UEFI UDK2017 pre-release available

Brian Richardson of Intel announced a pre-release of UDK2017, a snapshot of the Tianocore.org EDK2 trunk code matching a set of UEFI.org specs.

Information on UDK2017, the next stable snapshot release of EDK II, is available on the TianoCore wiki.

From the release page on the wiki, here’s the list of

UDK2017 Key Features
    Industry Standards & Public Specifications
        UEFI 2.6
        UEFI PI 1.4a
        UEFI Shell 2.2
        SMBIOS 3.1.1
        Intel® 64 and IA-32 Architectures Software Developer Manuals
    Storage Technologies
        RAM Disk (UEFI 2.6, Section 12.17, RAM Disk Protocol)
        GCC 5.x
    OpenSSL 1.1.0
    Adapter Information Protocol
    Regular Expression Protocol
    Signed Capsule Update
    Signed Recovery Images
    SMM Communication Buffer Protections
    STM Launch
    Memory Allocation/Free Profiler
    NX Page Protection in DXE
    LZMA Compression 16.04
    Brotli Compression
    MP Init Library


More info:

Shell script for Laszlo’s SMM test environment article

Laszlo Ersek of Red Hat wrote a wiki article on tianocore.org[1], showing how to setup the EDK2 with QEMU/OVMF for testing SMM code using Fedora.

Recently, Alex Floyd of PreOS Security wrote a shell script to codify this wiki article[2].

Laszlo’s wiki is dense, I expect this script will be useful for some UEFI firmware engineers and security researchers.

According to Alex, “some things needed tweaking to get to work, and the Windows portion of the tutorial is not included in the script.”

[1] https://github.com/tianocore/tianocore.github.io/wiki/Testing-SMM-with-QEMU,-KVM-and-libvirt

[2] https://github.com/gencymex/smmtestbuildscript


Tianocore gets Brotli compression support

BinX Song of Intel has submitted a patch to EDK2 with support for Google’s Brotli compression algorithm.

[PATCH 0/4] MdeModulePkg/BaseTools: Add Brotli algorithm support

Brotli algorithm has a little less compress ratio than Lzma, but has better decompress performance than it.  Add Brotli algorithm support, include Brotli decompression library and tool set.

Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression.

More info:

Tianocore patch to increase memory protection

Ard Biesheuvel of Linaro submitted a V2 5-part patch to the EDK2 project, to harden UEFI more!

This is a proof of concept implementation that removes all executable permissions from writable memory regions, which greatly enhances security. It is based on Jiewen’s recent work, which is a step in the right direction, but still leaves most of memory exploitable due to the default R+W+X permissions. The idea is that the implementation of the CPU arch protocol goes over the memory map and removes exec permissions from all regions that are not already marked as ‘code. This requires some preparatory work to ensure that the DxeCore itself is covered by a BootServicesCode region, not a BootServicesData region. Exec permissions are re-granted selectively, when the PE/COFF loader allocates the space for it. Combined with Jiewen’s code/data split, this removes all RWX mapped regions.

Changes since v1:
– allocate code pages for PE/COFF images in PeiCore, so that DxeCore pages have the expected memory type (as suggested by Jiewen)
– add patch to inhibit page table updates while syncing the GCD memory space map with the page tables
– add PCD to set memory protection policy, which allows the policy for reserved and ACPI/NVS memory to be configured separately
– move attribute manipulation into DxeCore page allocation code: this way, we should be able to solve the EBC case by allocating BootServicesCode pool memory explicitly.

More info:

EDK2 test harness

Michael Kinney of Intel has created an edk2-test branch, to focus on testing!

I am creating a new branch in edk2-staging called edk2-test. The purpose of this branch is to develop a test harness, test case SDK, and library of test cases that can be used as part of edk2 validation. The initial version of this test harness is compatible with binary releases of the PI SCTs and UEFI SCTs, are native edk2 packages with no dependencies on the EdkCompatibilityPkg, and the test harness runs using the latest version of the UEFI Shell. 

Additional work items:
* Update to take advantage of latest edk2 features/libraries.
* Update for all supported CPU types
* Update for all supported compilers
* Review initial test harness features and determine what features should be dropped and what new features should be added.
* Determine where the test harness, test case SDK, and test cases should live once the initial functional and quality criteria are met.  Could be packages in the edk2 repo or packages in a new edk2-test repo.  Other options???
* Resolve compatibility issues with binary releases of the PI SCTs and UEFI SCTs.
* Update test harness to support PEI tests
* Update test harness to support Runtime tests
* Update test harness to support SMM tests
* Optimize performance of the test harness and tests.

