systems Lecture 2 Vince Weaver http://www.eece.maine.edu/~vweaver vincent.weaver@maine.edu 15 January 2015 Announcements Update on room situation (shouldn t be locked anymore,
Hard Disk Organization. Vocabulary
Hard Disk Organization Vocabulary Platter: one ceramic plate, covered with magnetizable film where the bits are actually stored. Both sides of a platter can be used. Increasing the number of platters is
Sprint Samsung Galaxy S2 Manual Update Problem Kies
Sprint Samsung Galaxy S2 Manual Update Problem Kies "Advanced steps to take for Kies connection problems". Stock, official, Samsung Galaxy S2 firmware can be downloaded from the SamMobile Firmware Page.
The Root Cause of Unstructured Data Problems is Not What You Think
The Root Cause of Unstructured Data Problems is Not What You Think PRESENTATION TITLE GOES HERE Bruce Thompson, CEO Action Information Systems www.expeditefile.com What is this presentation all about?
Redesigning PKI To Solve Revocation, Expiration, & Rotation Problems. Brian
Redesigning PKI To Solve Revocation, Expiration, & Rotation Problems Brian Knopf @DoYouQA WHO AM I Sr Director of Security Research & IoT Architect @Neustar @DoYouQA 20+ Home Previously years in IT, QA,
How Next Generation NV Technology Affects Storage Stacks and Architectures
How Next Generation NV Technology Affects Storage Stacks and Architectures Marty Czekalski, Interface and Emerging Architecture Program Manager, Seagate Technology Flash Memory Summit 2013 Santa Clara,
Definition. A series of detailed instructions that control the operation of a computer system. are developed by computer programmers
Computer Software Definition A series of detailed instructions that control the operation of a computer system. Software exists as programs that are developed by computer programmers Categories of software
Department of Computer Science and Engineering, Sri Jayachamarajendra College of Engineering, Mysore, Karnataka
FUTURE DIRECTIONS FOR FIRMWARE FLASHING ON ANDROID DEVICES Yadunandan Laxman Huded* & S. Srinath** Department of Computer Science and Engineering, Sri Jayachamarajendra College of Engineering, Mysore,
My Samsung Galaxy Manual S2 Wont Charge At
My Samsung Galaxy Manual S2 Wont Charge At All Answers to some of your questions about charging. How do I How do I know how much charge my phone has? From the home screen, tap the All apps icon. I left
Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop
Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop Part2 Security Enclaves Tech Seminars 2017 Agenda New security technology for IoT Security Enclaves CryptoIsland
Topics. File Buffer Cache for Performance. What to Cache? COS 318: Operating Systems. File Performance and Reliability
Topics COS 318: Operating Systems File Performance and Reliability File buffer cache Disk failure and recovery tools Consistent updates Transactions and logging 2 File Buffer Cache for Performance What
AMD RAID Installation Guide
AMD RAID Installation Guide 1. AMD BIOS RAID Installation Guide... 2 1.1 Introduction to RAID... 2 1.2 RAID Configurations Precautions... 4 1.3 Legacy RAID ROM Configuration (for AMD X370, B350, and A320
Windows Xp Installation User Manually Create Bootable Usb Flash Drive
Windows Xp Installation User Manually Create Bootable Usb Flash Drive To create a bootable USB drive manually, we will use the Command Prompt as by step to create a bootable USB drive as the Windows installation
Manual Install Android 4.4 On Galaxy S4 I9500 Release Date
Manual Install Android 4.4 On Galaxy S4 I9500 Release Date Samsung Galaxy S4 I9500 Android smartphone can now be updated with the Note: Applying this firmware update won't root the device in any manner
1 of 5 3/28/2010 8:01 AM Unit Testing Notes Home Class Info Links Lectures Newsgroup Assignmen [Jump to Writing Clear Tests, What about Private Functions?] Testing The typical approach to testing code
Intel Quark SoC X1000 Secure Boot
Programmer s Reference Manual (PRM) Order Number: 330234-001US Legal Lines and Disclaimers INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY
System CMOS/BIOS Configuration PC Diagnostics
System CMOS/BIOS Configuration PC Diagnostics (POST; Error Messages and Error Codes) CMOS/BIOS Complementary Metal Oxide Substrate (CMOS) A part of the motherboard that maintains system variables in static
Attacking and Defending the Platform
presented by Attacking and Defending the Platform Spring 2018 UEFI Seminar and Plugfest March 26-30, 2018 Presented by Erik Bjorge and Maggie Jauregui (Intel) Legal Notice No computer system can be absolutely
Computer Fundamentals and Operating System Theory. By Neil Bloomberg Spring 2017
Computer Fundamentals and Operating System Theory By Neil Bloomberg Spring 2017 INTRODUCTION This presentation will cover the fundamentals of Computer Operating Systems as a layered architecture using
Meltdown and Spectre - understanding and mitigating the threats
Meltdown and Spectre - understanding and mitigating the threats Gratuitous vulnerability logos Jake Williams @MalwareJake SANS / Rendition Infosec sans.org / rsec.us @RenditionSec The sky isn t falling!
