home libri books Fumetti ebook dvd top ten sconti 0 Carrello


Torna Indietro

yao jiewen; zimmer vincent - building secure firmware

Building Secure Firmware Armoring the Foundation of the Platform

;




Disponibilità: Normalmente disponibile in 15 giorni
A causa di problematiche nell'approvvigionamento legate alla Brexit sono possibili ritardi nelle consegne.


PREZZO
48,98 €
NICEPRICE
46,53 €
SCONTO
5%



Questo prodotto usufruisce delle SPEDIZIONI GRATIS
selezionando l'opzione Corriere Veloce in fase di ordine.


Pagabile anche con Carta della cultura giovani e del merito, 18App Bonus Cultura e Carta del Docente


Facebook Twitter Aggiungi commento


Spese Gratis

Dettagli

Genere:Libro
Lingua: Inglese
Editore:

Apress

Pubblicazione: 10/2020
Edizione: 1st ed.





Trama

Use this book to build secure firmware.

As operating systems and hypervisors have become successively more hardened, malware has moved further down the stack and into firmware. Firmware represents the boundary between hardware and software, and given its persistence, mutability, and opaqueness to today’s antivirus scanning technology, it represents an interesting target for attackers.

As platforms are universally network-connected and can contain multiple devices with firmware, and a global supply chain feeds into platform firmware, assurance is critical for consumers, IT enterprises, and governments. This importance is highlighted by emergent requirements such as NIST SP800-193 for firmware resilience and NIST SP800-155 for firmware measurement.

This book covers the secure implementation of various aspects of firmware, including standards-based firmware—such as support of the Trusted Computing Group (TCG), Desktop Management Task Force (DMTF), and Unified Extensible Firmware Interface (UEFI) specifications—and also provides code samples and use cases. Beyond the standards, alternate firmware implementations such as ARM Trusted Firmware and other device firmware implementations (such as platform roots of trust), are covered.


What You Will Learn

  • Get an overview of proactive security development for firmware, including firmware threat modeling
  • Understand the details of architecture, including protection, detection, recovery, integrity measurement, and access control
  • Be familiar with best practices for secure firmware development, including trusted execution environments, cryptography, and language-based defenses
  • Know the techniques used for security validation and maintenance

Who This Book Is For

Given the complexity of modern platform boot requirements and the threat landscape, this book is relevant for readers spanning from IT decision makers to developers building firmware




Sommario

Part 1: Overview

 

Chapter 1: Introduction Security

Threat Model

Design

Validation

 

Chapter 2: Introduction Host Firmware

Industry Standard

Boot Flow / Phase hand-off

Minimal Firmware Requirement

Hardware ROT

CPU/silicon init

PCI resource allocation.

prepare platform info (memmap/ACPI)

Jump to OS.

Runtime Interface (SMM, UEFI Runtime, ASL)

General Principle -  Protect / Detect / Recovery

 

Part 2: Boot Security

 

Chapter 3: Firmware Resilience - Protection

Flash Lock

Flash Wear out

Capsule Flow (*)

Signed Update

 

Chapter 4: Firmware Resilience - Detection

Boot Flow (*)

Intel Boot Guard

OBB Verification

UEFI Secure Boot

Local

Remote

TXT- SX

(coreboot)

 

Chapter 5: Firmware Resilience – Recovery

Recovery Flow (*)

Signed Recovery

Top Swap

Rollback, SVNs

 

Chapter 6: OS/Loader Resilience

Platform Recovery

OS Recovery

(Android Verified Boot)

 

Chapter 7: Trusted Boot

Measured Boot Flow (*)

SRTM (Boot Guard)

DRTM (TXT)

TPM1.2/2.0

Physical Presence

MOR / Secure MOR

 

Chapter 8: Authentication

User Authentication

HDD Password

OPAL Password

 

Chapter 9: S3 resume

S3 resume flow (*)

LockBox

 

Chapter 10: Device Security

PCI Bus (*)

DMA protection

Device Measurement

Device Authentication

Device firmware update

 

Chapter 11: Silicon Security Configuration

Flash SPI lock

SMM Lock

BAR Lock

Chapter: Supply Chain (Vincent)

OEM/ODM/BIOS vendor/IHV

Open source

Fingerprinting

Manufacturing flow to shipment

 

Part 3: Data Security

 

Chapter 12: UEFI Kernel

DXE/PEI Core (*)

Heap Guard

Stack Guard

NX protection

Enclave

 

Chapter 13: Management Mode

SMM Core (*)

SMM Communication (*)

StandaloneMM (*)

MMIO Protection

Secure SMM Communication

Intel Runtime Resilience

STM (SMI Transfer Monitor)

Chapter: UEFI Variable (Vincent)

Authentication

Variable Lock

Variable Check

Variable Quota Management

Confidentiality

Integrity and Rollback

TPM Binding

RPMB

RPMC

 

Part 4: Miscellaneous

 

Chapter 14: General Coding Practice

Buffer Overflow

Banned API

Integer Overflow

SafeInt lib

Chapter: Cryptograph (Vincent)

Hash usage in firmware

Encryption usage in firmware

Signing & verification usage in firmware

 

Chapter 15: Compiler Defensive Technology

Stack Cookie

Non-Executable

Address Space Randomization

Control Flow Integrity (CFI) / Control Flow Enforcement (CET)

Runtime Check (stack/un-initialized data/integer overflow)

Chapter: Race Condition (Vincent)

BSP/AP handling in UEFI

BSP/AP handling in SMM

TOC/TOU

 

Chapter 16: Information Leak

Side Channel

MDS

SMM

 

Chapter 17: Programming Language

C Language

Rust Language

Part: Security Test

 

Chapter 18: HBFA

Hardware Emulation

Security Unit Test

Fuzzing (AFL)

Static analysis

 

Chapter 19: chipsec

Configuration Check

SMI Fuzzing

Variable fuzzing

Whitelisting/Blacklisting

 

Part 5: Other

 

Chapter 20: Conclusion

 

Part 6: Appendices

 

Secure coding checklist

Secure review checklist

API summary

 

Part 7: References





Autore

Jiewen Yao is a principal engineer in the Intel Architecture, Graphics, and Software Group. He has been engaged as a firmware developer for over 15 years. He is a member of the UEFI Security sub team, and the TCG PC Client sub working group. He has presented at industry events such as the Intel Developer Forum, UEFI Plugfest, and RSA conference. He worked with co-author Vincent Zimmer to publish 30 “A Tour Beyond BIOS” technical papers for tianocore.org and firmware.intel.com. He holds 40 US patents.

Vincent Zimmer is a senior principal engineer in the Intel Architecture, Graphics, and Software Group. He has been engaged as a firmware developer for over 25 years and leads the UEFI Security sub team. He has presented at industry events such as the Open Source Firmware Conference, Linux Fest Northwest, Intel Developer Forum, UEFI Plugfest, Open Compute Project Summit, BlackHat Las Vegas, BSides Seattle, Toorcon, and Cansecwest. In addition to collaborating with Jiewen Yao on many white papers, he has co-authored several books on firmware, papers, and over 400 issued US patents.











Altre Informazioni

ISBN:

9781484261057

Condizione: Nuovo
Dimensioni: 254 x 178 mm Ø 1790 gr
Formato: Brossura
Illustration Notes:XXX, 930 p. 423 illus.
Pagine Arabe: 930
Pagine Romane: xxx


Dicono di noi