More info:

Changes in Tianocore’s UEFI HTTP[S] Boot

After UEFI HTTP Boot was added to spec, HTTP support was added to the public Tianocore EDK2 tree. But initially there was no HTTPS support. Fast forward through a bunch of other branches and work, and now it looks like there’s nearly ready to have HTTPS in the EDK2 tree, given below patch. If you are using UEFI HTTP Boot withOUT httpS support, ask your vendor for an update!

Subject:     [edk2] [Patch 0/2] Enable the HTTP switch
If the value of PcdHttpEnable is TRUE, HTTP is enabled. Both the “http://” and “https://” schemes are acceptable. Otherwise, HTTP is disabled. The “http://” scheme will be denied.

More info:

Tianocore updates Security Advisories

Previously, the advisories were in PDF format. There were 2 advisories, each PDF contained a number (19?, I forget) of issues. Now, they’ve moved to Github-hosted content using Gitbooks.

I’ve not yet checked if there are any NEW advisories in the new content.


UEFI Capsule-Update and Recovery

On the EDK2-Devel mailing list, Michael Kinney of Intel has started a new EDK2 wiki page on UEFI Capsule-Based-Firmware Update/Recovery. Capsule Updates are how UEFI-based firmware updates itself.

Draft of documentation for Signed Capsule Feature:
I have started a draft of Wiki pages that describe how to use and verify the Signed Capsule feature from Jiewen Yao. I have focused this first draft on the system firmware update use case for signed capsules. Please review this content and provide feedback. I will work on the remaining 3 signed capsule use cases while the content for this fist use case is reviewed. I plan to add this content to the edk2 Wiki once the reviews are completed.




New UEFI patch that Enables SMM page level protection.

Jiewen Yao of Intel submitted a 6-part patch to Tianocore which adds SMM security. It appears it is the first version of the patch.

This series patch enables SMM page level protection. Features are:
1) PiSmmCore reports SMM PE image code/data information in EdkiiPiSmmMemoryAttributeTable, if the SMM image is page aligned.
2) PiSmmCpu consumes EdkiiPiSmmMemoryAttributeTable and set XD for data page and RO for code page.
3) PiSmmCpu enables Static Paging for X64 according to PcdCpuSmmStaticPageTable. If it is true, 1G paging for above 4G is used as long as it is supported.
4) PiSmmCpu sets importance data structure to be read only, such as Gdt, Idt, SmmEntrypoint, and PageTable itself.

tested platform:
1) Intel internal platform (X64).
2) EDKII Quark IA32
3) EDKII Vlv2  X64
4) EDKII OVMF IA32 and IA32X64.

  MdeModulePkg/Include: Add PiSmmMemoryAttributesTable.h
  MdeModulePkg/dec: Add gEdkiiPiSmmMemoryAttributesTableGuid.
  MdeModulePkg/PiSmmCore: Add MemoryAttributes support.
  UefiCpuPkg/dec: Add PcdCpuSmmStaticPageTable.
  UefiCpuPkg/PiSmmCpuDxeSmm: Add paging protection.
  QuarkPlatformPkg/dsc: enable Smm paging protection.
 36 files changed, 4513 insertions(+), 798 deletions(-)

For more information, see the posting on the edk2-devel list:

video of Brian’s Tianocore Linaro Connect presentation

Brian Richardson of Intel recently gave a presentation at ARM Ltd’s Linaro Connect on the subject of UEFI. Intel started UEFI but in recent years ARM is also using UEFI.

new EDK2-Bugs mailing list and Tianocore bugzilla server

On the EDK2-Devel list, Mike Kenney of Intel announced the creation of the Tianocore Bugzilla Server, and the new EDK2-bugs mailing list, which tracks changes to the bug database. The Tianocore project is going to migrate from the Github bug database to their own Bugzilla-based one. The announcement mentions a special case for UEFI security issues:

There is one special Product type on the Bugzilla server called “Tianocore Security Issues”.  If you believe you have discovered a security issue, then you must enter the issue using the “Tianocore Security Issues” Product.  The issue will be evaluated to determine if it really is a security issue or not. NOTE: Never any security issue details in email.

