28 Repos
Software and protocols designed to secure the low-level boot processes of computing hardware.
Explore 28 awesome GitHub repositories matching security & cryptography · Hardware Security. Refine with filters or upvote what's useful.
SecLists is a centralized library of security assessment data designed to support vulnerability discovery and penetration testing. It functions as a comprehensive repository of wordlists, payloads, and testing methodologies used to audit software, firmware, and internet-connected hardware for technical vulnerabilities. The project distinguishes itself through a standardized taxonomy and a language-agnostic data format, which allows security tools to predictably ingest and utilize its assets regardless of the underlying programming environment. By decoupling raw testing data from execution log
Provides methodologies and testing resources for hardening internet-connected hardware against insecure configurations.
Magisk is an Android rooting framework designed to manage system-level modifications and grant administrative access to mobile devices. It functions by patching boot and recovery images to inject custom code into the operating system initialization sequence, allowing for system-wide control while maintaining compatibility with the underlying hardware. The project distinguishes itself through a systemless modification layer that overlays a virtual file system on top of read-only partitions, enabling changes without altering core system files. It includes a policy daemon to manage security cont
Controls the device startup process to permit the execution of modified system images and custom recovery environments.
OpenCore Legacy Patcher is a utility designed to enable the installation and operation of modern operating systems on legacy hardware that is no longer officially supported. By interposing a custom bootloader between the system firmware and the kernel, the project facilitates the deployment of current software releases on older devices, bypassing restrictive compatibility checks and hardware identification requirements. The project distinguishes itself through a comprehensive framework for system interposition and persistent patching. It employs dynamic kernel extension injection and runtime
Provides a configuration interface for managing bootloader settings and memory patches to bypass hardware restrictions.
TinyGo is a specialized compiler and development toolkit designed to bring the Go programming language to resource-constrained microcontrollers and WebAssembly environments. It provides a bare-metal runtime environment that enables high-level code execution without the need for a traditional operating system, utilizing an LLVM-based backend to generate efficient machine instructions. The project distinguishes itself through aggressive optimization techniques tailored for small hardware, including a static memory allocation strategy and whole-program dead code elimination that significantly re
Supports firmware deployment by triggering built-in bootloader modes on microcontrollers.
systemd is a comprehensive system and service manager for Linux that orchestrates the entire operating system lifecycle. It functions as the primary init system, managing the transition from firmware to a fully initialized user space while providing a unified framework for service orchestration, hardware management, and resource control. The project distinguishes itself through its declarative, unit-based configuration model and dynamic dependency resolution, which allow for efficient, on-demand service activation and socket-based process management. It integrates deep system observability th
Executes EFI images and kernels directly from the EFI partition using configurable boot loader entries.
PyInstaller is a cross-platform binary packager and application freezer that bundles Python scripts and their dependencies into standalone executables. It allows programs to be distributed and run on target operating systems without requiring a local installation of the Python interpreter. The tool functions as a standalone executable bundler, packaging the application with all necessary modules and libraries into a single file or folder. It includes integration for digital binary signing to satisfy operating system security requirements for distributed software. The system utilizes static a
Provides the ability to compile the executable bootloader from source code when precompiled versions are unavailable.
PX4-Autopilot is a professional-grade flight control software stack designed for autonomous unmanned vehicles, including multicopters, fixed-wing aircraft, and vertical takeoff and landing platforms. It operates as a modular, real-time framework that decouples flight control logic from hardware drivers through a publish-subscribe middleware architecture. The system utilizes a deterministic microkernel runtime to execute time-critical flight control loops and sensor fusion tasks, ensuring stable navigation and vehicle operation. The platform distinguishes itself through a parameter-driven conf
Uses integrated hardware security elements to perform encryption and ensure secure deployment.
ESPHome is a framework for creating and managing custom firmware for microcontrollers, specifically targeting ESP32 and ESP8266 architectures. It replaces the need for writing complex embedded C++ code by allowing users to define hardware behavior, pin configurations, and automation logic through simple, declarative text files. The system automatically compiles these configurations into optimized binary images, providing a streamlined path from design to deployment. The project distinguishes itself through a modular, component-based architecture that emphasizes local-first control, ensuring t
Configures network credentials and enforces encryption for device communication to ensure secure data exchange.
