Image of XSLT 2.0 and XPath 2.0 Programmer's Reference (Programmer to Programmer)
Image of Android Wireless Application Development
Image of Linux Kernel Development (3rd Edition)
Image of RHCE Red Hat Certified Engineer Linux Study Guide (Exam RH302) (Certification Press)

UEFI Utility to Read TPM 2.0 PCRs

In a previous post, I discussed how to retrieve Platform Configuration Register (PCR) values from a discrete TPM (Trusted Platform Module) 1.2 chip (dTPM 1.2) and provided source code for a UEFI shell utility to display the digests from the first 16 PCRs. In this post, I discuss a number of key TPM 2.0 features and provide the source code for a UEFI shell utility to display the digests from the first 24 PCRs of a TPM 2.0 implementation. What is driving the move to TPM 2.0? Simple, TPM 1.2 ((ISO/IEC 11889) only supports one hash algorithm, i.e. SHA1, and

UEFI Utility to Read TPM 1.2 PCRs

A Trusted Platform Module (TPM) supports many security functions including a number of special registers called Platform Configuration Registers (PCRs) which can hold data in a shielded location in a manner that prevents tampering or spoofing. A PCR is a 20-byte register. which incidentally is the length of a SHA-1 (Secure Hash Algorithm) hash. Most modern TPMs have 24 or even more PCRs; older ones have 16 PCRs. The TPM 1.2 specification, developed by the Trusted Computing Group (TCG) only requires 16 PCRs. Typically PCRs are used to store measurements. Measurements can be of code, data structures, configuration, information, or

RNG Protocol Error in Lenovo ThinkPad Firmware

The UEFI specification defines a Random Number Generator protocol (RNG), which can be used to provide random numbers for use in nonces, key generators, signature schemes and more. This protocol was first introduced in version 2.4 of the specification. A UEFI RNG service that implements this protocol takes an optional input value that identifies an RNG algorithm and provides a RNG value based on the input value and internal state, including the state of its entropy sources. When a Deterministic Random Bit Generator (DRBG) is used on the output of the raw entropy source, its security level must be at

Lenovo ThinkPwn POC Ported to UDK2015

The Lenovo ThinkPwn zeroday (Oday) proof of concept (POC) that a UEFI application can write via SMM to SMRAM has been very widely and sensationally reported in computing news media, including SlashDot in the last week or so. The POC was developed by Dmytro Oleksiuk, an independent infosec researcher and developer, who once worked as a technician for Esage Lab and was one of the cofounders of Neuron, the first Moscow hackspace. Olelsiuk claims to be “currently engaged in the research of vulnerabilities and malware as a hobby.” His blog post on ThinkPwn is here and the actual POC source

On-disk File Timestamps

The Single Unix Specification, Base Definitions (XBD), Section 4.8 entitled “File Times Update” states “An implementation may update timestamps that are marked for update immediately, or it may update such timestamps periodically.” This means that, for example, that file read and write operations are free to set the appropriate flags in the in-memory structures and do the actual updating of the on-disk filesystem structures at a later time. Assuming periodically means from time to time, it implies that a POSIX-compliant operating system is free to update it’s on-disk structures when it is convenient for the operating system to do so.