Author | Lightnews

Andrea Barisani

@andreabarisani.bsky.social

350 followers 82 following 150 posts

hacker | tamagopher | https://andrea.bio

andrea.bio

Posts Media Videos Starter Packs

Pinned

Andrea Barisani @andreabarisani.bsky.social · Nov 17

Welcome new followers!

I am a security researcher known for the USB armory and TamaGo project among other things.

I enjoy finding unconventional ways to secure things once and for all.

andrea.bio

github.com/abarisani

Andrea Barisani @andreabarisani.bsky.social · 10h

Our OTP fusing tool also has some serious ASCII going on, check the fuse map visualization:

github.com/usbarmory/cr...

GitHub - usbarmory/crucible: One-Time-Programmable (OTP) fusing tool

One-Time-Programmable (OTP) fusing tool. Contribute to usbarmory/crucible development by creating an account on GitHub.

github.com

Andrea Barisani @andreabarisani.bsky.social · 10h

Or our org README:

github.com/usbarmory/.g...

github.com

1 1

Andrea Barisani @andreabarisani.bsky.social · 10h

Nope, all by hand!

If you like it you will enjoy our USN armory datasheet:

github.com/usbarmory/us...

Datasheet (Mk II)

USB armory - The open source compact secure computer - usbarmory/usbarmory

github.com

1 1

Andrea Barisani @andreabarisani.bsky.social · 10h

vim

Andrea Barisani @andreabarisani.bsky.social · 11h

I am switching to ASCII art for CV/portfolio depiction.

It's so relaxing and rewarding going in this direction.

andrea.bio

2 13

Andrea Barisani @andreabarisani.bsky.social · 1d

Good luck!

1 1

Andrea Barisani @andreabarisani.bsky.social · 1d

“Implementing a Persistent Key-Value Store in a
Tamper-Resistant Device for SGX Enclave Applications”

Nice research which used our USB armory and TamaGo for its implementation!

dl.acm.org/doi/abs/10.1...

Implementing a Persistent Key-Value Store in a Tamper-Resistant Device for SGX Enclave Applications | Proceedings of the 16th ACM SIGOPS Asia-Pacific Workshop on Systems

dl.acm.org

1 3

Andrea Barisani @andreabarisani.bsky.social · 4d

Thank you for your work, this is amazing.

Reposted by Andrea Barisani

Filippo Valsorda @filippo.abyssdomain.expert · 6d

Today, my job as a cryptography engineer involved ASCII art and the Star Wars wiki. github.com/cfrg/draft-i...

Make labels consistent and name-agnostic by FiloSottile · Pull Request #28 · cfrg/draft-irtf-cfrg-concrete-hybrid-kems

We already have the weird label for X25519 + ML-KEM-768, and it looks like the conversation around names will drag on for a while longer, so let's just make labels consistent and name-agnostic,...

github.com

1 5 46

Andrea Barisani @andreabarisani.bsky.social · 15d

I just released go-boot v1.1 which brings in the now mature EFI Simple Network support.

Compile with NET=1 DEBUG=1 and you can use go `trace`, `pprof` or even statsviz visualization against a pure Go UEFI application!

github.com/usbarmory/go...

Release go-boot v1.1 · usbarmory/go-boot

This is a release of the go-boot unikernel which implements a UEFI Shell and OS loader for AMD64 platforms, implemented bare metal Go using the TamaGo framework. The unikernel is an UEFI applicatio...

github.com

Andrea Barisani @andreabarisani.bsky.social · 15d

Following go1.25.2, I've just released tamago-go1.25.2 and tamago v1.25.2.

This release comes to you directly from Google HQ in Sunnyvale, as I attend the OSFC and UEFI Developer conferences!

github.com/usbarmory/ta...

github.com/usbarmory/ta...

1 2

Andrea Barisani @andreabarisani.bsky.social · 22d

First ever boot of a TamaGo unikernel in the cloud, here on Google Cloud Compute Engine, automatically deployed from remote userspace!

Looking forward to polish and publish this.

1 7

Andrea Barisani @andreabarisani.bsky.social · 24d

Thanks to TamaGo it took me less than 5 minutes to integrate Gemini AI in my UEFI bootloader.