Rocky is an open-source enterprise operating system designed for server and cloud infrastructure. It is a community-maintained Linux server distribution that provides a platform focused on stability and security. The project is fundamentally a Red Hat Enterprise Linux compatible operating system, maintaining bug-for-bug binary compatibility to ensure identical software behavior. This allows it to serve as an enterprise-grade platform without proprietary licensing. The distribution covers a broad range of system administration capabilities, including package management via modular repository
Requires a password to access the boot menu to prevent unauthorized configuration changes.
This repository contains the source code for a C-based network botnet designed to compromise Internet of Things devices. It serves as a functional implementation of malware used for security research, behavioral analysis, and the development of threat detection signatures. The project includes a command and control server architecture that manages infected devices via a custom binary protocol and TCP-based command distribution. It employs a cross-compilation toolchain to build and deliver architecture-specific binary payloads across multiple hardware platforms. The codebase covers capabiliti
Facilitates security research on IoT devices by testing compatibility and vulnerabilities using architecture-specific binaries.
jetson-inference is a set of libraries and tools for executing optimized deep learning models on embedded GPU hardware. Its primary purpose is to enable real-time computer vision and AI inference at the edge with low latency and high throughput. The project distinguishes itself through high-performance streaming analytics and the ability to execute concurrent AI pipelines on auto-grade silicon. It provides specialized support for multi-sensor stream processing, utilizing zero-copy data transport to load camera frames directly into GPU memory. The codebase covers a broad surface of capabiliti
Protects environments using secure boot, disk encryption, and runtime integrity via fTPM.
This project is an open-source software development kit and framework for implementing the Matter smart home standard. It provides a universal IPv6-based application layer and a cluster-based data model to ensure interoperability between diverse smart home devices and controllers. The system is distinguished by its multi-transport network abstraction, which maps Bluetooth LE, Thread, and Wi-Fi implementations to a common layer. It includes specialized tooling for secure device commissioning via QR codes and NFC, as well as a comprehensive over-the-air firmware update system for distributing s
Downloads updates from a remote provider and uses a bootloader to test and install the new image.
Arpl is a bootloader manager and custom kernel loader for network attached storage devices. It provides a network boot environment to automate the fetching, flashing, and installation of modified operating systems and kernels onto hardware storage. The project distinguishes itself through a remote management suite that exposes bootloader controls via a web browser, secure shell connection, or local terminal. It utilizes RSS feeds to automate the retrieval of the latest system images and version metadata for online updates. The system handles hardware boot configuration by mapping network int
Provides a web and shell interface for managing and modifying bootloader settings and memory patches remotely.
OpCore-Simplify is an automated tool that generates a complete OpenCore EFI folder for Hackintosh builds. It scans the system hardware to identify supported devices and compatible macOS versions, then assembles a bootable EFI configuration by downloading the latest OpenCore bootloader and required kernel extensions from official sources. The tool differentiates itself by automating the entire EFI creation process, from hardware detection through patch application. It automatically selects and applies the correct ACPI hotfixes and kernel extensions based on the detected hardware and target mac
Fetches the latest OpenCore bootloader and kernel extensions from official sources before each EFI build.
Faraday is a vulnerability management platform and security tool aggregator designed to centralize security findings from multiple scanners into a single dashboard. It utilizes a relational security database to catalog hosts, services, and security flaws, enabling users to track remediation and analyze organizational risk. The platform distinguishes itself through a plugin-based system that normalizes diverse security tool outputs into a unified data model. It supports deep integration with a wide array of scanners and CLI tools, intercepting shell command output or parsing report files to ag
Retrieves operational technology and IoT security data from external platforms using filter sets.
Demonstrates exploit chains for discontinued network devices to highlight persistent security risks.
This is the official documentation repository for Raspberry Pi hardware and software. It covers the complete range of Raspberry Pi single-board computers, the RP-series microcontrollers, and the Raspberry Pi operating system. The documentation provides reference material for setting up devices, configuring hardware, and using the system for tasks including AI inference, camera and video capture, embedded development, and remote access. The documentation covers the full boot chain from the GPU firmware and EEPROM bootloader through to kernel loading, with detailed guidance on boot configuratio
Stores the bootloader in SPI EEPROM with secure boot via OTP-programmed public key hashes.
