Building Secure Firmware - Yao Jiewen; Zimmer Vincent | Libro Apress 10/2020 - HOEPLI.it


home libri books ebook dvd e film top ten sconti 0 Carrello


Torna Indietro

yao jiewen; zimmer vincent - building secure firmware

Building Secure Firmware Armoring the Foundation of the Platform

;




Disponibilità: solo 1 copia disponibile, compra subito!

Se ordini entro 23 ore e 8 minuti, consegna garantita in 48 ore lavorative
scegliendo le spedizioni Express



PREZZO
36,40 €
NICEPRICE
34,58 €
SCONTO
5%



Questo prodotto usufruisce delle SPEDIZIONI GRATIS
selezionando l'opzione Corriere Veloce in fase di ordine.


Pagabile anche con App18 Bonus Cultura e Carta Docenti


Facebook Twitter Aggiungi commento


Spese Gratis

Dettagli

Genere:Libro
Lingua: Inglese
Editore:

Apress

Pubblicazione: 10/2020
Edizione: 1st ed.





Sommario

Part 1: Overview

 

Chapter 1: Introduction Security

Threat Model

Design

Validation

 

Chapter 2: Introduction Host Firmware

Industry Standard

Boot Flow / Phase hand-off

Minimal Firmware Requirement

Hardware ROT

CPU/silicon init

PCI resource allocation.

prepare platform info (memmap/ACPI)

Jump to OS.

Runtime Interface (SMM, UEFI Runtime, ASL)

General Principle -  Protect / Detect / Recovery

 

Part 2: Boot Security

 

Chapter 3: Firmware Resilience - Protection

Flash Lock

Flash Wear out

Capsule Flow (*)

Signed Update

 

Chapter 4: Firmware Resilience - Detection

Boot Flow (*)

Intel Boot Guard

OBB Verification

UEFI Secure Boot

Local

Remote

TXT- SX

(coreboot)

 

Chapter 5: Firmware Resilience – Recovery

Recovery Flow (*)

Signed Recovery

Top Swap

Rollback, SVNs

 

Chapter 6: OS/Loader Resilience

Platform Recovery

OS Recovery

(Android Verified Boot)

 

Chapter 7: Trusted Boot

Measured Boot Flow (*)

SRTM (Boot Guard)

DRTM (TXT)

TPM1.2/2.0

Physical Presence

MOR / Secure MOR

 

Chapter 8: Authentication

User Authentication

HDD Password

OPAL Password

 

Chapter 9: S3 resume

S3 resume flow (*)

LockBox

 

Chapter 10: Device Security

PCI Bus (*)

DMA protection

Device Measurement

Device Authentication

Device firmware update

 

Chapter 11: Silicon Security Configuration

Flash SPI lock

SMM Lock

BAR Lock

Chapter: Supply Chain (Vincent)

OEM/ODM/BIOS vendor/IHV

Open source

Fingerprinting

Manufacturing flow to shipment

 

Part 3: Data Security

 

Chapter 12: UEFI Kernel

DXE/PEI Core (*)

Heap Guard

Stack Guard

NX protection

Enclave

 

Chapter 13: Management Mode

SMM Core (*)

SMM Communication (*)

StandaloneMM (*)

MMIO Protection

Secure SMM Communication

Intel Runtime Resilience

STM (SMI Transfer Monitor)

Chapter: UEFI Variable (Vincent)

Authentication

Variable Lock

Variable Check

Variable Quota Management

Confidentiality

Integrity and Rollback

TPM Binding

RPMB

RPMC

 

Part 4: Miscellaneous

 

Chapter 14: General Coding Practice

Buffer Overflow

Banned API

Integer Overflow

SafeInt lib

Chapter: Cryptograph (Vincent)

Hash usage in firmware

Encryption usage in firmware

Signing & verification usage in firmware

 

Chapter 15: Compiler Defensive Technology

Stack Cookie

Non-Executable

Address Space Randomization

Control Flow Integrity (CFI) / Control Flow Enforcement (CET)

