www. O S N E W S .com
News Features Interviews
BlogContact Editorials

Replacing exploit-ridden firmware with a Linux kernel
By Thom Holwerda on 2017-10-29 17:44:11

Two weeks ago, security researchers managed to disable the Intel Management Engine, and last week, Google held a talk at the Open Source Summit (née LinuxCon) in which they unveiled their plans to completely (well, almost completely) replace every bit of code between the operating system you know about (Windows, Linux, BSD, whatever) and the bare metal x86 processor (Intel-only, for now).

With the WikiLeaks release of the vault7 material, the security of the UEFI (Unified Extensible Firmware Interface) firmware used in most PCs and laptops is once again a concern. UEFI is a proprietary and closed-source operating system, with a codebase almost as large as the Linux kernel, that runs when the system is powered on and continues to run after it boots the OS (hence its designation as a "Ring -2 hypervisor"). It is a great place to hide exploits since it never stops running, and these exploits are undetectable by kernels and programs.

Our answer to this is NERF (Non-Extensible Reduced Firmware), an open source software system developed at Google to replace almost all of UEFI firmware with a tiny Linux kernel and initramfs. The initramfs file system contains an init and command line utilities from the u-root project (http://u-root.tk/), which are written in the Go language.

Both the slides from the talk and the video are available.

19  Comments - Printer friendly - Related stories
Recent related stories
- Waymo's self-driving cars on public roads - without a driver - 2017-11-08
- Google Pixelbook review: emperor of Chrome - 2017-10-26
- Is Chrome OS ready to be a tablet OS? - 2017-10-02
- Google buys large part of HTC's smartphone team - 2017-09-21
- Google renames Fuchia's Magenta kernel to Zircon - 2017-09-15
- More related articles
 

Tell a friend
Your full name:
Your email address:
Your friend's email:
Anti-spam measure:
5+2=

News Features Interviews
BlogContact Editorials


WAP site - RSS feed
© OSNews LLC 1997-2007. All Rights Reserved.
The readers' comments are owned and a responsibility of whoever posted them.
Prefer the desktop version of OSNews?