IncludeOS ist ein Unikernel-Betriebssystem, das Anwendungscode zusammen mit den notwendigen Kernel-Treibern in einem einzigen bootfähigen Image bündelt. Es fungiert als ressourceneffiziente virtuelle Maschine für Cloud-Dienste und als leichtgewichtige Serverless-Laufzeitumgebung, die darauf ausgelegt ist, Speicherbedarf und Bootzeiten zu minimieren. Das Projekt bietet eine Linux-Kompatibilitätsschicht über eine C-Bibliothek, wodurch Anwendungen, die für Linux geschrieben wurden, innerhalb der Unikernel-Umgebung kompiliert und ausgeführt werden können. Zudem dient es als Framework für Netzwerk-Appliances, um leistungsstarke Firewalls und Load Balancer mit konfigurierbaren TCP/IP-Stacks zu erstellen. Zu den umfassenden Funktionen gehören die Erstellung minimaler Maschinen-Images für den Einsatz auf Hypervisoren wie KVM, Qemu und VMware sowie die Härtung eingebetteter IoT-Geräte durch das Unterbinden von Laufzeit-Rekonfigurationen. Das System unterstützt einen schnellen Dienststart zur Optimierung von Serverless-Kaltstarts und nutzt nicht-präemptives Scheduling, um eine vorhersagbare Latenz zu gewährleisten.
Hardens embedded IoT devices by preventing runtime reconfiguration of the operating system.
Side-Menu.Android ist eine wiederverwendbare UI-Komponente für Android-Anwendungen, die eine ausziehbare Navigationsleiste (Slide-out Navigation Drawer) bereitstellt. Sie wurde entwickelt, um Entwicklern dabei zu helfen, Anwendungsbereiche und Benutzeroptionen in einem strukturierten, verborgenen Panel zu organisieren, das eine saubere Schnittstelle für den primären Inhaltsbereich beibehält. Die Komponente zeichnet sich durch ihre visuelle Präsentation aus, die den Material Design-Richtlinien folgt, um eine konsistente und intuitive Benutzererfahrung zu gewährleisten. Sie verfügt über eine datengesteuerte Menühierarchie, die eine logische Gruppierung von Navigationselementen ermöglicht, und integriert flüssige kreisförmige Reveal-Animationen, um polierte visuelle Übergänge beim Öffnen oder Schließen des Menüs zu bieten. Durch die Kapselung komplexer Layout- und Interaktionslogik in eine einzige, modulare Klasse vereinfacht die Bibliothek die Implementierung der Navigation über mehrere Bildschirme hinweg. Sie unterstützt ereignisgesteuerte Übergänge, was es Entwicklern ermöglicht, Menüinteraktionen von Inhaltsaktualisierungen zu entkoppeln, um eine saubere und reaktionsschnelle Anwendungsarchitektur zu wahren.
Provides methodologies and practices for securing internet-connected hardware devices.
itpol ist ein Framework für kryptografisches Key-Management, digitale Signaturrichtlinien und Security-Hardening. Es bietet eine IT-Richtlinien-Vorlagenbibliothek und Infrastruktur-Zugriffs-Frameworks, um organisatorische Sicherheitsrichtlinien und Governance zu etablieren. Das Projekt konzentriert sich auf kryptografisches Identitätsmanagement durch die Verwendung von PGP- und SSH-Schlüsseln, neben einem Security-Hardening-Leitfaden für Workstations. Es definiert Standards für die Sicherheit der Software-Lieferkette, insbesondere bezüglich der Signierung von Code-Commits und Software-Releases zur Sicherstellung der Provenienz. Das System deckt ein breites Spektrum an Sicherheitsfunktionen ab, einschließlich der Implementierung von Multi-Faktor-Authentifizierung, Festplattenverschlüsselung und Bootloader-Sicherheit. Es adressiert zudem sichere Kommunikations-Workflows für verschlüsseltes Messaging und E-Mail sowie die Verwaltung von Hardware-Sicherheitsmodulen und Zero-Knowledge-Backup-Strategien.
Defines security standards for UEFI configuration and bootloader password protection.