Librem13v2 TPM upgrade

I have upgraded my TPM firmware on my Librem13v2. Its keys are now safe. \o/

Back in 2017 we had the Infineon disaster (aka ROCA). I’ve written about it before about how bad it is and how to check if you’re affected with a simple tool.

I TAKE NO RESPONSIBILITY IF YOU BRICK YOUR DEVICE OR FOR ANYTHING ELSE BAD HAPPENING FROM YOU FOLLOWING MY NOTES.

Before the upgrade

$ tpm_version | grep Chip
Chip Version:        1.2.4.40    <--- Example vulnerable version
$ cbmem -c | grep Purism         # I upgraded coreboot/SeaBIOS just before doing this.
coreboot-4.9-10-g123a4c6101-4.9-Purism-2 Wed Nov 13 19:54:43 UTC 2019 […]
[…]
Found mainboard Purism Librem 13 v2

Download upgrade tool

$ wget https://repo.pureos.net/pureos/pool/main/t/tpmfactoryupd/tpmfactoryupd_1.1.2459.0-0pureos9_amd64.deb
[…]
$ alien -t tpmfactoryupd_1.1.2459.0-0pureos9_amd64.deb
[…]
$ tar xfz tpmfactoryupd-1.1.2459.0.tgz
$ mv usr/bin/TPMFactoryUpd .
$ sudo systemctl stop trousers.service         # Need to turn off tcsd for TPMFactoryUpd to work in its default mode.
[…]
$ ./TPMFactorUpd -info
  **********************************************************************
  *    Infineon Technologies AG   TPMFactoryUpd   Ver 01.01.2459.00    *
  **********************************************************************

       TPM information:
       ----------------
       Firmware valid                    :    Yes
       TPM family                        :    1.2
       TPM firmware version               Continue reading

Ericsson, Nokia, Samsung Hype Open Virtualization

It Takes Liquidity To Make Infrastructure Fluid

Stranded capacity has always been the biggest waste in the datacenter, and over the years, we have added more and more clever kinds of virtualization – hardware partitions, virtual machines and their hypervisors, and containers – as well as the systems management tools that exploit them. …

It Takes Liquidity To Make Infrastructure Fluid was written by Timothy Prickett Morgan at The Next Platform.

Balancing patient security with healthcare innovation | TECH(talk)

Healthcare organizations are one of the most targeted verticals when it comes to cyberattacks. While those organizations must work to secure patients' sensitive data, it can also be helpful to analyze that data to improve patient outcomes. Jason James, CIO of Net Health, joins Juliet to discuss why attackers target healthcare organizations, Google's Project Nightingale and what it means for a tech giant to have access to the medical data of millions of people.

Europe Opens Second Front For Domestic HPC Processors

The Barcelona Supercomputing Center has launched the European Laboratory for Open Computer Architecture (LOCA), a five-year effort aimed at developing energy efficient, high performance computing chips based on open architectures. …

Europe Opens Second Front For Domestic HPC Processors was written by Michael Feldman at The Next Platform.

Google, Microsoft Azure Beat AWS in Cloud Performance

VMware Expands Nokia Test Integration

Cisco Sinks on Rocky Q1, Dour Q2 Revenue Outlook  

AWS Launches Data Exchange, Simplifies Third-Party Sharing

BrandPost: Addressing Scalability Challenges with SD-WANs

It’s always difficult to tell how fast your business will grow, and hence how quickly you’ll need to scale your network and other IT infrastructure. When it comes to software-defined wide-area networks (SD-WAN), the scalability issue is particularly thorny because of the myriad factors that play into the equation.Some will tell you scaling an SD-WAN is a simple matter of adding appliances, but that is far from the case, says David Greenfield, Secure Networking Evangelist with Cato Networks. Cato provides a cloud-based SD-WAN service, so Greenfield is well-versed in the factors that make SD-WAN scalability so challenging. In this post, we’ll examine a handful of them.To read this article in full, please click here

Samsung Taps HPE, Openet for Multi-Vendor 5G SA Core Test

Cray to license Fujitsu Arm processor for supercomputers

Cray says it will be the first supercomputer vendor to license Fujitsu’s A64FX Arm-based processor with high-bandwidth memory (HBM) for exascale computing.Under the agreement, Cray – now a part of HPE – is developing the first-ever commercial supercomputer powered by the A64FX processor, with initial customers being the usual suspects in HPC: Los Alamos National Laboratory, Oak Ridge National Laboratory, RIKEN, Stony Brook University, and University of Bristol.[Get regularly scheduled insights by signing up for Network World newsletters.] As part of this new partnership, Cray and Fujitsu will explore engineering collaboration, co-development, and joint go-to-market to meet customer demand in the supercomputing space. Cray will also bring its Cray Programming Environment (CPE) for Arm processors over to the A64FX to optimize applications and take full advantage of SVE and HBM2.To read this article in full, please click here

Cray to license Fujitsu Arm processor for supercomputers

Cray says it will be the first supercomputer vendor to license Fujitsu’s A64FX Arm-based processor with high-bandwidth memory (HBM) for exascale computing.Under the agreement, Cray – now a part of HPE – is developing the first-ever commercial supercomputer powered by the A64FX processor, with initial customers being the usual suspects in HPC: Los Alamos National Laboratory, Oak Ridge National Laboratory, RIKEN, Stony Brook University, and University of Bristol.[Get regularly scheduled insights by signing up for Network World newsletters.] As part of this new partnership, Cray and Fujitsu will explore engineering collaboration, co-development, and joint go-to-market to meet customer demand in the supercomputing space. Cray will also bring its Cray Programming Environment (CPE) for Arm processors over to the A64FX to optimize applications and take full advantage of SVE and HBM2.To read this article in full, please click here

IoT Security Policy Platform Wants to Raise the Bar On Global IoT Security

By next year, five Internet of Things (IoT) devices are projected to be in use for every person on the planet.

