Blog

Locks, Keys and Traps: Securing device JTAG interfaces

Alan Sguigna

July 10, 2017
5:57 pm

In two previous articles, I looked at the JTAG access port from a security perspective, and considered what exposure the choice of BMC operating system might have on a platform supporting At-Scale Debug. Now, let’s consider the root of all trust, the silicon itself, and see what options exist for locking it down.

Security of BMC Operating Systems

Alan Sguigna

July 2, 2017
1:58 pm

Given that they are network-accessible, BMCs present an attack surface. Which operating systems are hardened enough to be secure against malicious actors?

Embedded Boundary Scan for Defense Systems

Alan Sguigna

June 21, 2017
11:18 am

ASSET was recently awarded a multi-year contract for embedding boundary-scan test technology within a military system design. This meets a requirement of greater than 92% structural test diagnostic accuracy in-system, and will save millions of dollars over the lifespan of the system.

At-speed SPI Flash/EEPROM Programming using FPGA and JTAG – Revised

Michael Johnson

June 21, 2017
9:53 am

Securing JTAG-based At-Scale Debug

Alan Sguigna

June 18, 2017
4:14 pm

Security through obscurity is not a meaningful means to mitigate malevolent attacks. With the greater forensics capabilities offered by At-Scale Debug (ASD), how are platforms protected?

The MinnowBoard Chronicles Episode 18: Reverse-Engineering Code Execution

Alan Sguigna

June 11, 2017
1:55 pm

In my last article, I used Last Branch Record (LBR) Trace to manually capture UEFI program flow source and destination addresses. This week, I look at the associated instruction opcodes and mnemonics and try to figure out what is going on.

The Minnowboard Chronicles Episode 17: Using LBR Trace without Source Code

Alan Sguigna

May 26, 2017
2:24 pm

My curiosity got the better of me this week. I decided to play detective, and see what I can learn from LBR trace data if I pretend I don’t have access to the source code.

The Minnowboard Chronicles Episode 16: Delving into LBR Trace

Alan Sguigna

May 21, 2017
4:45 pm

This week, I decided to do a thorough analysis of how Last Branch Record (LBR) trace works, to see how useful it is in tracing back what might be the root cause of system failures.

UltraZed-EG Chronicles Episode 1 – First Look and Lessons Learned!

Larry Osborn

May 17, 2017
9:08 am

The Minnowboard Chronicles Episode 15: More UEFI Application Development in ‘C’

Alan Sguigna

May 14, 2017
2:55 pm

In Episode 12, I wrote a simple “Hello World!” application in ‘C’ using the built-in UEFI shell functions. In Episode 13, I failed in an attempt to re-write that application using standard ‘C’ library functions, such as printf(). I’ve learned a lot since then – here’s how to write more sophisticated programs.

Locks, Keys and Traps: Securing device JTAG interfaces

Security of BMC Operating Systems

Embedded Boundary Scan for Defense Systems

At-speed SPI Flash/EEPROM Programming using FPGA and JTAG – Revised

Securing JTAG-based At-Scale Debug

The MinnowBoard Chronicles Episode 18: Reverse-Engineering Code Execution

The Minnowboard Chronicles Episode 17: Using LBR Trace without Source Code

The Minnowboard Chronicles Episode 16: Delving into LBR Trace

UltraZed-EG Chronicles Episode 1 – First Look and Lessons Learned!

The Minnowboard Chronicles Episode 15: More UEFI Application Development in ‘C’

Archives

Categories