Presentation given at openSUSE Conference 2019 (recording: https://metaspora.org/open-source-firmware-oSC19.pdf)
Firmware is found in all computing devices, including PCs, laptops, networking equipment, printers, embedded devices such as IoT and industrial controllers, mobile phones, tablets, and more. The community around open source firmware has grown over the last years, allowing for more exchange in the development and granting freedom to end users. Prominent projects like U-Boot, Tianocore, coreboot and others teach how firmware works and welcome contributions. This talk provides a brief introduction into firmware, an overview of the general build process, a perception of the current state of development on two platforms, an end user report, and a summary of the first Open Source Firmware Conference, which was supported by the openSUSE project.
3. Who I am
Hi, I’m Daniel aka OrangeCMS aka CyReVolt! :)
▶ web developer
▶ security background
▶ hacking on many things
▶ just got started with firmware
▶ I like turtles
5. First Open Source Firmware Conference (OSFC)
▶ Erlangen, Germany
▶ ~200 participants
▶ 2 days of talks
▶ 2 tracks (main + security)
▶ 2 days of workshops
▶ openSUSE was among the
sponsors
9. Issues
▶ continuous updates are a requirement
▶ firmware updates depend on vendors
▶ vendors do not typically ship updates too often
▶ quality, updates may brick devices
https://blog.scaleway.com/2018/a-look-from-behind-the-open-source-bios/
12. Politics
Warning: may contain traces of blobs
▶ a lot of code and necessary knowledge is kept proprietary
▶ documentation on ECs, Super I/O and other chips
▶ board schematics
▶ firmware for certain chips, FSP, VGA Option ROM, …
▶ proprietary vendors implement UEFI, which is inherently complex
13. Security
Hardware attacks are increasing in research
▶ Rowhammer
▶ Spectre
▶ Meltdown
Intel ME CVEs
https://mjg59.dreamwidth.org/48429.html
14. Firmware, Kernel and the Rings on x86
▶ -3: ME
▶ -2: SMM / UEFI kernel
▶ -1: hypervisor
▶ 0: kernel
▶ 3: userspace
https://blog.jessfraz.com/post/why-open-source-firmware-is-important-for-
security/
16. U-Boot
https://www.denx.de/wiki/U-Boot
▶ supports multiple architectures
▶ more than 1000 boards
▶ powers many embedded devices, such as SBCs and routers
▶ initializes hardware
▶ can directly boot a Linux kernel
▶ can run multiple other payloads
17. coreboot
https://coreboot.org/
▶ similar to U-Boot
▶ supports many boards and multiple architectures
▶ can directly boot a Linux kernel or run other payload
▶ ported to multiple older Thinkpads
▶ used for Chromebooks by Google
▶ now also applied to servers
▶ popular among hackers
18. LinuxBoot
https://www.linuxboot.org/
▶ announced in January 2018
▶ remove overhead from bootloaders
▶ Linux provides device drivers and networking
▶ can be run from UEFI, U-Boot, or coreboot
https://www.phoronix.com/scan.php?page=news_item&px=LinuxBoot-OSFC-
2018-State
30. Get OEMs on Board
https://www.tuxedocomputers.com/
https://www.schenker-tech.de/
https://www.xmg.gg/
31. Integrate Firmware Upgrades in OS Distros
▶ zypper up firmware
▶ build firmware in OBS
▶ run checks on openQA
▶ bring kernel and firmware development closely together
▶ join the Open Source Firmware community