SeaBIOS 1.12.0 released

Kevin O’Connor announced release 1.12.0 of SeaBIOS:

New in this release:
* Initial support for “TPM CRB” hardware
* Improved cdrom media reporting in the boot menu on QEMU
* Improved floppy support on real floppy hardware
* SeaVGABIOS support for QEMU “bochs-display” and QEMU “ramfb” displays
* Several bug fixes and code cleanups

more info about this release:

Linux Unattended Installation – Tools to create an unattended installation of a minimal setup of Linux

This project provides all you need to create an unattended installation of a minimal setup of Linux, whereas minimal translates to the most lightweight setup – including an OpenSSH service and Python – which you can derive from the standard installer of a Linux distribution. The idea is, you will do all further deployment of your configurations and services with the help of Ansible or similar tools once you completed the minimal setup. Use the script to create an ISO file based on the netsetup image of Ubuntu. Use the script to create a cloneable preinstalled disk image based on the output of […]UEFI and BIOS mode supported.[…]


Two guys, one laptop (hacking a Toshiba BIOS laptop)

This is a great story about hacking a BIOS-level locked Toshiba laptop. There will be plenty of hardware hacking, reverse engineering and perseverance. And some crypto as well.[…] The whole process took 3 years – but the actual work took about 2 weeks, the rest was Michał waiting for Sergiusz to dump the chips. They reported their findings to Toshiba, which promised to deliver updates and change the encryption scheme.[…]


FireEye: BIOS Boots What? Finding Evil in Boot Code at Scale

Malware continues to take advantage of a legacy component of modern systems designed in the 1980s. Despite the cyber threat landscape continuing to evolve at an ever-increasing pace, the exploitation of the classic BIOS boot process is still very much a threat to enterprises around the world. Furthermore, since malware that tampers with the boot process (aka bootkits) execute before the operating system, such compromises often persist even after incident responders think the incident has been remediated. This post details the challenges FireEye faced examining boot records at scale and our solution to find evil boot records in large enterprise networks.[…]


UEFI_Basic: A BASIC programming language interpreter for UEFI

In the olde days of the early Personal Computer, the BIOS-based firmware’s default bootloader would be a resident BASIC interpreter REPL. Companies made money licensing that BASIC interpreter to vendors!

So a built-in default BASIC interpreter bootloader app was one feature that BIOS had which UEFI did not. ….until now (and this one is not closed-source):

A BASIC interpreter for UEFI.

BIOS and the IBM PC Technical Reference

Nice, another online source to this classic document. There are a few other sources online, if you search. If you’ve never read this book, it is a great read, with the source to the PC BIOS listed, a great way to learn assembly language.


Click to access IBM_5150_Technical_Reference_6025005_AUG81.pdf


NyanMBR: Nyancat in the MBR


There’s also a nyan for BIOS, not only the above UEFI one!


A 16 bit Nyan cat demo small enough to fit in the master boot record of a disk.


Writing simple BIOS bootloaders using NASM

The tutorial ends with a pointer to some BIOS interrupts. It should have mentioned Ralph Brown’s classic list.

memory loading

iPXE-Boot-Server: Setup iPXE to support both BIOS and UEFI

Step by step guide for how to build your own PXE boot server supporting both legacy BIOS and EFI hardare

Build your own PXE boot server

This article is a step by step guide for building your own PXE boot infrastructure which can be used to boot both legacy BIOS and EFI based hardware from network. There are many articles on the Internet for building PXE boot infrastructure however I found most of them does not work for EFI based hardware. I use iPXE as the boot image and dnsmasq as DHCP & TFTP server and I found it’s dead simple to setup those two software.




CheckBIOSDisk: Check uefi/legacy bios and gpt/mbr disk type for WinPE

This is a Win32 console application for Windows Preinstall Environment system. The gaol is checking PC uses UEFI BIOS (or with CSM) must ensures the disk type is GPT format, otherwise the legacy BIOS must using MBR format for disk layout. C++ code only does windows executing diskpart and reg commands and checks results to improve function, because requester is lazy and having lack knowledge on his job to design commands flow.

