Presented by:

Paul English is CEO of PreOS Security Inc, and has been working in firmware security for a few years. Paul has Bachelors in Computer Science from Worcester Polytechnic Institute, and Paul has been a UNIX & Linux system administrator and wearer of many other IT hats since 1996. From 2014-2017, Paul was a Board member for the League of Professional Systems Administrators (https://lopsa.org), a non-profit professional association for the advancement of the practice of system administration.

LinkedIn: https://www.linkedin.com/in/englishpaul/

Twitter: https://twitter.com/penglish_PreOS

Modern computer systems are comprised of many many microcontrollers, and any peripheral device typically also has at least one. This is often true even of devices designed for extremely low power operation such as IoT.

For all the same reasons you value open source software in your operating system and applications, you should also want open source for your platform firmware.

But even if you're content to run closed-source OS and applications, there is one compelling reason to insist on open source at the hardware level - security. By choosing to trust Microsoft, Apple or Google for software you are making a conscious choice of who to trust. By choosing a given computer, you're ALSO choosing to trust many, if not hundreds of additional parties!

This talk will cover:

  • A few minute recap of why open source matters
  • A longer explanation of the importance for open source in the security domain
  • Examples of platform firmware security and insecurity
  • A note on BSD vs GPL licensing in this domain: Intel ME
  • A discussion of the market dynamics
    • (extremely low) cost of microcontrollers and often the devices they compose
    • Perceived "proprietary value" and licensing issues - the "army of lawyers" problem eg: Intel & AMD microcode
    • Perceived security-through-obscurity
    • Perceived "high" cost of open source participation, and some examples of cheap/low end products not playing by the (GPL) rules
  • A review of some current efforts by large (Intel) and small (Purism) players
  • A discussion of firmware-adjacent software (eg: update mechanisms, certificate management (eg: SecureBoot), etc)

Date:
2019 April 27 - 10:45
Duration:
45 min
Room:
CC-208
Conference:
LinuxFest Northwest 2019
Language:
Track:
Open Source Firmware
Difficulty:
Medium

Happening at the same time:

  1. Using iSCSI to share Discs and Tape
  2. Start Time:
    2019 April 27 10:45

    Room:
    CC-236

  3. Choose Your Distro Adventure!
  4. Start Time:
    2019 April 27 10:45

    Room:
    CC-235

  5. Containers 101
  6. Start Time:
    2019 April 27 10:45

    Room:
    HC-104 Jupiter

  7. 2019: Fifty years of Unix, Internet and more
  8. Start Time:
    2019 April 27 10:45

    Room:
    G-103

  9. Lunduke Show Live
  10. Start Time:
    2019 April 27 10:45

    Room:
    HC-108

  11. An Introduction to Incident Response
  12. Start Time:
    2019 April 27 10:45

    Room:
    CC-114

  13. Linux Container Primitives
  14. Start Time:
    2019 April 27 10:45

    Room:
    CC-115

  15. Tackling Training Needs with Open edX
  16. Start Time:
    2019 April 27 10:45

    Room:
    CC-200

  17. Why Open Source is Critical For Platform Firmware
  18. Start Time:
    2019 April 27 10:45

    Room:
    CC-208

  19. Database normalization
  20. Start Time:
    2019 April 27 10:45

    Room:
    HC-103 Postgres