Data rate - The data rate is the number of bytes per second that the drive can deliver to the CPU.
A+ Guide to Hardware, 4e Chapter 7 Hard Drives Learning from Floppy Drives Floppy drives are an obsolescent technology Replacements: CD drives and USB flash memory Good reasons for studying floppy drive
> Community > Search. 1) Did they act this way out of the box with the baseline Dell install BEFORE you installed anything?
Shop Support Participate Dell.com Print Share > Community > Search Dell Community All of Dell E4300 locking up Community Home Forums Tech Support Topics Laptop General Hardware Common Links View all users
Fix, Speed Up, And Protect Your Computer In One Hour: Windows 7 / Windows Vista Edition By Nabeel Alzahrani
Fix, Speed Up, And Protect Your Computer In One Hour: Windows 7 / Windows Vista Edition By Nabeel Alzahrani 7 Windows Vista Edition is available on print and digital edition. This pdf ebook is one of digital
Tailoring TrustZone as SMM Equivalent
presented by Tailoring TrustZone as SMM Equivalent Tony C.S. Lo Senior Manager American Megatrends Inc. UEFI Plugfest March 2016 www.uefi.org 1 Agenda Introduction ARM TrustZone SMM-Like Services in TrustZone
Building Trust Despite Digital Personal Devices
Building Trust Despite Digital Personal Devices OpenIT - 07.03.2014 by Javier González Javier González - jgon@itu.dk Philippe Bonnet - phbo@itu.dk Digital Society Distrust Users Personal Information! Information
IPv6: Are we really ready to turn off IPv4? Geoff Huston APNIC
IPv6: Are we really ready to turn off IPv4? Geoff Huston APNIC The IPv6 Timeline 1990 2000 2010 2020 The IPv6 Timeline Yes, we ve been working on this for close to 30 years! 1990 2000 2010 2020 In-situ
Implementing Bootloaders on Renesas MCUs
Implementing Bootloaders on Renesas MCUs Brandon Hussey, Applications Engineer Class ID: CL09I Renesas Electronics America Inc. Brandon Hussey Applications Engineer RX support Flash API Virtual EEPROM
CSE543 - Computer and Network Security Module: Trusted Computing
CSE543 - Computer and Network Security Module: Trusted Computing Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 What is Trust? 2 What is Trust? dictionary.com Firm reliance
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
Verizon Samsung Galaxy S3 Firmware Update Kies Probleme
Verizon Samsung Galaxy S3 Firmware Update Kies Probleme Problem: Hi I am hoping you can give me some direction on a problem I'm having I even thought that maybe the Verizon S3 firmware was corrupted, so
Embedded/Connected Device Secure Coding. 4-Day Course Syllabus
Embedded/Connected Device Secure Coding 4-Day Course Syllabus Embedded/Connected Device Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted
Nifty Type-C Features and Optimizations
Nifty Type-C Features and Optimizations Mark Hayter & David Schneider Hardware Engineering, Chrome OS, Google Inc Taipei, Taiwan October 24 25, 2017 1 Chromebook/USB-C: State of the union is good All new
Yaffs Tuning. Charles Manning
Yaffs Tuning Charles Manning 2012-07-22 Yaffs has many options for tuning for speed or memory use. This document details them for Yaffs Direct and Linux, covering compile time flags and settings, initialisation
BIOS Update Release Notes
BIOS Update Release Notes PRODUCTS: NUC5CPYH, NUC5PPYH, NUC5PGYH (Standard BIOS) BIOS Version 0058 - PYBSWCEL.86A.0058.2016.1102.1842 Date: November 02, 2016 Security Enhancements BIOS Version - PYBSWCEL.86A.0057.2016.1012.1134
CSCI-GA Database Systems Lecture 8: Physical Schema: Storage
CSCI-GA.2433-001 Database Systems Lecture 8: Physical Schema: Storage Mohamed Zahran (aka Z) mzahran@cs.nyu.edu http://www.mzahran.com View 1 View 2 View 3 Conceptual Schema Physical Schema 1. Create a
TCG TPM2 Software Stack & Embedded Linux. Philip Tricca
TCG TPM2 Software Stack & Embedded Linux Philip Tricca philip.b.tricca@intel.com Agenda Background Security basics Terms TPM basics What it is / what it does Why this matters / specific features TPM Software
HTML version of slides:
HTML version of slides: http://people.mozilla.org/~bbirtles/pres/graphical-web-2014/ Animations can be used for more than just cat gifs. They can be used to tell stories too. Animation is essentially