For full details, see Mike’s post:

More info:

Hmm, No posts yet to the new list, at least nothing has been archived, yet there are 39 bugs in the database, I would have expected at least 39 posts in the archives…. The Tianocore Security Advisory list never seemed to work. The Intel Security Advisories list never seemed to work. Let’s hope the EDK2-bugs list works…

EDK2 issue tracking

The Tianocore project, the open source subset of the UEFI Forum’s private UEFI implementation, is talking about getting an issue tracking system:

Excerpting from the initial thread on the topic:

The built-in issue tracking system that comes with GitHub isn’t sufficient to satisfy a key requirement.  There needs to be support for multiple Tianocore-related programs.  As you know Intel has a system today that’s internal to Intel where we track issues.  That does not meet the needs of the community.  And to help improve transparency, and better engage with the community I’m driving the discussion and bring up of a bug tracking system. The goal is to have one operational by March 21, 2016 (WW13).  We’re 6 weeks and counting from that deadline.  I’m interested in community feedback, gathering requirements, and feedback on proposals for which system to use. We’re going to transform issue tracking on Tianocore a transparent, community driven behavior. Key requirements for the system include (but not limited to):
* OSS (does not have to be free)
* Ability to bulk import/export databases, data (CSV)
* Secure, ability to shield sensitive issues
* Group credential management
* Supports mobile views (phone/tablet)
* Ability to generate reports
* Can be used to generate quick tasks for community members (e.g. Find a Task)
* Integrate with GitHub

Speak up if you have input. More info:

(I’m hoping they also going to spend some time spend some time updating the Tianocore Security Advisories. They have only done 2 of them, and it has been over a year since those have been published. I expect there are a few Tianocore issues that are merit security advisories, but nobody is spending time to publish new advisories.)

Tony Mangefeste, new Tianocore community manager

Tony Mangefeste of Intel is the new “Community Technology Lead, Tianocore Community Manager”. Yesterday he posted a message to the edk2-devel mailing list with an introduction. Two excerpts:

“I’m your new Tianocore community manager. As best as I can tell, no one has had this role, and I’m the first. And I’m thrilled to have the opportunity to help Tianocore evolve into an awesome-er OSS program.”

“What’s going to change with Tianocore? I hope much positive change will come. More details will follow in the coming weeks. As many of you know, several of our members (led by Erik, Jordan) have been leading the efforts to move to GitHub.  That’s just the tip of the iceberg of improvements that are coming.  If there are barriers to contribution levels, I want to help knock those down.  If we can’t knock them down, I want to navigate around them.”

Full post:

He has just created new Tianocore feeds on Twitter and Google+:

I noticed a non-ISO-licensed tree in the new Github tree, which may be helpful for Linux, a home non-BSD FOSS code. I hope Tianocore appropriately encourages and maintains this in conjunction with the BSD tree. I hope that in addition to Twitter and Google+ posts, the community manager helps with communinty-led questions about Tianocore, like the FW_OS_Forum. So far this list does not appear to useful for community. It’d be great to see UEFI Forum and it’s members generate a GSoC for Tianocore, most than just maintaining a wishlist of projects on their wiki. I’d like to see more work with UEFI team with coreboot and U-Boot projects using EFI as a payload. I really wish UEFI forum was a bit more open in their events. Right now events are only for members, and the only public events are ‘developer roadshow’-style groomed subset talks. Anyway, enough of me wondering about how Tianocore could do community better. If you have some ideas, contact Tony.

Tianocore transitioned to Github

Jordan Justen of Intel announced the transition of the Tianocore EDK2 project from Sourceforge to Github. Transition began Friday February 2nd and is apparently now complete. It is a big deal when a large codebase moved to another version control system… excerpting Jordan’s status message:
And, for months, quite a few people at Intel have been working behind the scenes to get everything ready for the transition. Thanks!

Merry EDK II Git Day!

More information:

Note there is also an #edk2 channel on OTFC, http://www.oftc.net/


Tianocore moving to Github


“This message is to notify you that near the end of January 2016 the active repository for EDK2 development will switch from using SourceForge to GitHub. The repository found at SourceForge will continue to be a read-only mirror of the master branch on GitHub. […] As part of this change a number of process changes will be adopted to support better use of git. This includes the method for sending out patches for review and other minor changes. […] “

Full article:


Updated UEFI training from Intel SSG

It appears there are a few new files on Tianocore.org, beyond latest EDK-II trunk source changes.

Intel has a multi-day training course for (presumably) Intel employees and partners. Intel releases the presentations and lab workshop materials for the course for public access, as part of the Tianocore project, and updates it periodically. And they recently updated it again, grab the 2 files at the top of the list, with recent dates. I just downloaded it, unsure what is new in the labs yet…

Also see updated versions of the online presentations here:

I think this page may be slightly out-of-date for the moment:

As for other updates to tianocore/EDK2, the EDK-II C Coding Conventions have been revised:

I usually find it is best to find fresh Tianocore files by looking at these two locations first:

UEFI 2.5 Platform Recovery feature appearing in Tianocore

Ruiyu Ni of Intel has posted an 12-part patch addding UEFI 2.5’s Platform Recovery feature to the public Tianocore EDK2 trunk.

