Andrea Barisani

Andrea Barisani

Andrea Barisani is an internationally recognized security researcher. Since owning his first Commodore-64 he has never stopped studying new technologies, developing unconventional attack vectors and exploring what makes things tick...and break.

His experience builds on large-scale infrastructure defense, penetration testing and code auditing with particular focus on safety critical environments, with more than 15 years of professional experience in security consulting.

His main focus lies on the converge between secure hardware and software, an interest consolidated in the authorship of the USB armory hardware project and the TamaGo bare metal framework.

He is a well known international speaker, having presented at BlackHat, CanSecWest, Chaos Communication Congress, DEFCON, Hack In The Box, among many other conferences, speaking about innovative research on automotive hacking, side-channel attacks, payment systems, embedded system security and many other topics.

TamaGo - bare metal Go for ARM/RISC-V SoCs

TamaGo is an Open Source operating environment framework which aims to allow deployment of firmware for embedded ARM/RISC-V devices by using 0% C and 100% Go code. The goal is to dramatically reduce the attack surface posed by complex OSes while allowing unencumbered Go applications.

TamaGo is a compiler modification and driver set for ARM/RISC-V SoCs, which allows bare metal drivers and applications to be executed with pure Go code and minimal deviations from the standard Go runtime.

The presentation explores the inspiration and implementation of TamaGo as well as providing real world applications that benefit from a pure Go bare metal environment.

TamaGo allows a considerable reduction of embedded firmware attack surface, while maintaining the strength of Go runtime standard (and external) libraries. This enables the creation of HSMs, cryptocurrency stacks and many more applications without the requirement for complex OSes and libraries as dependencies.