firmware
Safeguard articles tagged "firmware" — guides, analysis, and best practices for software supply chain and application security.
12 articles
UEFI Secure Boot after BlackLotus and PKfail: what the trust chain still assumes
Secure Boot was designed to keep untrusted code from running before the operating system, but its trust anchors live in firmware that OEMs control and sometimes leak. BlackLotus and PKfail exposed the gap between the spec and the deployment.
BMC firmware and the supply chain you forgot you had
Baseboard management controllers run their own operating system below your hypervisor, ship as binary blobs from vendors like AMI and Insyde, and almost never appear in an SBOM. The MegaRAC incidents made that gap impossible to ignore.
MSI Graphics Driver Supply Chain Breach 2023: Lessons
The MSI breach exposed Intel BootGuard private keys and OEM signing infrastructure. A look at firmware-level supply chain risk and the gaps that remain.
SBOMs for Firmware and IoT Devices: The Hard Problem
Generating accurate SBOMs for firmware and IoT devices remains one of the toughest challenges in supply chain security. Here's the current state of the art.
Binary SBOM Analysis: Creating Software Bills of Materials Without Source Code
Not all software comes with source code. Binary analysis techniques can extract component information from compiled artifacts, firmware, and commercial software to produce SBOMs where traditional tools cannot.
Rust Embedded Supply Chain Guide
Rust is moving into embedded production fast. The supply chain shape for firmware is different from server-side Rust — smaller trees, longer lifetimes, tighter regulations.
BlackTech Firmware Supply Chain Operations
BlackTech's firmware implants in Cisco routers turned edge devices into long-dwell footholds. A look at the tradecraft and what defenders missed.
IoT Firmware SBOMs: From Nice-to-Have to Regulatory Requirement
Government mandates and industry standards are making SBOMs mandatory for IoT firmware. Here's what manufacturers need to know to comply.
Secure Boot UEFI and Software Supply Chain Links
How UEFI Secure Boot, shim, and Microsoft third-party UEFI CA connect to software supply chain risk in OS and firmware update pipelines.
Firmware Analysis and Reverse Engineering for Security Teams
Firmware is the forgotten attack surface. Here are the techniques security teams use to uncover hidden vulnerabilities in embedded software.
SBOMs for Embedded Systems: Firmware Transparency
Embedded devices run for decades and rarely get patched. SBOMs bring transparency to firmware that the IoT industry desperately needs.
Firmware Supply Chain Security Guide
Firmware runs below the operating system, making it invisible to most security tools. Compromised firmware can persist through OS reinstallation, making supply chain integrity essential.