PS: Another tool by author:


Fruct20: UEFI BIOS and Intel ME attack vectors and vulnerabilities

UEFI BIOS and Intel Management Engine Attack Vectors and Vulnerabilities
Alexander Ogolyuk, Andrey Sheglov, Konstantin Sheglov
Saint Petersburg National Research University of Information Technologies, Mechanics and Optics
St. Petersburg, Russia

We describe principles and implementation details of UEFI BIOS attacks and vulnerabilities, suggesting the possible security enhancement approaches. We describe the hidden Intel Management Engine implementation details and possible consequences of its security possible discredit. Described breaches in UEFI and Intel Management Engine could possibly lead to the invention of “invulnerable” malicious applications. We highlight the base principles and actual state of Management Engine (which is a part of UEFI BIOS firmware) and its attack vectors using reverse engineering techniques.

From conclusion:
* Disable all SMM code (if possible by patching or other methods)
* Disable any external firmware components (PCI boot)
* Disable S3 Bootscript (after sleep mode)
* SMI transaction Monitor extensive usage (to find malicious SMI calls)
* Enable Secure Boot mode
* Enable BIOS password
* Extensive reverse engineering of vendor’s firmware samples to find and report vulnerabilities
* Code reviews (of open sourced UEFI based systems like Tiano-Core)

Click to access Ogo.pdf

Click to access Ogo.pdf

Click to access FRUCT20_Program.pdf

Intel seeks BIOS/UEFI Tools Developer

BIOS-UEFI Firmware Tools Engineer

As BIOS-UEFI Firmware Tools Engineer you will develop tools and scripts needed for build and test automation infrastructure that is the backbone of the the Continuous Integration process in Intel’s Data Center UEFI firmware BIOS team.[…]

PS: I need to figure out a way to get some swag/etc from jobs that’re filled via this blog. ;-(

PS: Intel HR: spaces in URLs is generally frowned upon.


DiskImageCreator: designed to help people attack the machine with a secure chain-of-trust boot process in UEFI BIOS

UPDATE: adding URL, which I forgot in original post:

DiskImageCreator : A python utility to process the input raw disk image and sign MBR/partitions with given corresponding keys.

Signing Tool for boot security validation.

This python utility is designed to provide a baseline for people who may be interested in attaching the machine with secure boot process built-in. The secure boot process is a customized chain-of-trust boot flow in UEFI BIOS. It will exam the target disk image(in MBR) and see if it is properly signed by the root key controlled by owner. This utility is to help owner to create a signed image with owner keys.

This tool is designed to help people attack the machine with a secure chain-of-trust boot process in UEFI BIOS.

AMI on Intel’s BIOS end-of-life announcement

Click to access Brian_Richardson_Intel_Final.pdf


The UEFI Forum likes to frame UEFI -vs- BIOS, and has a 3-5 Class heirarchy of those systems, including having to deal with UEFI systems that also provide BIOS via Compatibility Support Module (CSM), referring to BIOS as Legacy Mode. If you look at BIOS outside of the framing of the UEFI Forum, it is usually based security, and UEFI has some security where BIOS has none. But there’s another ‘class’: non-UEFI coreboot, optionally secured with Verified Boot, with a BIOS payload. UEFI Forum doesn’t include this in their Class heirarchy… AFAICT, the mainstream IBVs have given up on BIOS and migrated to UEFI. The only places where BIOS will probably remain are in Purism boxes, where they will use TPM+Heads to secure BIOS, or on Chrome boxes, where they will use coreboot Verified Boot to secure BIOS, or in SeaBIOS-based VMs. When Intel stops offering Intel’s implementation of BIOS, maybe this means that the remaining BIOS users will switch to the open source SeaBIOS project, which is great news. Getting rid of the complex class of dual UEFI/BIOS systems will be a joy. 🙂