Is this the first ever AI capable boot manager? Probably?

Shall I feel guilty? Most definitely!

I cannot underestimate how enabling TamaGo is.

Andrea Barisani @andreabarisani.bsky.social · 27d

Pro tip: the most important tool to help, or give hell to, developers of safe IRQ handling on SMP systems is `ping -f`.

Andrea Barisani @andreabarisani.bsky.social · Sep 22

I am SSH'ing in my gaming PC bootloader to start Windows remotely.

I am so grateful to the gVisor team for allowing me to put their pure Go TCP/IP stack on the bare metal.

All of this is now in go-boot@development and will be part of v1.1:

github.com/usbarmory/go...

GitHub - usbarmory/go-boot at development

The bare metal Go UEFI boot manager. Contribute to usbarmory/go-boot development by creating an account on GitHub.

github.com

1 2 19

Andrea Barisani @andreabarisani.bsky.social · Sep 17

"Timing Side-Channel Attacks on USB Devices Using eBPF"

What a cool spin on Armory/GoKey/Tamago, used as experimental testbed in this paper.

secloud.ing.unimore.it/shared/paper...

Andrea Barisani @andreabarisani.bsky.social · Sep 15

Screw PXE, this means the entire Go TLS and networking stack is available under UEFI.

In seconds I added DHCP and an SSH server to remotely manage my pre-boot environments.

I see much potential.

Andrea Barisani @andreabarisani.bsky.social · Sep 15

Adding networking to go-boot through UEFI Simple Network Protocol.

It took 77 LOCs of pure Go to add the UEFI driver and bridge it to gVisor stack.

9 45

Andrea Barisani @andreabarisani.bsky.social · Sep 15

Adding networking to go-boot through UEFI Simple Network Protocol.

It took 77 LOCs of pure Go to add the UEFI driver and bridge it to gVisor stack.

1 15

Andrea Barisani @andreabarisani.bsky.social · Sep 2

I am so humbled by the two @gophercon.com talks which touched TamaGo this year!

Andrew Williams is porting Fyne to TamaGo, which means bare metal GUI in UEFI with go-boot!

Patricio Whittingslow talked about our upstreaming proposal and its generic “noos” API.

❤️

Shall I submit next year?

1 4

Andrea Barisani @andreabarisani.bsky.social · Sep 1

Work on porting TamaGo to ARM64 has begun!

The Go runtime changes are complete and original distribution tests are passing.

github.com/usbarmory/ta...

Reposted by Andrea Barisani

joern @jrn.bsky.social · Aug 19

Today I have a more serious topic than usual, please consider reposting for reach:

My wife and I are urgently looking for a specialist in neuropediatrics or a similar field for our autistic child with a diagnosed, but not further specified, movement disorder [1/4]

1 23 4

Andrea Barisani @andreabarisani.bsky.social · Aug 19

TamaGo 1.25.0 has been released!

Quite a smooth merge to bring in all the Go 1.25.0 major release goodies.

github.com/usbarmory/ta...

github.com/usbarmory/ta...

Release tamago-go1.25.0 · usbarmory/tamago-go

This is a release for the Go distribution as modified by the TamaGo framework, which enables compilation and execution of unencumbered Go applications on bare metal AMD64/ARM/RISC-V processors. Thi...

github.com

1 6

Andrea Barisani @andreabarisani.bsky.social · Aug 11

TamaGo 1.24.6 has been released with SMP support!

Given the number of supported platforms and architectures this also marks the beginning of release notes for both tamago-go and tamago repositories.

github.com/usbarmory/ta...

github.com/usbarmory/ta...

Andrea Barisani @andreabarisani.bsky.social · Jul 29

I am delighted to say that TamaGo SMP support is now mature for Firecracker/QEMU microVMs!

The changes are tracked in the following PR and will be merged in tamago1.24.6 when go1.24.6 is released.

github.com/usbarmory/ta...

amd64: SMP support by abarisani · Pull Request #51 · usbarmory/tamago

This PR adds initial SMP support to TamaGo amd64 package by implementing several changes to the Go patches and library. The tamago-go runtime changes to support this PR are available in the tamago1...

github.com

Andrea Barisani @andreabarisani.bsky.social · Jul 27