We, the IT Security Student Council, are organising the Open Source Firmware Day together with 9Elements (https://9esec.io/) on 23 November 2024 from 8 am to 7 pm. We cordially invite you to join us.
There will be additional time for food and conversation afterwards.
Many thanks also to the Horst Görz Institute for IT Security, CASA, and the Max Planck Institute for Security and Privacy for their extensive support of this event.
What can we expect?
Various workshops on the topic of firmware development and its security, as well as presentations on the topic with speakers from Intel, Google and the BSI.
Background
At a time when technology is such an important part of our lives, firmware often remains invisible in the background. Yet it is at the heart of our devices – from smartphones and laptops to intelligent household appliances.
Closed firmware cannot be audited in a traceable manner, which harbours risks for security and data protection. Companies usually promise that their implementations are good, but unfortunately this is too often not true. The open source approach, on the other hand, allows anyone to check, understand and improve the code. Vulnerabilities are then discovered and fixed together before they are exploited.
Motivation
Find out at Open Source Firmware Day why open firmware is not just a technical trend, but essential for control and trust in our devices.
Getting into the topic is not always trivial, but our workshops and presentations make it easier. At the same time, we offer opportunities to network with professionals. Whether beginner or professional, everyone is welcome.
What do you need?
- Your own laptop
- Food and drinks are provided
- Admission is free of charge
Registration is required for participation. Although admission is free, tickets will be checked for capacity planning purposes.
We look forward to seeing you! Every RUB student can register.
Talks
| Presentation | Speaker | Description |
| The Hidden Code that Powers Our World | Subrata Banik | This presentation delves into the critical role of embedded systems in our technology-driven world, highlighting firmware as the often-overlooked backbone of these systems. It underscores the significance of firmware development and explores the potential for a rewarding career in this field. Attendees will gain insights into the essential skills required for industry-ready firmware expertise. A live demo featuring Chromebooks will showcase the power of open-source firmware. The session concludes with an interactive Q&A session, allowing participants to further engage with the topic. |
| Firmware and below-the-OS security | Vincent Zimmer | This presentation will discuss challenges in securing a modern platform. As application stacks, operating systems and hypervisors have become successively more secure, threats against the platform have moved ‚below the OS‘ into layers of the stack such as system firmware. A taxonomy of threats against firmware will be discussed along with a collection of defenses. Attendees will gain insights into the challenges to help both maintain and create future defenses in this ever-moving threat landscape. Specific attacks and mitigations against UEFI style systems and defenses in open source frameworks like EDKII will be reviewed. The session concludes with an interactive Q&A session, allowing participants to further engage with the topic. |
| Firmware@BSI | Carl Daniel | tba |
Speaker
Subrata Banik
Subrata Banik is a seasoned Firmware Engineer and Technical Staff Member at Google, with extensive experience in system firmware design and development. He has worked on a broad range of firmware architectures, including UEFI and Coreboot, and has contributed to platform enablement for major PC makers. Subrata is a dedicated open-source advocate, notably leading contributions to Coreboot. He shares his knowledge through technical talks and authored books on embedded systems. You can connect with him on Twitter and LinkedIn.
Social Media
Twitter/X at @abarjodi
LinkedIn: Subrata Banik – Firmware Engineer – Google
https://www.linkedin.com/in/subrata-banik-268b3317/.
Vincent Zimmer
Vincent Zimmer is a principal engineer at Microsoft. Prior to Microsoft, Vincent was at Intel for 27 years and he has been engaged as a firmware developer for over 30 years. At Intel, he was part of the original team that created EFI in 1999 that has become the UEFI standard and EDKII codebase used today. He has presented at industry events such as the Open Source Firmware Conference, Linux Fest Northwest, Intel Developer Forum, UEFI Plugfest, Open Compute Project Summit, BlackHat Las Vegas, BSides Seattle, Toorcamp, and Cansecwest. In addition to creating many white papers, he has co-authored several books on firmware, papers, and over 480 issued US patents.
Carl Daniel
tba
Schedule
8:00 - Breakfast
9:00 - Opening: Short introduction to open source firmware
9:15 - Presentation: "The Hidden Code that Powers Our World"
9:45 - Presentation: tba
10:00 - Coffee break
10:15 - Workshop (beginners): Introduction to Coreboot with QEMU
11:30 - Lunch
13:00 - Presentation: "Firmware and below-the-OS security"
13:30 - Workshop (beginners): Coreboot Hands-On with Odroid H4+
Workshop (beginners and advanced): Safety (tba)
19:00 - Dinner & rounding off the day