Zum Inhalt springen

Open Source Firmware Day @RUB

  • von

We, the IT Security Student Council, are organising the Open Source Firmware Day together with 9Elements (https://9esec.io/) on 23 November 2024 from 8 am to 7 pm. We cordially invite you to join us.
There will be additional time for food and conversation afterwards.

Many thanks also to the Horst Görz Institute for IT Security, CASA, and the Max Planck Institute for Security and Privacy for their extensive support of this event.

What can we expect?

Various workshops on the topic of firmware development and its security, as well as presentations on the topic with speakers from Intel, Google and the BSI.

Background

At a time when technology is such an important part of our lives, firmware often remains invisible in the background. Yet it is at the heart of our devices – from smartphones and laptops to intelligent household appliances.

Closed firmware cannot be audited in a traceable manner, which harbours risks for security and data protection. Companies usually promise that their implementations are good, but unfortunately this is too often not true. The open source approach, on the other hand, allows anyone to check, understand and improve the code. Vulnerabilities are then discovered and fixed together before they are exploited.

Motivation

Find out at Open Source Firmware Day why open firmware is not just a technical trend, but essential for control and trust in our devices.

Getting into the topic is not always trivial, but our workshops and presentations make it easier. At the same time, we offer opportunities to network with professionals. Whether beginner or professional, everyone is welcome.

What do you need?

  • Your own laptop
  • Food and drinks are provided
  • Admission is free of charge

Registration is required for participation. Although admission is free, tickets will be checked for capacity planning purposes.
We look forward to seeing you! Every RUB student can register.



Talks

PresentationSpeakerDescription
The Hidden Code that Powers Our WorldSubrata BanikThis presentation delves into the critical role of embedded systems in our technology-driven world, highlighting firmware as the often-overlooked backbone of these systems. It underscores the significance of firmware development and explores the potential for a rewarding career in this field. Attendees will gain insights into the essential skills required for industry-ready firmware expertise. A live demo featuring Chromebooks will showcase the power of open-source firmware. The session concludes with an interactive Q&A session, allowing participants to further engage with the topic.
Firmware and below-the-OS securityVincent ZimmerThis presentation will discuss challenges in securing a modern platform. As application stacks, operating systems and hypervisors have become successively more secure, threats against the platform have moved ‚below the OS‘ into layers of the stack such as system firmware. A taxonomy of threats against firmware will be discussed along with a collection of defenses. Attendees will gain insights into the challenges to help both maintain and create future defenses in this ever-moving threat landscape. Specific attacks and mitigations against UEFI style systems and defenses in open source frameworks like EDKII will be reviewed. The session concludes with an interactive Q&A session, allowing participants to further engage with the topic.
Open Source Firmware – A building block for secure and trustworthy systemsCarl Daniel HailfingerAn IT security perspective on open source firmware, current and future developments.

Speaker

Subrata Banik

Subrata Banik is a seasoned Firmware Engineer and Technical Staff Member at Google, with extensive experience in system firmware design and development. He has worked on a broad range of firmware architectures, including UEFI and Coreboot, and has contributed to platform enablement for major PC makers. Subrata is a dedicated open-source advocate, notably leading contributions to Coreboot. He shares his knowledge through technical talks and authored books on embedded systems. You can connect with him on Twitter and LinkedIn.

Social Media
Twitter/X at @abarjodi
LinkedIn: Subrata Banik – Firmware Engineer – Google
https://www.linkedin.com/in/subrata-banik-268b3317/.

Vincent Zimmer

Vincent Zimmer is a principal engineer at Microsoft.  Prior to Microsoft, Vincent was at Intel for 27 years and he has been engaged as a firmware developer for over 30 years. At Intel, he was part of the original team that created EFI in 1999 that has become the UEFI standard and EDKII codebase used today. He has presented at industry events such as the Open Source Firmware Conference, Linux Fest Northwest, Intel Developer Forum, UEFI Plugfest, Open Compute Project Summit, BlackHat Las Vegas, BSides Seattle, Toorcamp, and Cansecwest. In addition to creating many white papers, he has co-authored several books on firmware, papers, and over 480 issued US patents.

Carl Daniel Hailfinger

Carl-Daniel Hailfinger has been active in the coreboot and flashrom projects since 2004. He is working on operating system security at the Federal Office for Information Security (BSI) in Germany.


Schedule

8:00 - Breakfast
9:00 - Opening: Short introduction to open source firmware
9:15 - Presentation: "The Hidden Code that Powers Our World"
9:45 - Presentation: Open Source Firmware - A building block for secure and trustworthy systems

10:00 - Coffee break
10:15 - Workshop (beginners): Introduction to Coreboot with QEMU
11:30 - Lunch
13:00 - Presentation: "Firmware and below-the-OS security"
13:30 - Workshop (beginners): Coreboot Hands-On with Odroid H4+
Workshop (beginners and advanced): Safety (tba)
19:00 - Dinner & rounding off the day

Workshops

Coreboot Hands-On with Odroid H4+

This workshop provides an introduction to coreboot, an widely used open-source firmware project.
Join our workshop and learn coreboot – Beginner to Intermediate – Everyone’s welcome!

The coreboot project started in 1998, and has been widely deployed as host firmware, and you can find it running on each and every Chromebook sold today. Participants will gain hands-on experience with coreboot, learning to configure, build, and install it on real hardware. The session is ideal for developers and enthusiasts interested in firmware development and customization. Whether you’re an experienced developer or just starting out, there’s something for everyone! So don’t be shy if you’re completely new, we’ll be happy to give you an introduction. Still, having some basic knowledge of firmware, Linux or hardware basics will be helpful in your learning process.

Objectives:
Understand the basics of coreboot and its components, e.g. booting process and file compositions
Learn the process of configuring and building coreboot
Hands-on experience installing/ flashing coreboot on hardware
debugging issues and some customizations
Who Should Attend:
Students, Developers, hardware enthusiasts, and anyone interested in learning about open-source firmware.