Back To Schedule
Wednesday, May 13 • 11:50am - 12:10pm
Firmware Security Without Obscurity

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Firmware has been growing in size and complexity over the years and has become a rich target for attackers. Firmware is currently a popular topic in security research and we find that our work in OSF overlaps some of the work being done in the OCP Security Working Group.

With data rapidly being added or moved to the cloud, hyperscalers and SMBs alike are facing a massive security challenge and often rely on firmware and tools they have little or no visibility into. We assert that security should not be obscure; it should be open, transparent, and available to all.

Furthermore, the hyperscaler model fundamentally changes the way we view firmware development and the supply chain. As hyperscalers continue to grow it has become increasingly important to ensure control and accountability throughout the server lifecycle starting with design and throughout development, validation, deployment, and eventual decommissioning.

In this talk we will discuss design principles, available features, and will walk through a real example of an open and transparent security solution running with OSF on OCP hardware to show how one can build, measure, and verify the integrity of the firmware running on their system. We will also discuss areas where OCP and industry can help white hat research and development efforts.

avatar for David Hendricks

David Hendricks

Firmware Engineer, Facebook
David got his first taste of BIOS tweaking as a kid overclocking gaming PCs and was drawn into the coreboot world where he learned real firmware hacking. Since then he has developed, deployed, and advocated for open source firmware in consumer electronics and datacenter infrastructure... Read More →
avatar for Philipp Deppenwiese

Philipp Deppenwiese

Head of Cyber Security and Firmware Department, 9elements Cyber Security
CEO of the immune GmbH in Germany. Head of the Cyber Security and Firmware Department of 9elements Agency GmbH in Germany. Founder of the Open Source Firmware Conference. coreboot and LinuxBoot enthusiast.

Wednesday May 13, 2020 11:50am - 12:10pm
EW: Open System Firmware