Safeguard
Tag

firmware

Safeguard articles tagged "firmware" — guides, analysis, and best practices for software supply chain and application security.

12 articles

Supply Chain Attacks

UEFI Secure Boot after BlackLotus and PKfail: what the trust chain still assumes

Secure Boot was designed to keep untrusted code from running before the operating system, but its trust anchors live in firmware that OEMs control and sometimes leak. BlackLotus and PKfail exposed the gap between the spec and the deployment.

May 12, 20267 min read
Supply Chain Attacks

BMC firmware and the supply chain you forgot you had

Baseboard management controllers run their own operating system below your hypervisor, ship as binary blobs from vendors like AMI and Insyde, and almost never appear in an SBOM. The MegaRAC incidents made that gap impossible to ignore.

May 12, 20268 min read
Incident Analysis

MSI Graphics Driver Supply Chain Breach 2023: Lessons

The MSI breach exposed Intel BootGuard private keys and OEM signing infrastructure. A look at firmware-level supply chain risk and the gaps that remain.

Mar 24, 20265 min read
SBOM

SBOMs for Firmware and IoT Devices: The Hard Problem

Generating accurate SBOMs for firmware and IoT devices remains one of the toughest challenges in supply chain security. Here's the current state of the art.

Feb 25, 20266 min read
SBOM

Binary SBOM Analysis: Creating Software Bills of Materials Without Source Code

Not all software comes with source code. Binary analysis techniques can extract component information from compiled artifacts, firmware, and commercial software to produce SBOMs where traditional tools cannot.

Aug 8, 20257 min read
Open Source Security

Rust Embedded Supply Chain Guide

Rust is moving into embedded production fast. The supply chain shape for firmware is different from server-side Rust — smaller trees, longer lifetimes, tighter regulations.

Dec 18, 20246 min read
Industry Analysis

BlackTech Firmware Supply Chain Operations

BlackTech's firmware implants in Cisco routers turned edge devices into long-dwell footholds. A look at the tradecraft and what defenders missed.

Dec 15, 20246 min read
Compliance

IoT Firmware SBOMs: From Nice-to-Have to Regulatory Requirement

Government mandates and industry standards are making SBOMs mandatory for IoT firmware. Here's what manufacturers need to know to comply.

Apr 12, 20246 min read
Best Practices

Secure Boot UEFI and Software Supply Chain Links

How UEFI Secure Boot, shim, and Microsoft third-party UEFI CA connect to software supply chain risk in OS and firmware update pipelines.

Jan 30, 20245 min read
Vulnerability Management

Firmware Analysis and Reverse Engineering for Security Teams

Firmware is the forgotten attack surface. Here are the techniques security teams use to uncover hidden vulnerabilities in embedded software.

Dec 8, 20235 min read
SBOM

SBOMs for Embedded Systems: Firmware Transparency

Embedded devices run for decades and rarely get patched. SBOMs bring transparency to firmware that the IoT industry desperately needs.

Oct 18, 20236 min read
Hardware Security

Firmware Supply Chain Security Guide

Firmware runs below the operating system, making it invisible to most security tools. Compromised firmware can persist through OS reinstallation, making supply chain integrity essential.

Feb 5, 20226 min read
firmware — Safeguard Blog