OpenTitan is the first open source project building a transparent, high-quality reference design and integration guidelines for silicon root of trust (RoT) chips. Yosys is a free/libre and open source framework for RTL synthesis tools. It currently has extensive Verilog-2005 support and provides a basic set of synthesis algorithms for various application domains. OpenTitan is a systemverilog project, but currently yosys only supports a small subset of systemverilog. So we need sv2v to convert the source code to verilog.

Exploit use-after-free bugs in dedicated cache This is just a demonstration. HOWTO free the target object spray and eat all available memory, take high memory usage, hope to have the freed object poisoned trigger the use-after-free NOTICE For each cache, the Slab allocator keeps three doubly-linked lists of slabs: full slabs: all objects of a slab are used (i.e. allocated) free slabs: all objects of a slab are free (i.e. the slab is empty) partial slabs: some objects of the slab are used and other are free We may need to make the target object in free slabs

by Shawn C[ a.k.a “citypw”] Meltdown/Spectre Google project zero’s write-up explains how the vulnerablities( meltdown, spectre v1/v2) work. More info about v3a and v4, check Google project zero’s bug tracker and INTEL-SA-00115. Vulnerablity Affect Kernel mitigation Compiler support v3 Meltdown( rogue data cache load (CVE-2017-5754)) < IceLake( 2018/2019) KPTI/ PAX_UDEREF N/A Spectre v1( bounds check bypass (CVE-2017-5753)) < IceLake( 2018/2019) Code hardening N/A Spectre v1.1 ( Bounds check bypass on stores( CVE-2018-3693)) < IceLake( 2018/2019) ?

For we wrestle not against flesh and blood, but against principalities, against powers, against the rulers of the darkness of this world, against spiritual wickedness in high places. — Ephesians 6:12 Original art design - The Fellowship of Libre firmware: Hunting the Shadow 最初の章：預言者の到来 Since the birth of the technology deity, the free software/firmware/hardware community has faced numerous adversaries, and Intel ME (Management Engine) stands as one of the most clandestine enemies.

Principle of OTR protocol Diffie–Hellman (DH) key exchange Diffie–Hellman key exchange is performed between integers and a finite cyclic group. Started here, integers are represented with lowercase letters, while elements of the cyclic group are represented with uppercase letters, and “==” is used to represent mathematical identity. Character of finite cyclic groups The number of the elements of a finite cyclic group is finite (as its name), and is called the order of the group.

=== Abstract perf is a complex system in linux kernel, and exists other vulnerabilities like CVE-2013-2094. Di Shen, a member of Keen Team, presetated a parper (Defeating Samsung KNOX with zero privilege)[1] that mentioned CVE-2016-6787[2]. Analysis of CVE-2016-6787 This is a double-free vulnerability. The vulnerable object is struct perf_event_context. Review below code firstly, the mainly bug is in the if(move_group) statement; thus set move_group to 1 is necessary. We will talk about how to set the variable move_group up in later section.