mir/Hardware-and-Firmware-Security-Guidance
2
0
Fork 0
mirror of https://github.com/nsacyber/Hardware-and-Firmware-Security-Guidance synced 2025-08-31 06:35:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
196 Commits 1 Branch 0 Tags
d88e5780924fa873e7ebb11080a60ad623f13cbe
Commit Graph

196 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
d88e578092 Update Linux.md 
Section 2.5 updated to change commands related to hashing EFI binaries. A sha256sum or OpenSSL digest covers the entire executable file. Secure Boot's checks look at executable portions of the EFI file -- a different hash. Therefore, pehash and hash-to-efi-sig-list are necessary Linux commands instead of sha256sum and openssl.
 2023-03-14 17:03:17 -04:00
D76C6399A0F334216B3A58BE07C3C3137D5E14542BC13CA38EB0800D9FFC1FE6
0d3891968e Merge pull request #19 from DimanNe/patch-1 
Fix typo
 2021-07-19 07:55:16 -04:00
DimanNe
3f493425d5 Update Linux.md 2021-04-17 18:15:58 +01:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
b99ad909da Newer Surface devices support customization 2021-03-16 16:03:36 -04:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
dc536287b1 Update README.md 2021-02-12 19:00:40 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
1a7039b6f1 Update README.md 2021-02-12 18:53:18 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
63ee19015c Update README.md 2021-02-12 18:52:56 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
66c5cadcb6 Update README.md 2021-02-12 18:40:12 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
4b8e4bf95c Update README.md 2021-02-12 18:38:59 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
58883c3e37 Update README.md 2021-02-11 17:51:04 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
5692d4cedc Update README.md 2021-02-11 17:50:10 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
09114b9d4e Create Windows.md 2021-02-11 15:43:43 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
74815209f5 Update Windows.md 2021-02-11 15:43:24 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
5b8b1c8abf Update Windows.md 
More info about handling ESL files.
 2021-02-11 15:28:39 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
8ec8687dd4 Update Linux.md 2021-02-11 15:15:47 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
3241d1b18c Update esl-parser.c 
Fix string initialization mistakes (I am rusty at C programming!).
 2021-02-11 13:29:34 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
7f38552bd4 Update esl-parser.c 2021-02-11 13:10:47 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
b159eadb2b Update esl-parser.c 2021-02-10 22:54:37 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
cbd8636a73 Update esl-parser.c 
certcount can't go over 999.
 2021-02-10 22:53:17 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
b6d8a4d0fb Update README.md 2021-02-10 22:52:04 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
e4b0795b8b Update esl-parser.c 
Upgraded parser. Needed a way to parse db and dbx backups produced by Windows PowerShell. Need to look into supporting more EFI_GUID values beyond EFI_CERT_X509_GUID and EFI_CERT_SHA256_GUID.
 2021-02-10 22:40:06 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
1bc45b48b8 Create esl-parser.c 
Just throwing something together for parsing ESL files on systems that don't have access to efi-tools.
 2020-12-15 18:43:25 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
99aec44ed9 Update hex-hashes-to-esl.c 2020-12-11 16:00:38 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
66def9f4b0 Update hex-hashes-to-esl.c 
Added some extra content to support compilation on Windows.
 2020-12-11 12:23:37 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
ed059faed9 Update Windows.md 
get-filehash does not provide the appropriate hash for use with secure boot. Get-AppLockerFileInformation does properly process and hash PE files.
 2020-12-09 18:37:40 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
ba934975bd Update README.md 
Dropped the update notice. Going to get everything finished up, or unhelpful sections removed.
 2020-12-09 13:43:15 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
3c173d7cf0 Create hex-hashes-to-esl.c 
Executable program to convert externally calculated SHA256 hashes into ESL files. The hashes are likely to come from pesign or UEFI/BIOS config. Can string together up to 64 hashes into a single ESL. Intended to help with customization automation.
 2020-12-08 17:17:34 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
805fa7296b Delete hashes-to-efi-sig-list.c 2020-12-08 17:15:55 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
376f574ffd Update Linux.md 
sha256sum is not the right way to calculate hashes for Secure Boot. Binary header information must be removed. Use pesign's hashing mechanism instead.
 2020-12-08 17:15:33 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
d565133357 Update README.md 
Link up the secure boot section -- it's almost done.
 2020-11-05 21:56:59 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
c4b61bf5d0 Create hashes-to-efi-sig-list.c 
Start putting together C program that complements efitools' hash-to-efi-sig-list. Process list of hashes instead of creating a hash and putting it into an ESL. Hash sources are expected to be from UEFI configuration, sha256sum, openssl, system vendor support sites.
 2020-11-05 21:40:59 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
e714e3a6a0 Update Linux.md 
Added more info and testing more quick scripts before placing them in this file.
 2020-11-03 18:17:47 -05:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
9928bdaea9 Update uchypothetical.md 
Added a new paragraph to convey that secure boot customization is not about how good or bad the current ecosystem is. Customization is all about control, use cases, needs, and fear of potential threats.
 2020-10-30 16:23:55 -04:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
0354c01a64 Update uccompile.md 
Added a note about cloud environments.
 2020-10-30 15:54:25 -04:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
4b6fc8f083 Update Windows.md 2020-10-02 01:06:44 -04:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
b1fb8f1298 Update Windows.md 
Start adding PS commands
 2020-10-02 00:32:40 -04:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
2f26c1538d Update Windows.md 
Starting to fill in info.
 2020-09-30 18:19:41 -04:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
0c341b17d3 Update ucroles.md 2020-09-24 20:44:15 -04:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
259d81325d Update uccompile.md 2020-09-24 20:43:57 -04:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
da8f0b1f87 Update uchypothetical.md 2020-09-24 20:43:26 -04:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
85bff1a30e Create uchypothetical.md 2020-09-24 20:43:07 -04:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
e6231ba22b Update uccompile.md 2020-09-24 20:30:51 -04:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
cb4a2023b5 Update uccompile.md 2020-09-24 20:30:29 -04:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
67976443b5 Create uccompatibility.md 2020-09-24 20:23:59 -04:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
5763e8cc78 Update README.md 
Link the secure boot report and expand text in that section.
 2020-09-23 19:07:51 -04:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
9bb91b9f55 Plan future updates 2020-09-23 19:00:56 -04:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
8bae12d5c9 Update Linux.md 2020-09-18 19:05:46 -04:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
9fdd487fde Update Linux.md 2020-09-17 20:02:06 -04:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
de1dc70ac7 Update Linux.md 2020-09-17 20:01:29 -04:00
43313EB9AA87E7039F8F3948282E61C0CB12372C5499884609A01B2BCA37B973
5af42f61a0 Update Linux.md 
McAfee script added.
 2020-09-17 19:17:44 -04:00