The Amp Hour

Finding Hardware Flaws with Laura Abbott


Listen Later

Welcome Laura Abbott of Oxide Computer!

  • Laura will be giving a talk at the upcoming Hardwear.io conference in Santa Clara about the (second!) vulnerability she found in the LPC55S69
  • Oxide servers are built to be secure from the ground up.
  • Root of trust
  • The vulnerability Laura found was a buffer overflow in the firmware update mechanism of the LPC55S69.
  • TPM
  • Cortex M33
  • Trust Zone M
  • Service Processor - baseband management controller
  • What does a server board look like?
  • Power management
  • Their customer Root of Trust OS is called Hubris
  • Open compute project
  • Many of the projects at Oxide are programmed in Rust (programming language)
  • Memory unsafe stuff
  • How do you know rust will run on a part? You can see if there is a "crate" available for the part (Rust installer/package manager)
  • Writing updates for processors
  • How often does firmware get update on servers?
  • Host processor talks to management network onboard, it delivers firmware images to the lower layers.
  • What is a Root of Trust task that it might do on a daily basis?
  • Laura explained some of the challenges of working remote on hardware
  • Laura moved from software into security/hardware. Perviously she had been doing kernel development.
  • She is still a Technical Advisory Board Member at the Linux Foundation
  • Getting started with kernel
  • Follow Laura on Twitter at @openlabbott
  • ...more
    View all episodesView all episodes
    Download on the App Store

    The Amp HourBy The Amp Hour (Chris Gammell and David L Jones)

    • 4.9
    • 4.9
    • 4.9
    • 4.9
    • 4.9

    4.9

    226 ratings


    More shows like The Amp Hour

    View all
    The Changelog: Software Development, Open Source by Changelog Media

    The Changelog: Software Development, Open Source

    289 Listeners

    This Week in Tech (Audio) by TWiT

    This Week in Tech (Audio)

    3,061 Listeners

    Security Now (Audio) by TWiT

    Security Now (Audio)

    2,009 Listeners

    Software Engineering Daily by Software Engineering Daily

    Software Engineering Daily

    626 Listeners

    Talk Python To Me by Michael Kennedy

    Talk Python To Me

    583 Listeners

    SpyCast by SpyCast

    SpyCast

    1,534 Listeners

    SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

    SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

    648 Listeners

    Embedded by Logical Elegance

    Embedded

    190 Listeners

    Smashing Security by Graham Cluley

    Smashing Security

    317 Listeners

    Darknet Diaries by Jack Rhysider

    Darknet Diaries

    8,051 Listeners

    Physics World Weekly Podcast by Physics World

    Physics World Weekly Podcast

    77 Listeners

    Practical AI by Practical AI LLC

    Practical AI

    208 Listeners

    Hackaday Podcast by Hackaday

    Hackaday Podcast

    64 Listeners

    Latent Space: The AI Engineer Podcast by Latent.Space

    Latent Space: The AI Engineer Podcast

    101 Listeners

    Robinson's Podcast by Robinson Erhardt

    Robinson's Podcast

    265 Listeners