Microsoft Azure seeks senior UEFI engineer

Senior UEFI / FW Development Engineer – CSI / Azure – Cloud Server Infrastructure

The Azure Cloud Server Infrastructure development team (CSI) is seeking a talented FW development engineer with UEFI based BIOS/FW development experience. Candidate will be a member of the MSFT Azure CSI/UEFI FW team and will be responsible for design and development of UEFI FW solutions for MSFT Cloud Platforms. The Senior BIOS/Firmware Developer candidate must have relevant industry experience in the development of UEFI firmware solutions. Candidate must demonstrate skills and experiences from early planning/concept architecture, platform bring-up, UEFI FW features development, board manufacturing support and field issues debug/servicing support.[…]




TCG announces DICE Architecture


Trusted Computing Group has released the Device Identifier Composition Engine (DICE) Architecture for securing resource-constrained devices that make up the Internet of Things. The DICE Architecture provides critical security and privacy benefits to IoT and embedded systems where traditional Trusted Platform Modules (TPM) may be impractical, while also enabling support for those devices with a TPM for additional security benefits. Security capabilities this new approach enables include strong device identity, attestation of device firmware and security policy, and safe deployment and verification of software updates, which often are a source of malware and other attacks. The DICE Architecture, with its hardware root of trust for measurement, breaks up the boot process into layers, and creates unique secrets and a measure of integrity for each layer. This means if malware is present, the device is automatically re-keyed and secrets are protected. […]




Android 8.0 and Project Treble



“The Android 8.0 release includes Project Treble, a major re-architect of the Android OS framework designed to make it easier, faster, and less costly for manufacturers to update devices to a new version of Android. Treble is for all new devices launching with Android 8.0 and beyond (the new architecture is already running on the Developer Preview for Pixel phones).[…]”


UefiToolsPkg: making UEFI more useful to system hackers

Andrei Warkentin has created UefiToolsPkg, readme excerpt below:

This is a Tiano Core (edk2) package with various goodies. The goal was to make the UEFI environment much more useful to system hackers. It may be a reduced environment, but there’s no need for it to remain a crippled one. People make the analogy of UEFI being the 21st century equivalent of DOS, yet DOS was a vastly more useful environment than UEFI is today. Hopefully, one day this will grow into a veritable distribution of software to be productive even without a “real OS” around. Contains: Useful utilities for developers and admins,Ported UNIX tools, Useful libraries for developers, Development tools for Windows/Linux, Other tools around the Web.

FdtDump: dump system device tree to storage
AcpiDump: dump system ACPI tables to storage
AcpiLoader: load system ACPI tables from storage
ShellPlatVars: set UEFI Shell variables based on platform configuration
MemResv: create new memory map entries
RangeIsMapped: validates ranges in the memory map
GopTool: Check and manipulate EFI_GRAPHICS_OUTPUT_PROTOCOL instances
tinycc: port of TinyCC to UEFI

There’s at least one other UEFI ‘distribution’ project on Github, mostly non-usable, I forget the name at the moment.  If I had some spare time, I’ve been wanting to do something like this, still looking to find the spare time… 😦 The next logical step is to include FPMurphy’s UEFI Utilities:



Linux IoT and secure firmware updates

Identifying secure firmware update mechanisms for embedded Linux devices and open source options
September 15, 2017
Alex Gonzalez
[…]With regards to embedded devices, the firmware update mechanism must be not only secure, but also reliable in that it either succeeds in the update or fails to a recoverable state. In no way should the software update brick a device, and it should be able to happen unattended. Most updates must also preserve the previous device state, although on some occasions recovering a device could involve resetting to a default state.[…]




IDA Pro 7.0 released