IoT devices offer endless opportunities to improve productivity, economic growth, and quality of life. Think smart cities, self-driving cars, and the ways connected medical devices can monitor our health. The potential growth of IoT is virtually infinite.

But with opportunity comes a significant amount of risk. As much as we’d like to trust manufacturers to make sure burglars can’t watch our homes through data from an automated vacuum, many new devices lack even basic security features. And thousands of new devices are coming online each year without commitment to basic measures such as using unique passwords, encrypting our data, or updating software to address vulnerabilities.

To help people and businesses around the world prepare, a dedicated group is rising to the challenge of securing the Internet of Things though cooperation across borders and sectors.

They are government agencies, non-governmental organizations, and other organizations and experts working on IoT security joined together to form the IoT Security Policy Platform. We are proud to say the Internet Society is amongst them too. Together we’ve been discussing and sharing best practices and Continue reading

BrandPost: SD-WAN as MPLS Replacement: Why the Internet Isn’t Enough

As companies turn to SD-WAN services, they’re often looking to migrate away from expensive MPLS services at the same time and employ Internet services instead. But the public Internet doesn’t provide the kind of predictable performance that enterprises need, and it can introduce unacceptable security risks.A sound alternative is a global, privately managed cloud-based network that can provide the consistent performance and low latency that enterprises demand, but at a fraction of the cost of MPLS – and with security built in. To get a sense for the requirements companies should look for in a managed cloud backbone to make for a successful SD-WAN migration, I spoke with Dave Greenfield, Secure Networking Evangelist with Cato Networks, which has built just such a backbone.To read this article in full, please click here

IPv6 Buzz 039: Bringing IPv6 Into Enterprise Wireless

IPv6 Buzz 039: Bringing IPv6 Into Enterprise Wireless

This week's IPv6 Buzz discusses getting IPv6 into enterprise wireless environments. We discuss what proper vendor support for v6 looks like, evaluate the impact of a lack of DHCPv6 support in Android, why running dual stack is more work than a clean cutover, and more. Our guest is Joe Neville, a technical consultant at HPE Aruba.

The post IPv6 Buzz 039: Bringing IPv6 Into Enterprise Wireless appeared first on Packet Pushers.

BrandPost: The Challenges of SD-WAN Network Planning in an Era of Unknowns

As interest in software-defined wide-area networks (SD-WAN) continues to rise, enterprises are coming face to face with the challenge of planning an SD-WAN migration that will serve the company today and into the future, forcing them to deal with a number of unknowns.The uncertainties include how fast the company will grow, whether new sites will be required, and what revenue and cash flow will look like. Existing and emerging security threats must be considered as well. About the only certainty is that cloud services will continually factor into the equation.Challenges inherent in network future-proofingNetwork planning in this kind of environment requires a degree of future-proofing, meaning implementing a network that is comprehensive and agile enough to accommodate new requirements without compromising on service quality or total cost of ownership. But doing so comes with considerable challenges.To read this article in full, please click here

Getting Started With Automation Hub

In the past, Ansible content such as roles, modules and plugins was usually consumed in two ways: the modules were part of the Ansible package, and roles could be found in Galaxy. However, as time went on the current method of content distribution had challenges with scale for both contributors and consumers of Ansible content. Dylan described this in a blog post worth reading.

Recent releases of Ansible started a journey towards better content management. In previous Ansible releases, each and every module was strictly tied to the release schedule of Ansible and community, customer, and partner feedback demonstrated that the release schedule of content needed to evolve.  Ansible content collections allow our Ansible contributors to create specialized content without being tied to a specific release cycle of the Ansible product, making it easier to plan and deliver. For Ansible newcomers, the collections come “pre-packaged” with modules and playbooks around common use cases like networking and security, making it easier to get off the ground with Ansible. If you want to learn more about Ansible content collections, check out our series about collections!

The introduction of collections to the Ansible ecosystem solves a number of challenges for access to Continue reading

Getting Started With Ansible Content Collections

With the release of Red Hat Ansible Automation Platform, Ansible Content Collections are now fully supported. Ansible Content Collections, or collections, represent the new standard of distributing, maintaining and consuming automation. By combining multiple types of Ansible content (playbooks, roles, modules, and plugins), flexibility and scalability are greatly improved.

Who Benefits?

Everyone!

Traditionally, module creators have had to wait for their modules to be marked for inclusion in an upcoming Ansible release or had to add them to roles, which made consumption and management more difficult. By shipping modules within Ansible Content Collections along with pertinent roles and documentation, and removing the barrier to entry, creators are now able to move as fast as the demand for their creations. For a public cloud provider, this means new functionality of an existing service or a new service altogether, can be rolled out along with the ability to automate the new functionality.

For the automation consumer, this means that fresh content is continuously made available for consumption. Managing content in this manner also becomes easier as modules, plugins, roles, and docs are packaged and tagged with a collection version. Modules can be updated, renamed, improved upon; roles can be updated to Continue reading