Runtime Check (stack/un-initialized data/integer overflow)

Chapter: Race Condition (Vincent)

BSP/AP handling in UEFI

BSP/AP handling in SMM

TOC/TOU

 

Chapter 16: Information Leak

Side Channel

MDS

SMM

 

Chapter 17: Programming Language

C Language

Rust Language

Part: Security Test

 

Chapter 18: HBFA

Hardware Emulation

Security Unit Test

Fuzzing (AFL)

Static analysis

 

Chapter 19: chipsec

Configuration Check

SMI Fuzzing

Variable fuzzing

Whitelisting/Blacklisting

 

Part 5: Other

 

Chapter 20: Conclusion

 

Part 6: Appendices

 

Secure coding checklist

Secure review checklist

API summary

 

Part 7: References





Trama

Use this book to build secure firmware.

As operating systems and hypervisors have become successively more hardened, malware has moved further down the stack and into firmware. Firmware represents the boundary between hardware and software, and given its persistence, mutability, and opaqueness to today’s antivirus scanning technology, it represents an interesting target for attackers.

As platforms are universally network-connected and can contain multiple devices with firmware, and a global supply chain feeds into platform firmware, assurance is critical for consumers, IT enterprises, and governments. This importance is highlighted by emergent requirements such as NIST SP800-193 for firmware resilience and NIST SP800-155 for firmware measurement.

This book covers the secure implementation of various aspects of firmware, including standards-based firmware—such as support of the Trusted Computing Group (TCG), Desktop Management Task Force (DMTF), and Unified Extensible Firmware Interface (UEFI) specifications—and also provides code samples and use cases. Beyond the standards, alternate firmware implementations such as ARM Trusted Firmware and other device firmware implementations (such as platform roots of trust), are covered.


What You Will Learn

  • Get an overview of proactive security development for firmware, including firmware threat modeling
  • Understand the details of architecture, including protection, detection, recovery, integrity measurement, and access control
  • Be familiar with best practices for secure firmware development, including trusted execution environments, cryptography, and language-based defenses
  • Know the techniques used for security validation and maintenance

Who This Book Is For

Given the complexity of modern platform boot requirements and the threat landscape, this book is relevant for readers spanning from IT decision makers to developers building firmware




Autore

Jiewen Yao is a principal engineer in the Intel Architecture, Graphics, and Software Group. He has been engaged as a firmware developer for over 15 years. He is a member of the UEFI Security sub team, and the TCG PC Client sub working group. He has presented at industry events such as the Intel Developer Forum, UEFI Plugfest, and RSA conference. He worked with co-author Vincent Zimmer to publish 30 “A Tour Beyond BIOS” technical papers for tianocore.org and firmware.intel.com. He holds 40 US patents.

Vincent Zimmer is a senior principal engineer in the Intel Architecture, Graphics, and Software Group. He has been engaged as a firmware developer for over 25 years and leads the UEFI Security sub team. He has presented at industry events such as the Open Source Firmware Conference, Linux Fest Northwest, Intel Developer Forum, UEFI Plugfest, Open Compute Project Summit, BlackHat Las Vegas, BSides Seattle, Toorcon, and Cansecwest. In addition to collaborating with Jiewen Yao on many white papers, he has co-authored several books on firmware, papers, and over 400 issued US patents.








Altre Informazioni

ISBN:

9781484261057

Condizione: Nuovo
Dimensioni: 254 x 178 mm Ø 1790 gr
Formato: Brossura
Illustration Notes:423 Illustrations, black and white
Pagine Arabe: 930
Pagine Romane: xxx






Utilizziamo i cookie di profilazione, anche di terze parti, per migliorare la navigazione, per fornire servizi e proporti pubblicità in linea con le tue preferenze. Se vuoi saperne di più o negare il consenso a tutti o ad alcuni cookie clicca qui. Chiudendo questo banner o proseguendo nella navigazione acconsenti all’uso dei cookie.

X