In case you missed Vincent Zimmer of Intel speaking at CanSecWest back in March 2015, it gives a good overview of UEFI security technologies.
“UEFI, Open Platforms and the Defender’s Dillema”
I am reminded of this talk, since we just got Vincent to reprise this talk today at BlackLodgeResearch.org, at the monthly DC206 Meeting, which was also the meeting of the Pacific NorthWest FirmWare Hackers (PNWFWH). Vincent was a guest speaker and spoke on UEFI security for a while, mostly QA w/o slides.
I also gave a talk, on UEFI security tools (CHIPSEC, UEFItool, UEFI Firmware Parser, BIOS Diff, BIOS Extract, LUV-live, FWTS, etc.). I’ll cleanup the slides and post them on this blog shortly. Our scheduled lab was a bit flat, due to 2x the presentations, and a BLR-hosted BBQ, and the interest in listening to the QA with Vincent, and the miserable heat. But some of the attendees had already gotten LUV-live working on their systems, and had learned to dump ROMs, which is the first step.
Vincent also helped me understand the UEFI 2.5 feature list, I’ll be working on more blog posts with spec/source and other info on these ~63 items in some upcoming blog posts.