“Firmware presents a large and ever-expanding attack surface,” says the U.S. government in a joint report from the U.S. Department of Homeland Security and the Department of Commerce. This 2022 report, a response to the Cybersecurity Executive Order of 2021, pointed out significant weaknesses in the firmware supply chain. Firmware attacks have a unique advantage over other attacks because of their ability to execute malicious code undetected by operating systems and most security solutions.
Each device – whether server, desktop, mobile, or connected device – has firmware, and firmware attacks typically come as malicious code introduced via a firmware update. This vulnerability exists because firmware can be tampered with from creation to distribution, with firmware-enabled components being exposed throughout the entire supply chain. LoJax and MoonBounce are examples of UEFI firmware attacks that not only reside in the nonvolatile SPI flash containing the boot firmware but execute at a level more privileged than the operating system’s kernel. A single compromised device can be used as a gateway by cybercriminals to cause a data breach, leading the financial and reputational damages for organizations.
Securing Firmware Reduces Supply Chain Attack Surface
While there is no single magic bullet to secure firmware in the supply chain, below are five best coding practices that can be applied to make firmware more secure throughout the supply chain.
1. Secure-by-design Approach
Security should be integrated at the earliest phase of firmware development. Identifying and implementing security remedies early in the development cycle is a cost-effective way to prevent security vulnerabilities prior to deploying firmware. Good developers are able to understand hardware design, consider potential security risks, and implement preventative measures. Firmware security is further bolstered when the hardware is also designed for security. Components such as a hardware root of trust can detect and protect firmware compromises.
2. Testing and Validation
Development and use of test plans that take advantage of static and dynamic testing tools are critical. Static tools help identify poor coding practices and improve code quality. Dynamic tools help identify vulnerabilities in the runtime environment through various techniques including black box, penetration, and stress testing; just to name a few. Input validation, memory safety, and testing for the threat vectors specified in your threat model are all parts of a solid testing and validation plan.
3. Leveraging Source Control and Collaboration
Source control systems empower developers to maintain change histories, employ automated testing, and enable reproducible builds. Good source control systems promote modern firmware development practices to break up work into smaller pieces for frequent integration with the team’s work. The idea to “commit early, push often” alongside constant collaboration between team members and other stakeholders ensures the firmware meets the requirements and makes way for security and peer reviews.
4. Implementing Software Bill of Materials (SBOM)
Maintaining the firmware’s bill of materials is becoming an increasingly necessary tool to bolster firmware security by providing a complete picture of the firmware’s supply chain. This will allow developers and their organizations to understand the potential security risks associated with the firmware and its third-party components and enables them to make informed decisions about their firmware supply chain.
5. Maintaining a Firmware Security Ecosystem
Even after the secured firmware has been developed, an ecosystem must be maintained for the developers, the firmware, and the customer. Developers need to be able to stay up-to-date on the latest development trends, techniques, and tools in order continuously improve their knowledge, skills, and the resulting product. In addition, developers need convenient means of reporting and remediating vulnerability sightings so they can implement firmware updates in a timely manner.
Vulnerabilities are Inevitable, but Best Coding Practices Can Minimize them
Protecting firmware’s end users requires a well-developed, systematic, security-first ecosystem that is built around the firmware. Through a secure-by-design approach and best practices of development and testing, firmware can be more secure throughout the supply chain. The ecosystem must also include features that alert downstream stakeholders about potential vulnerabilities and provide dynamic firmware updates, enabling end users to automate firmware updates as soon as vulnerabilities are discovered.
With deep experience in developing and delivering firmware to the computing industry, AMI is uniquely positioned to develop, deploy and help secure firmware throughout the supply chain across the cloud, telecommunications, automotive industry, edge computing, and beyond.
To learn more about how AMI can secure your platform firmware, visit AMI Zero Trust firmware.