Amongst the features of UEFI 2.5, the last public release of UEFI from the UEFI Forum, was #1227 “UEFI.Next feature – Platform recovery“. Load up the multi-thousand page UEFI 2.5 specification, with a PDF viewer with good search abilities, to find all the locations in the spec which Platform Recovery impacts. A good place to start would be around page 119, the OsRecovery#### and PlatformRecovery#### variables that’re new to UEFI 2.5.

Given that the patch includes a question from Intel asked HP:  “Could you please check my patch to see whether it can meet your real requirement?“, it appears that HP already has an existing implementation of this, perhaps already publicly available, probably separate from the Tianocore implementation, like they did with HTTP Boot. I’m not sure of other vendors with existing UEFI 2.5 Platform Recovery support.

Given UEFI capsule updates can add new features, your next firmware update may include this feature; is your organization ready to deal with UEFI 2.5 Platform Recovery support appearing in the near future? I’m not ready. I don’t understand what this feature really means, in terms of system impact. Earlier (not in this patch), there was a LOT of new code dealing with recovery in drivers. I don’t now know how to test this feature yet in Tianocore. Are there any new tools involved with this feature, for sysadmins to use? How do I test if this feature is working in a specific driver, or in the entire system? Where are some test scripts that exercise the feature? If someone has any more pointers to using this new feature, please add a Comment to this post (see left), thanks!

Subject: [Patch 00/11] Add Platform Recovery support

OS Recovery will be added later.

Ruiyu Ni (11):
  MdePkg: Add Platform Recovery definitions.
  MdeModulePkg: Add Bm prefix for internal functions
  MdeModulePkg: Use BmCharToUint in BmIsKeyOptionVariable
  MdeModulePkg: Use BM_OPTION_NAME_LEN instead of sizeof L”Boot####”
  MdeModulePkg: Use BmForEachVariable to collect all key options
  MdeModulePkg: Support to expand File device path
  MdeModulePkg: Add Platform recovery support
  MdeModulePkg: Add missing PrintLib to BdsDxe.inf
  MdeModulePkg: Use UefiSpec.h defined macro to replace L”xxx” string
  MdeModulePkg: Add PlatformRecovery#### pointing to default file path
  MdeModulePkg: Enable PlatformRecovery in BdsDxe driver

 MdeModulePkg/Include/Library/UefiBootManagerLib.h  |   1 +
 MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c   |  76 ++++
 MdeModulePkg/Library/UefiBootManagerLib/BmHotkey.c | 181 +++++—-
 …/Library/UefiBootManagerLib/BmLoadOption.c      | 155 +++++–
 MdeModulePkg/Library/UefiBootManagerLib/BmMisc.c   |  26 ++
 …/Library/UefiBootManagerLib/InternalBm.h        |  30 +-
 …/UefiBootManagerLib/UefiBootManagerLib.inf      |   1 +
 MdeModulePkg/Universal/BdsDxe/Bds.h                |   3 –
 MdeModulePkg/Universal/BdsDxe/BdsDxe.inf           |   1 +
 MdeModulePkg/Universal/BdsDxe/BdsEntry.c           | 447 ++++++—————
 MdePkg/Include/Uefi/UefiSpec.h                     |   1 +
 11 files changed, 474 insertions(+), 448 deletions(-)

More Information:

Another UEFI Hello World sample project

There’s a new hello world sample on using UEFI on Github, MyPkg by KurtQiao. The GPL-licensed sample code does a variety of things to experiment with UEFI:

* AHCI: sample how to manipulate AHCI mmio issue HDD identify cmd and ODD eject cmd.
* ctest: a uefi sample import c language.
* HddId: sample how to identify HDD data,support both AHCI and IDE mode.
* HiiMenu: sample how to use uefi HII.
* bootmgr: sample to manipulate UEFI variables, show/set BootOrder, show Boot####, BootCurrent.
* GPT: sample to read disk LBA1 to check GPT signature.
* 2048: small game in UEFI shell
* pwcyle utility that shutdown and RTC wakeup, support both DOS version and UEFI version, by different build.

This is a good starting point for UEFI beginners to start learning about UEFI, beyond just working with the single hello world app in Tianocore, and the rest of the live implementation code. It is similar to the “Bare Metal Examples” project, in this regard. As well, the Intel SSG UEFI training courseware lab samples are also good for this, though mostly targetting an IHV/OEM audience.