image image
Julien Cretin & Jean-Michel Picod at Hardwear NL 2023

Julien Cretin & Jean-Michel Picod

Wasefire, a secure firmware framework

Workshop Title:

Wasefire, a secure firmware framework


Wasefire is an open-source framework that facilitates writing secure firmware code, which is executed by a WebAssembly (WASM) virtual machine. This design supports the two primary objectives of the framework:

  • Security: WASM is a sandboxed environment, which means that WASM applets cannot access the underlying hardware or other applets without permission. This prevents vulnerable applets from compromising the entire platform and mitigates the risk of confidential material extraction. In addition to the security provided by WASM, the virtual machine itself follows the latest security best practices, particularly in the area of cryptography.
  • Usability: WASM is a compilation target for most popular programming languages, which means that developers can use their usual development process and write firmware code in the same way that they would write software code. In addition to providing a better developer experience, WASM applets are portable at the bytecode level across all supported devices. In particular, it is possible to run an applet on a desktop for example for testing purposes.

Wasefire is in its early stages, and we are looking forward to hearing from the community about which features and use cases are interesting so that we can build the most useful framework to develop secure firmware.

Speaker Bio:

Julien Cretin is currently working at Google Switzerland in the security, privacy, and abuse prevention research team. He has a background in programming languages, type systems, formal methods, and program verification from his PhD and his work on the TrustInSoft C/C++ static analyzer.

Jean-Michel Picod currently working at Google Switzerland in the Security, Privacy and Abuse prevention Research team. He holds an engineering degree in computer systems, networks and security and focuses on hardware security research (side-channel, fault-injection, embedded firmware).