The Amp Hour Electronics Podcast

A weekly show about the trends in the electronic industry.

  • For Us
    • Donate
    • Link Here!
    • Suggest
      • Guest Suggestions
      • Story Suggestions
      • Feature My Workbench!
    • Advertising
  • For You
    • Episode Index
    • Guest Episodes
    • Buy Stuff
  • About
  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter
  • YouTube
You are here: Home / Guest Appearance / #590 – Finding Hardware Flaws with Laura Abbott

#590 – Finding Hardware Flaws with Laura Abbott

Play

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | RSS

Welcome Laura Abbott of Oxide Computer!

  • Laura will be giving a talk at the upcoming Hardwear.io conference in Santa Clara about the (second!) vulnerability she found in the LPC55S69
  • Oxide servers are built to be secure from the ground up.
  • Root of trust
  • The vulnerability Laura found was a buffer overflow in the firmware update mechanism of the LPC55S69.
  • TPM
  • Cortex M33
  • Trust Zone M
  • Service Processor – baseband management controller
  • What does a server board look like?
  • Power management
  • Their customer Root of Trust OS is called Hubris
  • Open compute project
  • Many of the projects at Oxide are programmed in Rust (programming language)
  • Memory unsafe stuff
  • How do you know rust will run on a part? You can see if there is a “crate” available for the part (Rust installer/package manager)
  • Writing updates for processors
  • How often does firmware get update on servers?
  • Host processor talks to management network onboard, it delivers firmware images to the lower layers.
  • What is a Root of Trust task that it might do on a daily basis?
  • Laura explained some of the challenges of working remote on hardware
  • Laura moved from software into security/hardware. Perviously she had been doing kernel development.
  • She is still a Technical Advisory Board Member at the Linux Foundation
  • Getting started with kernel
  • Follow Laura on Twitter at @openlabbott

Copyright © 2025