Some weeks ago one of our colleagues here on the blog talked about Slimbook's work to implement Coreboot on their computers, where because many of their users made requests for it, Slimbook listened to their call (you can read the full note in this link).
For those who still do not know about Coreboot, they should know that this is an open source alternative to the traditional Basic I / O System (BIOS) that was already on MS-DOS 80s PCs and replacing it with UEFI (Unified Extensible). Firmware interface) released in 2007. Y now the NSA has started assigning developers to the Coreboot project.
Eugene Myers of the NSA has begun to provide an implementation code for SMI Transfer Monitor (STM) targeting x86 CPUs.
Eugene Myers works for the NSA's Trusted Systems Research Group, a group that, according to the agency's website, aims to "lead and sponsor research into technologies and techniques that will secure America's information systems."
The STM is a hypervisor that starts up in the "System Management" (SMM) mode, an isolated "ring -2" environment in which the normal execution of the operating system is interrupted so that the system code (power management , hardware control, etc.) can be run with higher privileges.
The firm released the STM specification (type of VMM that handles virtual machines containing SMM code) and the documentation for the security feature of the STM firmware in 2015.
Initially, STM was supposed to work with an Intel TXT release, but the latest specification allows STM to work only with Intel Virtualization Technology (VT). TXT was not sufficient to protect these services against attacks and STM intends to do so.
The NSA working on open source projects?
The NSA has already worked on security projects open to the public, including Security Enhanced Linux, a security module for Linux.
Criticisms of the NSA's performance are many and constant. Therefore, it is rare for the National Security Agency to be grateful for its contributions to society.
However, in the case of one of your public open source projects, it will be used to help Coreboot staff.
Being a bit more specific, the NSA has released the Ghidra reverse engineering tool as a source and it has been adopted by the Coreboot developers.
The idea is that the NSA software will help the Coreboot Project. Specifically, in the firmware for Reverse Engineering.
Ghidra is a reverse engineering framework developed by the NSA Research Division for the NSA Cybersecurity Mission. It facilitates the analysis of malicious code and malware, such as viruses and allows professionals to better understand the possible vulnerabilities of their networks and systems.
All Coreboot code, including all STM contributions from the NSA, is open source. In theory, everyone can verify that there are no back doors.
Since this project does not come from the NSA, but from a project that they chose to contribute. Therefore, it is the Coreboot authors who are responsible for accepting or not accepting contributions from the NSA.
But in practice, the NSA could have written the code less securely with hard-to-detect vulnerabilities without more experienced security researchers. Alternatively, you could exploit this implementation years later, after surveillance has waned.
Since it would not be surprising to see this type of action coming from an agency like the NSA.
Since the NSA recently attempted to move two cryptographic algorithms into the ISO standardization process, the algorithms were overwhelmingly rejected by reviewers due to a lack of trust and the NSA's inability to answer certain technical questions.
Finally, those interested in knowing the progress of the project, can consult this In the following link.