{"guid":"f7df9294-6e67-4def-bf45-441663d489f6","title":"spispy: SPI flash device emulation","subtitle":"Open source tools for flash emulation and research","slug":"Camp2019-10186-spispy_spi_flash_device_emulation","link":"https://fahrplan.events.ccc.de/camp/2019/Fahrplan/events/10186.html","description":"\u003ca href=\"https://github.com/osresearch/spispy\"\u003espispy\u003c/a\u003e is an open source hardware tool for emulating SPI flash chips that makes firmware development and boot security research easier. In this talk we'll discuss the challenges of interfacing on the SPI bus and emulating SPI devices, as well as demonstrate how to use it quickly debug issues with coreboot and how we used spispy to discover a critical class of TOCTOU vulnerabilities in secure boot systems like Intel BootGuard.","original_language":"eng","persons":["Trammell Hudson"],"tags":["camp19","10186","Hardware \u0026 Making"],"view_count":914,"promoted":false,"date":"2019-08-21T00:00:00.000+02:00","release_date":"2019-08-22T02:00:00.000+02:00","updated_at":"2026-03-16T15:45:07.126+01:00","length":1928,"duration":1928,"thumb_url":"https://static.media.ccc.de/media/conferences/camp2019/10186-hd.jpg","poster_url":"https://static.media.ccc.de/media/conferences/camp2019/10186-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/conferences/camp2019/10186-hd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/conferences/camp2019/10186-hd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/Camp2019-10186-spispy_spi_flash_device_emulation","url":"https://api.media.ccc.de/public/events/f7df9294-6e67-4def-bf45-441663d489f6","conference_title":"Chaos Communication Camp 2019","conference_url":"https://api.media.ccc.de/public/conferences/camp2019","related":[{"event_id":7359,"event_guid":"a0a0fcfe-b7fb-46e3-84b6-97a5406016b4","weight":19},{"event_id":7360,"event_guid":"c9edea6f-1da1-4772-a0a9-6dd4e33f11bb","weight":18},{"event_id":7367,"event_guid":"afbc3b87-4156-470d-9385-c18e7b29f97b","weight":42},{"event_id":7368,"event_guid":"e1b56229-fb1e-480c-9691-c137ec11ee51","weight":20},{"event_id":7374,"event_guid":"4965ee72-6d7b-4e68-85f7-4d6c4f0c9041","weight":31},{"event_id":7375,"event_guid":"d8db148c-39e4-4f1e-af23-a26a477c82ee","weight":14},{"event_id":7381,"event_guid":"e988c76b-3a47-46de-a2c7-77c49a5e731b","weight":29},{"event_id":7383,"event_guid":"acc3dd01-bec3-444f-80c1-5dd37f522aa4","weight":13},{"event_id":7387,"event_guid":"8dc5712b-c14d-4aa0-9aa2-e598bbfc6a6d","weight":20},{"event_id":7405,"event_guid":"5337766f-3676-4a2a-b1f6-4bd66b4d71af","weight":19},{"event_id":7425,"event_guid":"06bcc268-f0db-48dc-963d-d3d54c6769a8","weight":18}],"recordings":[{"size":227,"length":1928,"mime_type":"video/mp4","language":"eng","filename":"camp19-10186-eng-spispy_SPI_flash_device_emulation.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-08-22T10:28:21.367+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/h264-hd/camp19-10186-eng-spispy_SPI_flash_device_emulation.mp4","url":"https://api.media.ccc.de/public/recordings/37238","event_url":"https://api.media.ccc.de/public/events/f7df9294-6e67-4def-bf45-441663d489f6","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":228,"length":1928,"mime_type":"video/mp4","language":"deu","filename":"camp19-10186-deu-spispy_SPI_flash_device_emulation.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-08-22T10:28:29.999+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/h264-hd/camp19-10186-deu-spispy_SPI_flash_device_emulation.mp4","url":"https://api.media.ccc.de/public/recordings/37239","event_url":"https://api.media.ccc.de/public/events/f7df9294-6e67-4def-bf45-441663d489f6","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":545,"length":1928,"mime_type":"video/mp4","language":"eng-deu","filename":"camp19-10186-eng-deu-spispy_SPI_flash_device_emulation_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-08-22T10:29:01.516+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/h264-hd/camp19-10186-eng-deu-spispy_SPI_flash_device_emulation_hd.mp4","url":"https://api.media.ccc.de/public/recordings/37240","event_url":"https://api.media.ccc.de/public/events/f7df9294-6e67-4def-bf45-441663d489f6","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":18,"length":1928,"mime_type":"audio/opus","language":"eng","filename":"camp19-10186-eng-spispy_SPI_flash_device_emulation_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2019-08-22T10:29:26.784+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/opus/camp19-10186-eng-spispy_SPI_flash_device_emulation_opus.opus","url":"https://api.media.ccc.de/public/recordings/37241","event_url":"https://api.media.ccc.de/public/events/f7df9294-6e67-4def-bf45-441663d489f6","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":29,"length":1928,"mime_type":"audio/mpeg","language":"eng","filename":"camp19-10186-eng-spispy_SPI_flash_device_emulation_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2019-08-22T10:29:43.708+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/mp3/camp19-10186-eng-spispy_SPI_flash_device_emulation_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/37242","event_url":"https://api.media.ccc.de/public/events/f7df9294-6e67-4def-bf45-441663d489f6","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":132,"length":1928,"mime_type":"video/mp4","language":"eng-deu","filename":"camp19-10186-eng-deu-spispy_SPI_flash_device_emulation_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2019-08-22T10:31:08.033+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/h264-sd/camp19-10186-eng-deu-spispy_SPI_flash_device_emulation_sd.mp4","url":"https://api.media.ccc.de/public/recordings/37243","event_url":"https://api.media.ccc.de/public/events/f7df9294-6e67-4def-bf45-441663d489f6","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":190,"length":1928,"mime_type":"video/webm","language":"eng-deu","filename":"camp19-10186-eng-deu-spispy_SPI_flash_device_emulation_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2019-08-22T10:47:38.653+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/webm-sd/camp19-10186-eng-deu-spispy_SPI_flash_device_emulation_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/37247","event_url":"https://api.media.ccc.de/public/events/f7df9294-6e67-4def-bf45-441663d489f6","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":678,"length":1928,"mime_type":"video/webm","language":"eng-deu","filename":"camp19-10186-eng-deu-spispy_SPI_flash_device_emulation_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-08-22T11:26:22.421+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/webm-hd/camp19-10186-eng-deu-spispy_SPI_flash_device_emulation_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/37269","event_url":"https://api.media.ccc.de/public/events/f7df9294-6e67-4def-bf45-441663d489f6","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"}]}