Podcast: Play in new window | Download
Subscribe: Apple Podcasts | RSS
Welcome Laura Abbott of Oxide Computer!
- Laura will be giving a talk at the upcoming Hardwear.io conference in Santa Clara about the (second!) vulnerability she found in the LPC55S69
- Oxide servers are built to be secure from the ground up.
- Root of trust
- The vulnerability Laura found was a buffer overflow in the firmware update mechanism of the LPC55S69.
- Cortex M33
- Trust Zone M
- Service Processor – baseband management controller
- What does a server board look like?
- Power management
- Their customer Root of Trust OS is called Hubris
- Open compute project
- Many of the projects at Oxide are programmed in Rust (programming language)
- Memory unsafe stuff
- How do you know rust will run on a part? You can see if there is a “crate” available for the part (Rust installer/package manager)
- Writing updates for processors
- How often does firmware get update on servers?
- Host processor talks to management network onboard, it delivers firmware images to the lower layers.
- What is a Root of Trust task that it might do on a daily basis?
- Laura explained some of the challenges of working remote on hardware
- Laura moved from software into security/hardware. Perviously she had been doing kernel development.
- She is still a Technical Advisory Board Member at the Linux Foundation
- Getting started with kernel
- Follow Laura on Twitter at @openlabbott