[SASAG] follow-up to September UEFI talk

Blibbet blibbet at gmail.com
Thu Oct 22 13:29:22 PDT 2015

Re: last month's UEFI defensive talk at SASAG, I gave a
slightly-improved version of the September SASAG talk at Security
B-Sides Portland last week, slides are here[1]. At the SASAG talk, I
gave misinformation about NIST SP800-147 Provisioning phase re: 'golden
image', please these slides for revision, and some additional tool
pointers, including interview with NIST to help understand things better.

I'll be giving a shorter version of this defensive UEFI talk this Friday
10am at SeaGL, in Capitol Hill[2]. I just received a batch of Intel
LUV-live thumbdrives from Intel, the first dozen attendees at Friday's
UEFI presentation at SeaGL will get a thumbdrive; you can always
download your own[3].

If you have problems with LUV-live, make sure the LUV team knows about
it, they have a mailing list and an IRC[4].

[1] http://firmwaresecurity.com/2015/10/18/slides-from-bsidespdx/
[2] https://osem.seagl.org/conference/seagl2015/proposal/4
[3] https://01.org/linux-uefi-validation/downloads/luv-live-image
[4] https://01.org/linux-uefi-validation/get-involved

On 09/11/2015 04:35 PM, Blibbet wrote:
> On 09/08/2015 10:01 AM, Blibbet wrote:
>> It will be an attempt to integrate NIST SP147’s firmware lifecycle model
>> with the various hardware/software models sysadmins use (Hardware
>> Lifecycle Model, ITIL, ITAM, etc.), to better represent firmware in that
>> model, as well as recommend some open source tools to use.
> Slides from last night are online:
> http://firmwaresecurity.com/2015/09/11/sysadmin-slides-from-last-night/
> Please give me some feedback -- constructive if possible -- to improve
> this presentation :-) I'm going to do a 2nd version of this at SeaGL
> next month, and want to improve it. Main focus will be full integration
> of models, some more tool examples for each phase.
> Thanks,
> Lee
> RSS: http://firmwaresecurity.com/feed

More information about the Members mailing list