Other articles

  1. UEFI SecureBoot on Debian

    This post explains how to enable UEFI SecureBoot on Debian, using your own trust chain. The technical part itself is very light, most of the post is explanations and what and why.

    What is SecureBoot ?

    UEFI SecureBoot is a mechanism to verify a cryptographic signature of UEFI Images before loading them into the Firmware (the new name for the BIOS1). This provides a way to control which images are allowed, and also drivers and option ROM used by the Firmware, and to fight bootkits and malwares based on that. For an example of such dangers, see my past presentations on malicious UEFI Option ROMs ([FR] at SSTIC, and [EN] at PacSec).

    Roughly, SecureBoot will rely on cryptographic signatures (mainly using SHA-256 and RSA-2048) that are embedded into files using the Authenticode file format. The integrity of the executable is verified by checking the hash, and the authenticity and the trust by checking the signature, based on X.509 certificates, which has to be trusted by the platform.


    At a high level, the Firmware has 4 different set of objects (see figures for details):


    • the Platform Key (PK): this is the main key. This keys, usually belonging to …
    read more
  2. Site Changed

    Date Thu 20 August 2015 Tags Life

    Since the blog was migrated (in fact, the entire server), I was wondering what to do with the previous content (especially the redmine installation, and the public git).

    I don’t like the idea of installing a new redmine server (and dynamic content), so I’ve decided to throw away all the previous content and public only the new, static, content. This also makes the installation easier, because the LXC containing the web server is read-only :)

    Some of the active projects are now published on github:

    The change may break all of the previous links - I’m sorry for that, if something was important please contact me.

    Comments may be re-added soon, maybe using Isso, allowing self-hosted comments, and no need for Disqus and others.

    read more
  3. OCaml LLVM bindings tutorial, part 4

    See also:

    In the previous examples, we’ve seen how to build OCaml applications to read, manipulate and write LLVM bitcode.

    To be able to generate realistic code, we now need to add a few more things. This part explains how to create bitcode with a correctly specified target triple, how to verify bitcode, and write a hello world application.

    Target Triple and Data Layout

    While LLVM IR is (or should be) target independent, there are a few things that are not. For example, the support for some instructions, the padding and alignment inside structures, the endianness, the size of pointers, etc. All these things are specified in two attributes of modules: the target triple, and the data layout.

    In the current (3.5) version of LLVM, these two attributes are optional. However, they could become mandatory in the future, so it is best specifying them.

    Note: in my personal opinion, specifying that inside the module is clearly redundant with the -march= option of llc. Most of this could have been handled by compiler flags, instead of creating situations where one can …

    read more
  4. OCaml LLVM bindings tutorial, part 3

    See also:

    The previous articles explain how to build applications using the OCaml-LLVM bindings, and how to use the API to manipulate the LLVM objects. This was the “read-only” part of the tutorial, which can be used to analyze LLVM IR.

    This part explains how to create LLVM IR, and write a simple application from scratch, and see how to build and run it.


    As in the previous tutorial, we need to create a context and a module:

    let llctx = global_context () in
    let llm = create_module llctx "mymodule" in


    There are two actions that can be done on functions:

    • declare_function to give only a declaration of the prototype,
    • define_function to give both the declaration and the implementation.

    In both cases, we need to give the signature (return type, number and type of arguments) of the function.

    This is pretty similar to C. We’ll use this to declare the function int main(void).

    The int type is a bit problematic in LLVM (and in C, but for other reasons): integer types must have a known size in LLVM. While this does not change the architecture-independent property …

    read more
  5. OCaml LLVM bindings tutorial, part 2

    See also:

    In the previous tutorial, we’ve seen how to use ocamlbuild and make to build a simple application. In this part, we’ll start exploring the API, and see how to access values and attributes of LLVM objects.

    The base of the code is the same as in part 1: it reads an existing LLVM bitcode file, for example one generated by clang.

    As in previous tutorial part, knowing the LLVM C++ API is not required (but can help).

    LLVM objects

    The top-level container is a module (llmodule). The module contains global variables, types and functions, which in turn contains basic blocks, and basic blocks contain instructions.


    In the OCaml bindings, all objects (variables, functions, instructions) are instances of the opaque type llvalue.

    A value has a type, a name, a definition, a list of users, and other things like attributes (for ex. visibility or linkage options) or aliases.

