Translate

See Also

Archives
 
  Older Entries »

UEFI Utility to Read TPM 2.0 PCRs

In this post, I discuss a number of key TPM 2.0 features such as multiple algorithm support and PCR banks, and provide the source code for a UEFI shell utility to display the digests from the first 24 PCRs of a TPM 2.0 implementation.

March 12th, 2017 | Tags: , , , , , , , , | Category: Authentication, C, Cryptography, EFI, firmware, Lenovo, Linux, Security, TPM, UEFI | 2 comments - (Comments are closed)

UEFI Utility to Read TPM 1.2 PCRs

In this post, I provide the source code for a UEFI shell utility to print out all the Platform Configuration Registers (PCRs) for a TPM 1.2 (Trusted Platform Module, version 1.2) and briefly discuss SRTM versus DRTM.

January 15th, 2017 | Tags: , , , , , , , , | Category: C, Cryptography, EFI, Secure Boot, Security, TPM, UEFI | 4 comments - (Comments are closed)

RNG Protocol Error in Lenovo ThinkPad Firmware

This post discusses the UEFI 2.4 Random Number Generator protocol and Lenovo’s current implementation of the protocol and suggests there is an error in their implementation.

August 10th, 2016 | Tags: , , , , , | Category: Cryptography, debug, EFI, firmware, Lenovo, Security, UEFI | Comments are closed

Lenovo ThinkPwn POC Ported to UDK2015

This blog contains the source code for my UDK2015 port of the ThinkPwn Oday proof of concept demonstration.

July 3rd, 2016 | Tags: , | Category: debug, EFI, firmware, Lenovo, Security, UEFI | One comment - (Comments are closed)

On-disk File Timestamps

The Single Unix Specification, Base Definitions (XBD), Section 4.8 entitled “File Times Update” states “An implementation may update timestamps that are marked for update immediately, or it may update such timestamps periodically.” This means that, for example, that file read and write operations are free to set the appropriate flags in the in-memory structures and do the actual updating of the on-disk filesystem structures at a later time. Assuming periodically means from time to time, it implies that a POSIX-compliant operating system is free to update it’s on-disk structures when it is convenient for the operating system to do so.

July 13th, 2015 | Tags: , , , | Category: kernel, Security, Unix | Comments are closed