Late last month, Feng Tien of Intel checked in new code to the EDK-II trunk, with support for a Universal Flash Storage (UFS) stack.

The stack “includes 4 drivers:
1. UfsPassThruDxe, which is a UEFI driver and consumes EFI_UFS_HOST_CONTROLLER_PROTOCOL and produces EFI_EXT_SCSI_PASS_THRU_PROTOCOL.
2. UfsPciHcDxe, which is specific for pci-based UFS HC implementation and is a UEFI driver to produce EFI_UFS_HOST_CONTROLLER_PROTOCOL.
3. UfsBlockIoPei, which is a PEI driver and consumes EFI_UFS_HOST_CONTROLLER_PPI and produces EFI_PEI_VIRTUAL_BLOCK_IO_PPI.
4. UfsPciHcPei, which is specific for pci-based UFS HC implementation and is a PEI driver to produce EFI_UFS_HOST_CONTROLLER_PPI.”

Starting a few days ago, there’ve been many UEFI 2.5-specific checkins to the EDK-II trunk.

MdePkg/Include/Uefi/UefiSpec.h now has a EFI_2_50_SYSTEM_TABLE_REVISION entry. There are similar updates to PI structures.

I’ll have some more blog entries on other specific new changes for UEFI 2.5 — specs and code — in the coming days, there is a lot to study…

Yesterday Cory Doctorow had a story in yesterday’s BoingBoing about medical device security, including firmware security. Excerpt:

“Like other medical devices that independent security researchers have looked at, Richards said the Hospira LifeCare pump did not validate the authenticity of firmware updates prior to installing them – a common problem in the medical device sector.”

Read the full story here:

Drug pump is “most insecure” devices ever seen by researcher

At the the Linux Plumbers Conference (LPC) this August in Seattle there will be a “Boot, Init, and Config miniconf”. Full details here:

http://wiki.linuxplumbersconf.org/2015:boot_init_and_config

According to EDO Invo, today Cradlepoint changed their policy from requiring customers own current products or support contracts in order to receive firmware updates for their routers, and have made their firmware updates freely-available. Read the full story here:
http://www.evdoinfo.com/content/view/5056/64/

Today, Sony announced new firmware updates for their Xperia Z3, Xperia Z3 Compact, Xperia Z3 Tablet Compact, Xperia Z2 and Xperia Z2 Tablet, with Android Lollipop 5.0, with a variety of security fixes.

Read the full message from Sony here:
http://talk.sonymobile.com/t5/Software-Updates/New-Android-5-0-Lollipop-firmware-update-for-the-Xperia-Z3-and/m-p/980932

As reported today by Rick Robinson, Georgia Institute of Technology, in Scientific Computing, researchers at Georgia Tech Research Institute (GTRI) have interesting new research for use of FPGAs in embedded system design, which adds “entirely new attack vectors to consider, ones that lie outside the traditional computer security mindset.” Read the full Scientific Computing article here[1], and read the GTRI research here[2].

[1] http://www.scientificcomputing.com/news/2015/05/advancing-security-and-trust-reconfigurable-devices
[2] http://www.gtri.gatech.edu/casestudy/advancing-security-and-trust-reconfigurable-device

The first step of the migration from the SourceForge-hosted mailing lists to Intel 01.org-hosted lists is underway:

https://lists.01.org/mailman/listinfo/edk2
http://www.tianocore.org/news/2015/05/01/UnderConst.html

Today, on the edk2-devel mailing list, Joe Peterson of Intel announced the availability of the replacement EDK2 mailing list:

“Due to community feedback, a new mailing list is being set up to replace this one. The new list will be hosted on Lists.01.org and should be more stable and consistent than this one. The host has an opt-in policy and will not allow the current subscription list to be imported so you will need to subscribe yourself. The timing of the final conversion to the new list is still to be determined, but in the meantime you can sign up for the new list here:  https://lists.01.org/mailman/listinfo/edk2/ . Please keep all relevant communications on this channel and do not use the new one for patches or questions yet. Feel free to post questions/comment/concerns to this current list. Stay tuned for more updates… A list of the content changes / improvement being worked can be found here:  http://www.tianocore.org/news/2015/05/01/UnderConst.html . Thank you.”

Firmware updates are everywhere these days. Your bicycle might need a firmware update! 🙂 As reported by the Bicycle Retailer[1], today Stages Power[2], makers of embedded hardware for the bicycle industry, issued a firmware update, to address a variety of issues, including a “Startup/Shutdown routine bug fixes eliminating potential to over-burden battery.” Full details from the Stages support site[3]. I’ll admit, I don’t know what embedded OS and firmware solution they’re based on. Does anyone know?

[1] http://www.bicycleretailer.com/product-tech/2015/05/04/stages-issues-firmware-update-power-meter-and-app
[2] http://www.stagescycling.com/stagespower
[3] http://support.stagescycling.com/support/solutions/articles/1000043365-stages-power-meter-firmware-release-details-and-history

GIGABYTE Enables Support for Upcoming 5th Gen Intel® Core™ Processors
Entire Range of GIGABYTE 9 Series Motherboards including Z97/H97 Now Compatible with Simple BIOS Update

2015/04/30

Taipei, Taiwan, April 30th, 2015 – GIGABYTE TECHNOLOGY Co. Ltd., a leading manufacturer of motherboards and graphics cards is proud to announce their entire line-up of Z97 and H97 motherboards now support the soon-to-launch 5th Generation Intel® Core™ processors. GIGABYTE engineers have tested and validated all GIGABYTE 9 series motherboards including Z97 and H97 chipset-based motherboards to ensure optimal performance for 5th Generation Intel® Core™ processors. Users wanting to take advantage of all the features of 5th Gen Intel® Core™ processors have to offer at launch, simply need to download the latest UEFI BIOS from the GIGABYTE website.

Read the full press release:

http://www.gigabyte.us/press-center/news-page.aspx?nid=1362

Read the full story at ThreatPost:

Authentication Vulnerabilities Identified in Projector Firmware
By Chris Brook
April 28, 2015 , 11:42 am

Authentication Vulnerabilities Identified in Projector Firmware

The UEFI Forum announced availability of the PI Spec v1.4, the ACPI Spec v6.0, the UEFI Spec v2.5, and Self-Certification Test (SCT v2.4B today.

PI Spec v1.4 changes:
* Graphics PPI: Launches graphics subsystem and memory controller in the PI layer, providing access to various operating systems including those that do not require full UEFI conformance.
* Multi-processor PPI: Initializes processors in the PI layer, creating a prime environment for parallelization, giving the system full use of multi-processor machines.
* Capsule PPI: Discovers operating-system-initiated firmware updates during run time and allows updates to be handled in the driver execution environment (DXE).
* No Execute Support: Protects firmware against compromised hypervisor or operating system firmware.

ACPI Spec v6.0 changes:
* CPU Topology Recognition: Identifies different CPU topologies, enabling finer control of SoCs—thereby improving power efficiency.
* Source Language Evolution: Introduces high-level language including symbolic operations and expressions for intuitive programming.

UEFI Spec v2.5 changes:
* Boot From HTTP: Provides an improved UEFI replacement for iPXE.
* Platform Recovery: Explicitly defines standard (non-emergency) boot options as well as OS and platform firmware recovery options for when the system boot fails.
* Connectivity Support: Supports Bluetooth® technology and Wi-Fi/EAP2.
* High Assurance Enterprise Replacement: Allows automated platform deployment for higher security Secure Boot configurations.

Read the full press release here:
http://www.uefi.org/node/897

Click to access UEFI%20Memory%20Specs%20Release%20Final_Apr%2030.pdf