Atom feed – Twitter Blog/Full


Jethro Beekman on
Technology & Policy

Articles from 2015

2015 (Jan, Mar, May, Oct), 2016, 2017

Intel has full control over SGX

by Jethro Beekman – Oct 13, 2015 . Filed under: English, Technology, Security, SGX.

Intel has full control over what software you can run in SGX. This might seem redundant: Intel makes the processor, so of course they have full control. Yet the truth is slightly more inconvenient. When Intel processors don’t run the instructions in your standard software (whether incorrectly or at all), that is a defect at best and a breach of contract at worst. Yet the SGX instruction set includes in its specification that Intel has the authority to make this go/no-go decision. Continue reading…Comments

SGX Hardware: A first look

by Jethro Beekman – Oct 8, 2015 – Updated: Dec 9, 2015. Filed under: English, Technology, Security, SGX.

Without much fanfare, Intel has released Software Guard Extensions (SGX) in Skylake. When I say “without much fanfare,” I mean practically only the following paragraph hidden on page 3 of a press fact sheet: Continue reading…Comments

On OpenSSH and Logjam

by Jethro Beekman – May 20, 2015 . Filed under: English, Technology, Security, SSH.

Recent work showing the feasibility of calculating discrete logarithms on large integers has put the Diffie-Hellman key exchange parameters we use every day in the spotlight. I have looked at what this means for SSH key exchange. In short, on your SSH server, do the following: Continue reading…Comments

Lenovo ThinkPad HDD Password

by Jethro Beekman – Mar 8, 2015 . Filed under: English, Technology, Security, Lenovo ThinkPad.

Modern SSDs (at least the ones made by Intel, Samsung) always encrypt all stored data using AES. The encryption key used is stored in nonvolatile memory on the SSD. One of the reasons for this is that to securely wipe the drive now you just need to overwrite the encryption key with a new random one. This way, you don’t need to erase every flash block, which is very bad for durability reasons. The encryption key can optionally be encrypted using a 32-byte “security password”, the configuration of which is overloaded on the ATA security feature set. If you trust the hardware manufacturer to actually implement this securely, this would seem to provide a very solid and fast option for encrypted persistent storage. Continue reading…Comments

Reverse Engineering UEFI Firmware

by Jethro Beekman – Mar 8, 2015 . Filed under: English, Technology, UEFI, Reverse Engineering.

In order to figure out how my BIOS drive password worked, I had to reverse-engineer the firmware that comes with my laptop. You can find the binary blobs on the update CD that Lenovo provides, and it turns out these blobs are actually UEFI images. UEFI firmware is made up of many different loadable modules (drivers, shared libraries, etc.), which are stored in the Portable Executable (PE) image format. These modules can be extracted from the image using Nikolaj Schlej’s excellent UEFIExtract (from UEFITool). Once you have all the PE modules, the real reversing can begin. Continue reading…Comments