new firmware security blog

Hi,

I've recently started a blog focusing on firmware security and firmware
development, focusing mostly on UEFI, but also on BIOS, coreboot, and
other technologies. It focuses mostly on Intel, but also covers ARM. I
focus on Linux/Android/Chrome OS/FreeBSD, but also cover some MSFT/APPL
usage.

I've got a few tool reviews on there already, but I'm about to to a
series of posts on UEFI security tools on github (there're a few dozen
now), starting with ones that can be used to analyze BIOS ROMs, then
moving onto some existing fuzzing/injection tools. I'm currently in the
middle of looking at UEFI 2.5's new features, and starting to
understand's ARM's Trusted Firmware project, and have some articles on
writing new CHIPSEC modules in the works.

A few sample posts:
http://firmwaresecurity.com/2015/05/25/tool-mini-review-uefitool/
http://firmwaresecurity.com/2015/05/21/tool-mini-review-bios_diff-py/
http://firmwaresecurity.com/2015/05/09/book-review-embedded-firmware-solutions/
http://firmwaresecurity.com/2015/05/09/new-uefi-http-boot-support-in-uefi-2-5/
http://firmwaresecurity.com/2015/04/29/new-info-for-google-verified-boot-and-kernelfinger-bootloader/

The blog site is pretty boring, I'm a newbie blogger and am just
learning Wordpress. :-( I'll have some resource pages, blogrolls, and
archive pages on the main site soon.

If anyone has any specific suggestions of firmware security that merits
research, please let me know.

Thanks,
Lee
RSS: http://firmwaresecurity.com/feed


------------------------------------------------------------
------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------