The Cloud Server Infrastructure Firmware Development (CSI-FW) team is responsible for server hardware definition, design and development of Server and Rack Infrastructure engineering for Microsoft’s online services.
This role will be for a highly-motivated Firmware Engineer with a solid background in embedded system design using embedded Linux.
* 5+ years professional experience in one or many of: designing, developing embedded solutions using ARM SoCs and Linux, extensive u-boot customization, Linux kernel internals and adding new hardware drivers.
* 2+ years proven and demonstrable programming skill in C/C++ for resource constrained embedded platforms.
* Experience with debugging tools such as JTAG, oscilloscopes and bus analyzers.
Senior UEFI / FW Development Engineer – CSI / Azure – Cloud Server Infrastructure
The Azure Cloud Server Infrastructure development team (CSI) is seeking a talented FW development engineer with UEFI based BIOS/FW development experience. Candidate will be a member of the MSFT Azure CSI/UEFI FW team and will be responsible for design and development of UEFI FW solutions for MSFT Cloud Platforms. The Senior BIOS/Firmware Developer candidate must have relevant industry experience in the development of UEFI firmware solutions. Candidate must demonstrate skills and experiences from early planning/concept architecture, platform bring-up, UEFI FW features development, board manufacturing support and field issues debug/servicing support.[…]
“This Windows PowerShell script can be used in an SCCM task sequence to see if WinPE was booted in UEFI or BIOS mode.”
[…]With Azure confidential computing, we’re developing a platform that enable developers to take advantage of different TEEs without having to change their code. Initially we support two TEEs, Virtual Secure Mode and Intel SGX. Virtual Secure Mode (VSM) is a software-based TEE that’s implemented by Hyper-V in Windows 10 and Windows Server 2016. Hyper-V prevents administrator code running on the computer or server, as well as local administrators and cloud service administrators from viewing the contents of the VSM enclave or modifying its execution. We’re also offering hardware-based Intel SGX TEE with the first SGX-capable servers in the public cloud. Customers that want their trust model to not include Azure or Microsoft at all can leverage SGX TEEs. We’re working with Intel and other hardware and software partners to develop additional TEEs and will support them as they become available.[…]
Here’s authoritative information from Jeremiah Cox of Microsoft:
Someone at Microsoft: please write a Technical Support KB article based on Jeremiah’s tweets.
Microsoft added some new UEFI protections to Windows, but it is not well-documented, so the firmware security researcher community is guessing at what it does: