Welcome Laura Abbott of Oxide Computer!
Laura will be giving a talk at the upcoming Hardwear.io conference in Santa Clara about the (second!) vulnerability she found in the LPC55S69Oxide servers are built to be secure from the ground up.Root of trustThe vulnerability Laura found was a buffer overflow in the firmware update mechanism of the LPC55S69.TPMCortex M33Trust Zone MService Processor - baseband management controllerWhat does a server board look like?Power managementTheir customer Root of Trust OS is called HubrisOpen compute projectMany of the projects at Oxide are programmed in Rust (programming language)Memory unsafe stuffHow do you know rust will run on a part? You can see if there is a "crate" available for the part (Rust installer/package manager)Writing updates for processorsHow often does firmware get update on servers?Host processor talks to management network onboard, it delivers firmware images to the lower layers.What is a Root of Trust task that it might do on a daily basis?Laura explained some of the challenges of working remote on hardwareLaura moved from software into security/hardware. Perviously she had been doing kernel development.She is still a Technical Advisory Board Member at the Linux FoundationGetting started with kernelFollow Laura on Twitter at @openlabbott