Arun Darlie Koshy

Arun Darlie Koshy

Arun Koshy’s the CTO and Co-Founder at TCSL Research where he built Armor, a system to analyze firmware for properties and anomalies. Prior to this role, Arun helped build products that secure some of the world's largest financial and federal institutions in prior engineering leadership and individual contributor roles. These include ZoneAlarm, PestPatrol, LinkScanner and Bromium among others. Arun's research interests include computational trust and program induction. Outside of work, he loves spending time with family and studying machine intelligence thematically at Stanford.

Scotch-tape and Flashrom: Way of the UEFI

We take a look at differences observed in firmware security posture as mapped by CHIPSEC on a custom Winterfell node AMI based firmware vs. LinuxBoot w/ u-root. Using the findings as back-light, we also give an introduction to:

a) tools for conducting firmware security research - Flashrom, Chipsec, Dediprog, Winterfell standalone node and a few more.

b) alternatives to manufacturer firmware like LinuxBoot w/ u-root

c) also demonstrating web-based:
i) in-depth analysis for submitted firmware images - It's " brain " is growing at a healthy/steady clip of firmware already analyzed. There is also a cmdline JSON based API for it that will be made available during the talk.
ii) Winterfell access with bios emulation - service is now in alpha with full shell access within a subset of u-root community with following functions all on point ( these will eventually be available as API ) :

  • Get SPI Flash emulator status
  • Stop emulator
  • Start emulator (the firmware parameter is the firmware the user wants to be tested)
  • Start the server through hard power on
  • Stop the server through hard power off