File:Replace Your Exploit-Ridden Firmware with Linux - Ronald Minnich, Google.webm
Summary
| Description |
English: Replace Your Exploit-Ridden Firmware with Linux - Ronald Minnich, Google
With the WikiLeaks release of the vault7 material, the security of the UEFI (Unified Extensible Firmware Interface) firmware used in most PCs and laptops is once again a concern. UEFI is a proprietary and closed-source operating system, with a codebase almost as large as the Linux kernel, that runs when the system is powered on and continues to run after it boots the OS (hence its designation as a “Ring -2 hypervisor"). It is a great place to hide exploits since it never stops running, and these exploits are undetectable by kernels and programs. Our answer to this is NERF (Non-Extensible Reduced Firmware), an open source software system developed at Google to replace almost all of UEFI firmware with a tiny Linux kernel and initramfs. The initramfs file system contains an init and command line utilities from the u-root project (http://u-root.tk/), which are written in the Go language. About Ronald G. Minnich Ron Minnich is a Software Engineer at Google. He has contributed to many open source projects in the last several decades, including the Linux kernel (9p file system); the FreeBSD kernel (rfork); and Plan 9 (many different areas). He directed the team that ported Plan 9 to the Blue Gene supercomputers. He invented LinuxBIOS (now called coreboot) in 1999. He is one of the core contributors to the Harvey operating system. His most recent Linux Foundation talk was on how to build your own signed version of ChromeOS and resign your Chromebook with your personal keys in 2016.Replace Your Exploit-Ridden Firmware with Linux - Ronald Minnich, Google With the WikiLeaks release of the vault7 material, the security of the UEFI (Unified Extensible Firmware Interface) firmware used in most PCs and laptops is once again a concern. UEFI is a proprietary and closed-source operating system, with a codebase almost as large as the Linux kernel, that runs when the system is powered on and continues to run after it boots the OS (hence its designation as a “Ring -2 hypervisor"). It is a great place to hide exploits since it never stops running, and these exploits are undetectable by kernels and programs. Our answer to this is NERF (Non-Extensible Reduced Firmware), an open source software system developed at Google to replace almost all of UEFI firmware with a tiny Linux kernel and initramfs. The initramfs file system contains an init and command line utilities from the u-root project (http://u-root.tk/), which are written in the Go language. About Ronald G. Minnich Ron Minnich is a Software Engineer at Google. He has contributed to many open source projects in the last several decades, including the Linux kernel (9p file system); the FreeBSD kernel (rfork); and Plan 9 (many different areas). He directed the team that ported Plan 9 to the Blue Gene supercomputers. He invented LinuxBIOS (now called coreboot) in 1999. He is one of the core contributors to the Harvey operating system. His most recent Linux Foundation talk was on how to build your own signed version of ChromeOS and resign your Chromebook with your personal keys in 2016. |
| Date | |
| Source | YouTube: Replace Your Exploit-Ridden Firmware with Linux - Ronald Minnich, Google – View/save archived versions on archive.org and archive.todayCategory:Media from YouTube |
| Author | The Linux Foundation |
Licensing
.svg){kind=icon}
- You are free:
- to share – to copy, distribute and transmit the work
- to remix – to adapt the work
- Under the following conditions:
- attribution – You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
 |
This file, which was originally posted to YouTube: Replace Your Exploit-Ridden Firmware with Linux - Ronald Minnich, GoogleCategory:Media from YouTube(archive), was reviewed on 7 March 2021 by the automatic software YouTubeReviewBot, which confirmed that this video was available there under the stated Creative Commons license on that date. This file should not be deleted if the license has changed in the meantime. The Creative Commons license is irrevocable.
The bot only checks for the license, human review is still required to check if the video is a derivative work, has freedom of panorama related issues and other copyright problems that might be present in the video. Visit licensing for more information. If you are a license reviewer, you can review this file by manually appending |
 |