Other Software Tools

Finding BIOS Vulnerabilities with Symbolic Execution and Virtual Platforms

Finding BIOS Vulnerabilities With Excite

Finding vulnerabilities in code is part of the constant security game between attackers and defenders. An attacker only needs to find one opening to be successful, while a defender needs to search for and plug all or at least most of the holes in a system. Thus, a defender needs more effective tools than the attacker to come out ahead.

Signed UEFI Firmware Updates in EDK II

Intel has recently contributed a full implementation for UEFI Capsule update, including support for the EFI System Resource Table (ESRT) and Firmware Management Protocol (FMP), under EDK II. The SignedCapsulePkg has been ported to two open platforms, MinnowBoard Max/Turbot and Intel® Galileo, for further development and validation.

Intel® RealSense™ for Linux - Object Library Documentation

Version: 1.0

Intel® RealSense™ Object Library middleware gives machines the ability to understand what they are looking at, in other words, imparting meaning to the vision the Intel RealSense cameras provide. This ability allows for more dynamic human-machine interaction. Object Library uses a CNN-based architecture that utilizes depth to efficiently and accurately classify and localize objects. This middleware includes a library for recognizing, localizing, and tracking objects from a pre-defined library.

Arrays

The Enclave Definition Language (EDL) supports multidimensional, fixed-size arrays to be used in data structure definition and parameter declaration. Zero-length array and flexible array member, however, are not supported. The special attribute isary is used to designate function parameters that are of a user defined type array.

Example

enclave {

   

Unsafe C++11 Attributes

Developers should use C++11 attributes inside an enclave with care. The attribute noreturn, in particular, may cause a potencial security risk. For instance, if a trusted function calls a noreturn function any clean-up code placed after the function call will be ignored.

[noreturn]]void foo(parameters…)
{
    ...
}
int ecall_function(parameters…)
{
    ...
    foo(...);
    // Clean-up code below will be ignored
    ...
    return 0;
}

Enclave Settings

Enclave settings helps you to create and maintain the enclave configuration file. The enclave configuration file is part of the enclave project and describes the information of the enclave metadata. See Enclave Configuration File for details.

Enclave Settings gives the user the option to update the following enclave settings:

Enclave Signing Examples

The following are typical examples for signing an enclave using the one-step or the two-step method. When the private signing key is available at the build platform, you may follow the one-step signing process to sign your enclave. However, when the private key is only accessible in an isolated signing facility, you must follow the two-step signing process described below.

Dynamic Libraries

An enclave DLL must not depend on any dynamically linked library in any way. The enclave loader has been intentionally designed to prohibit dynamic linking of libraries within an enclave. The protection of an enclave is dependent upon obtaining an accurate measurement of all code and data that is placed into the enclave at load time; thus, dynamic linking would add complexity without providing any benefit over static linking.

Subscribe to Other Software Tools