Language Selection

English French German Italian Portuguese Spanish

Security: Intel Management Engine (ME), Snyk FUD, and Latest Security Updates

Filed under
Security
  • Replacing x86 firmware with Linux and Go

    The Intel Management Engine (ME), which is a separate processor and operating system running outside of user control on most x86 systems, has long been of concern to users who are security and privacy conscious. Google and others have been working on ways to eliminate as much of that functionality as possible (while still being able to boot and run the system). Ronald Minnich from Google came to Prague to talk about those efforts at the 2017 Embedded Linux Conference Europe.

    He began by noting that most times he is talking about firmware, it is with his coreboot hat on. But he removed said "very nice hat", since his talk was "not a coreboot talk". He listed a number of people who had worked on the project to "replace your exploit-ridden firmware with a Linux kernel", including several from partner companies (Two Sigma, Cisco, and Horizon Computing) as well as several other Google employees.

    The results they achieved were to drop the boot time on an Open Compute Project (OCP) node from eight minutes to 20 seconds. To his way of thinking, that is "maybe the single least important part" of this work, he said. All of the user-space parts of the boot process are written in Go; that includes everything in initramfs, including init. This brings Linux performance, reliability, and security to the boot process and they were able to eliminate all of the ME and UEFI post-boot activity from the boot process.

  • Interview: Why are open-source security vulnerabilities rising? [Ed: Snyk is a FUD firm. It has been smearing Free software a lot lately in an effort to just sell its services.]
  • Security updates for Wednesday

More in Tux Machines

OSS Leftovers

  • OpenStack regroups
    Only a few years ago, OpenStack was the hottest open-source project around, with a bustling startup ecosystem to boot. The project, which gives enterprises the tools to run the equivalent of AWS in their own private data centers, ran into trouble as it tried to tackle too many individual projects at the same time and enterprises took longer than expected to adopt it. That meant many a startup floundered or was acquired before it was able to gain traction while the nonprofit foundation that manages the project started to scale back its big tent approach and refocused on its core services.
  • SD Times news digest: Docker and MuleSoft’s partnership, ActiveState’s open-source language automation category, and Instana’s automatic Python instrumentation
    Docker and MuleSoft have announced a new partnership to modernize applications and accelerate digital transformation. As part of the partnership, the companies will work together to deliver new capabilities for legacy apps with APIs, legacy apps without APIs and new apps created in Docker. In addition, MuleSoft’s Anypoint platform will be combined with Docker Enterprise.
  • ActiveState Creates Open Source Language Automation Category
  • New open source cloud discovery tool arrives from Twistlock
    Cloud Discovery connects to cloud providers' native platform APIs to discover services such as container registries, managed Kubernetes platforms, and serverless services, and requires only read permissions. Other key features include:
  • Google Open-Sources "Amber" Multi-API Shader Test Framework
    The newest open-source graphics project out of Google is called Amber and it's a multi-API shader testing framework focused on capturing and communicating of shader bugs. Google's Amber tries to make it easier to capture/communicate shader bugs with a scripting-based workflow. The captured shaders can be in binary form, SPIR-V assembly, or a higher-level shading language. Amber is currently focused on supporting the Vulkan and Dawn graphics APIs.
  • Microsoft allies with Facebook on AI software [Ed: Evil likes/attracts evil. Now they can do their crimes together while blaming "AI". Longtime Microsoft propagandist Jordan Novet has decided to add the Microsoft lie (PR campaign) "Microsoft loves Linux" (in photo form) to an article that has nothing to do with Linux.]
  • Microsoft alliance with Facebook signals shift in AI approach

Android Leftovers

Security Leftovers

Devices: Adding Linux to A PDP-11, Adding GNU/Linux Software to Chrome OS, and Adding Ubuntu to Android

  • Adding Linux To A PDP-11
    The UNIBUS architecture for DEC’s PDPs and Vaxxen was a stroke of genius. If you wanted more memory in your minicomputer, just add another card. Need a drive? Plug it into the backplane. Of course, with all those weird cards, these old UNIBUS PDPs are hard to keep running. The UniBone is the solution to this problem. It puts Linux on a UNIBUS bridge, allowing this card to serve as a memory emulator, a test console, a disk emulator, or any other hardware you can think of. The key to this build is the BeagleBone, everyone’s second-favorite single board computer that has one feature the other one doesn’t: PRUs, or a programmable real-time unit, that allows you to blink a lot of pins very, very fast. We’ve seen the BeagleBone be used as Linux in a terminal, as the rest of the computer for an old PDP-10 front panel and as the front end for a PDP-11/03.
  • Chrome OS Linux apps will soon be able to access your entire Downloads folder and Google Drive
    Google is working hard to turn Chrome OS into more than just a browser, but a real, functional operating system for consumers of all kinds. Most recently, they’ve invited developers to the platform with Linux app support that enables all of their tools, including Android Studio, to work as expected. Soon, your Chrome OS and Google Drive files will be even more accessible to your Linux apps. [...] According to a new commit on the Chromium Gerrit, that’s all about to change. The commit primarily pertains to a new dialog that will be shown when sharing ‘root’ folders like My Drive or Downloads with your Chrome OS Linux apps (internally known as Crostini) container. The dialog is intended to forewarn you that sharing a root folder is a bit more serious than just sharing a sub-folder, and to be sure you know what you’re doing.
  • Samsung Note 9 and Tab S4 owners can run a full Ubuntu Desktop – Linux on Dex
    We have come a long way as an industry and if this is not one of the biggest milestones in personal computing, I don’t know what else qualifies. Over the past decade of smartphones being around, we have seen an exponential increase in the power that our smartphones pack. I mean, flagships from the past few years spot more RAM and processing power than most laptops out there, but the small form factor has always been a hindrance to the utilization of this power. I mean you can only do so much on a 5.5-inch display. Samsung has launched its “Linux on Dex” app in beta and is inviting geeks and tinkerers to register and help test and develop it. The app lets owners of specific Samsung devices “run” a full Ubuntu desktop on their device alongside Android.