Embedded Systems Weekly #135

Embedded Systems Weekly #135

This week Siemens revealed a new vulnerability in its S7-1500 CPU product family: Missing Immutable Root of Trust. What does it mean in simple words? The device can't ensure the integrity of the code executed. One would say, let's patch the vulnerability. Herein lies the big problem with this vulnerability. The origin is burned on a chip. Conclusion: No fix planned. And one advice: be careful with whom can access the product. Really?!

Happy reading!

Sponsor

-- Call for Papers for Hardwear.io USA is open!

The @hardwear_io USA 2023 Call for Papers is open now. If you have a groundbreaking embedded research or an awesome open-source tool you’d like to showcase to the global hardware security community, this is your chance. Send in your ideas on various hardware topics, including but not limited to Chips, Processors, ICS/SCADA, Telecom, Protocols & Cryptography. Submit now!

Articles

A Comparison of SPARK with MISRA C and Frama-C
There is for sure a bias in this paper hosted on the Adacore website. Nevertheless, I find the comparison fair. With the recent changes in the way Adacore licenses its libraries, and improvements in dependency management, I feel that Ada can get its chance in the popularity charts.

Taking over a Dead IoT Company
It's a fun reading, and there is more to it than the title share. The author analyzes why the defunct NYC Train Sign failed. From his point of view, mainly because the BOM (Bill Of Materials) was too high and the retail price too low. He shares: "One trick I use is that multiplying the BOM cost by 4 will often get you the retail price." Do you agree with his approach as a back of the enveloppe estimation?

What're you telling me, Ghidra?
Many articles on reverse engineering something are using Ghidra. It could be intimidating to start right away in an advanced subject. With this article, you can get yourselves familiar with the tool.

Welcome to Comprehensive Rust 🦀
Rust usage is spreading everywhere: In the Linux kernel, recently in the Chrome web browser, and notably in Android. As a bonus, The team behind the course is maintaining discussions on Github where you can ask questions.

Whoops: Linux's strcmp() For The m68k Has Always Been Broken
That's a story that makes obvious how benefic the recent changes toward safety are. This subtle bug has been found because the flag "-funsigned-char" is now enabled by default. Way to go Linux kernel team!

If you use a custom linker script, _start is not (necessarily) the entry point
Great article to complement your knowledge if you are starting your journey into custom linker scripts.

Tools / Libraries

WLED Project
A fast and feature-rich implementation of an ESP8266/ESP32 webserver to control many kinds of LEDs

Jobs

Blue Origin, Avionics Software Senior Manager – Advanced Development Programs, Seattle, WA $177k-$259k / year
We are a diverse team of collaborators, doers, and problem-solvers who are relentlessly committed to a culture of safety. This position will directly impact the history of space exploration and will require your commitment and detailed attention towards safe and repeatable space flight. Join us in lowering the cost of access to space and enabling Blue Origin’s vision of millions of people living and working in space to benefit Earth.

Misc

Nixie Tube Audio Meter
It is such a beautiful project. I could not add it to the newsletter. As a bonus, the author shares his workflow to generate animated 3D previews of the case with the PCB in.

Apollo Guidance Computer Restoration
The whole Youtube playlist is magnificent. If you love electronics, be careful. If you launch one of these videos, you're going to lose hours of your day.