    Each value has a type (lltype), which is a composite object to define the type of a value and its arguments. To match the real type, it needs to be converted to a TypeKind.t:

    let rec print_type llty =
      let ty = Llvm …
    read more
  6. OCaml LLVM bindings tutorial, part 1



    This is the first part of a tutorial series, on how to use the OCaml bindings for LLVM. Why use OCaml bindings ? Because you can avoid using the C++ API, spending huge amounts of time compiling Clang sources, then your plugin, then debugging the segfaults again and again. The bindings are stable, cover most of the API, and are quite simple to use, thanks to the Debian packages.

    This tutorial is written based on a Debian Sid, things may differ but should stay similar on other distributions.

    The objectives of this first part are:

    • install the required packages
    • setup a build environment for ocamlbuild
    • build a simple application that reads an LLVM bitcode file and prints it


    The required packages are:

    • llvm-3.5-dev
    • libllvm-3.5-ocaml-dev
    • the LLVM and OCaml compilers (llvm-3.5, ocaml)
    • optionally, clang

    The current LLVM version is 3.6, however the OCaml bindings are currently disabled (See Debian bug #783919), because of changes in the required dependencies.

    Project Layout

    The sources are organized as follows:

    ├── build
    ├── Makefile
    └── src
        └── tutorial01.ml

    First application

    First, create file src/tutorial01.ml:

    let _ =
      let llctx = Llvm.global_context () in
      let llmem = Llvm.MemoryBuffer.of_file Sys.argv.(1) in
      let …
    read more
  7. Materials for my talk at SSTIC 2015 - PICON : Control Flow Integrity on LLVM IR

    Here are the materials for the talk PICON : Control Flow Integrity on LLVM IR, given during SSTIC 2015. While SSTIC is a french-speaking conference, I publish here in English because my other posts also are in English.

    Here is the summary, from the website:

    Control flow integrity has been a well explored field of software security for more than a decade.

    However, most of the proposed approaches are stalled in a proof of concept state - when the implementation is publicly available - or have been designed with a minimal performance overhead as their primary objective, sacrificing security.

    Currently, none of the proposed approaches can be used to fully protect real-world programs compiled with most common compilers (e.g. GCC, Clang/LLVM).

    In this paper we describe a control flow integrity enforcement mechanism whose main objective is security. Our approach is based on compile-time code instrumentation, making the program communicate with its external execution monitor. The program is terminated by the monitor as soon as a control flow integrity violation is detected.

    Our approach is implemented as an LLVM plugin and is working on LLVM’s Intermediate Representation.

    Code is currently being published (with an opensource …

    read more
  8. Blog migrated

    Date Mon 01 June 2015 Tags Life

    It’s been a long time since the last post, so this is a kind of “I’m alive” post. This blog has been migrated (as well as the entire server) to a static site generator, pelican. The theme is a custom one, inspired from pelican-boostrap. Why a static content generator ? Because browsing is fast, because it’s easy to create a read-only container to host pages, and because thanks to that I can avoid having PHP running. As the migration was both an automatic and manual process, don’t be surprised if things are broken, I will repair everything (don’t hesitate to give feedback).

    In fact, the entire server has been migrated, and it took some time before getting things to work again.

    What will be published ? Same kind as before, random posts on technical stuff, an OCaml-LLVM tutorial, thoughts on TLS, and maybe some sysadmin points one the installation of my servers

    read more
  9. grsec kernel with nvidia module

    Compiling a grsec kernel on a laptop/workstation is a good way to add protection against wide classes of attacks. However, while the options may be easy to choose on a server, this may be difficult because a typical desktop needs more privileges. Here are a few points:

    • Xorg (wants privileged I/O, unless you use KMS) conflicts with PAX_NOEXEC and GRKERNSEC_IO
    • power management: applets to display the battery level want (non-root) read permission on /sys, this will conflict with GRKERNSEC_SYSFS_RESTRICT. You can enable SYSFS_DEPRECATED as a workaround.
    • power management: ACPI is required for a laptop (if you want to be able to use suspend/resume, control fan speed, etc.)
    • power management: suspend/restore conflicts with some options (PAX_MEMORY_UDEREF and PAX_KERNEXEC)
    • virtualization: PAX_KERNEXEC conflicts with kvm/vmx

    If you have other points to add/corrections, just send them to me !

    Now, another problem I have is that I must use the proprietary kernel. Not that I really want to, but it is the only driver with proper support for my graphics card (GT555M), since the nouveau driver has some problems here: breaks suspend to ram/disk, sucks battery (I have 2h30 of autonomy with nouveau, and about 5 with Nvidia …

    read more

Page 1 / 7 »