Security Weekly

Learning About Firmware Security – Xeno Kovah – PSW #811

Sponsored By

Eclypsium
Full episode and show notes

Guest

Xeno Kovah
Xeno Kovah
Founder at OpenSecurityTraining2

Xeno began leading BIOS security research projects at MITRE in 2011. His team’s first public talks started appearing in 2013, which led to a flurry of presentations on BIOS-level vulnerabilities up through 2014. In 2015 he co-founded LegbaCore. And after presenting a firmware worm that could spread between Macs via Apple’s EFI-based BIOS and Thunderbolt Ethernet adapters, he ended up working for Apple. There he worked on securing all the lesser-known firmwares on Macs and peripherals – everything from 3rd party GPUs to SecureBoot for monitors! He worked on the x86-side of the T2 SecureBoot architecture, and his final project was leading the M1 SecureBoot architecture – being directly responsible for designing a system that could provide iOS-level security, while still allowing customer choice to trust arbitrary non-Apple code such as Linux bootloaders. He left Apple in Dec. 2020 after the M1 Macs shipped, so he could work full time on OpenSecurityTraining2.

Host

Scott Scheferman
Scott Scheferman
Principal Cyber Strategist at Eclypsium