Looks like some of the videos from the recent plugfest are now online, there’s at least one security video online available:
https://www.youtube.com/channel/UCNB_fDQLXM9lGLu9ODPAnKw
Tag Archives: UEFI Forum
Spring 2018 UEFI Forum plugfest presentations uploaded
* State of the UEFI – Mark Doran (UEFI Forum President)
* An Introduction to Platform Security – Brent Holtsclaw and John Loucaides (Intel)
* Firmware Security: Hot Topics to Watch – Dick Wilkins (Phoenix Technologies, Ltd.)
* UEFI Updates, Secure firmware and Secure Services on Arm – Dong Wei and Matteo Carlini (Arm)
* The State of ACPI Source Language (ASL) Programming – Erik Schmauss (Intel)
* Implementing MicroPython as a UEFI Test Framework – Chris McFarland (Intel)
* UEFI and the Security Development Lifecycle – Tim Lewis (Insyde)
* Attacking and Defending the Platform – Erik Bjorge and Maggie Jauregui (Intel)
* Microsoft Security Features and Firmware Configurations – Scott Anderson, Jeremiah Cox and Michael Anderson (Microsoft)
* Dynamic Tables Framework: A Step Towards Automatic Generation of Advanced Configuration and Power Interface (ACPI) & System Management BIOS (SMBIOS) Tables – Sami Mujawar (Arm)
* Microsoft Sample Code on GitHub and Walkthrough on Firmware Updates to Windows Update (WU) – Bret Barkelew, Keith Kepler, and Michael Anderson (Microsoft)
* Embedded Development Kit 2 (EDK2): Platforms Overview – Leif Lindholm (Linaro)
* Enabling Advanced NVMe Features Through UEFI – Zachary Bobroff (AMI)
https://uefi.blogspot.com/2018/04/spring-2018-uefi-plugfest-presentations.html
http://www.uefi.org/learning_center/presentationsandvideos
I expect videos on Youtube shortly after PDFs have become available.
Tianocore releases UDK2018
Tianocore, not the UEFI Forum, has released UDK2018, the latest UEFI Dev Kit, a snapshot of the EDK-II, tied to particular revision of the specs.
https://github.com/tianocore/tianocore.github.io/wiki/UDK2018-Core-Update-Notes
https://github.com/tianocore/tianocore.github.io/wiki/UDK2018-Key-Features
https://github.com/tianocore/tianocore.github.io/wiki/UDK2018
https://github.com/tianocore/edk2/releases/tag/vUDK2018
https://github.com/tianocore-docs/Docs/blob/master/UDK/UDK2018/SecurityPkgNotes.md
Richard Wilkins of Phoenix on UEFI-based IoT security (and rant on firmware diversity)
Richard Wilkins of Phoenix Technologies has an article in Embedded Computing about UEFI-based IoT security:
[…]This article is focused on system startup/firmware and the potential security problems for IoT devices in that space. And most important, what to do about them.[…]
http://www.embedded-computing.com/articles/firmware-security-for-iot-devices
PS: RANT… for some reason, one sentence jumped out at me:
“So why isn’t everyone using UEFI firmware? If the UEFI architecture provides the “solution” to these security threats, why isn’t everyone using it?”
I think the answer: UEFI is *A* solution, there are other solutions. Coreboot with Heads is another solution. Coreboot with Verified Boot is another solution. Using TXT and TPM measurements are other layers. Hypervisors/TEEs/SEEs are another layer. Separate security processors are another way. What is the right way, why isn’t everyone using one way? While I am a UEFI Forum member, I don’t think UEFI everyone should be using it. I welcome firmware diversity. 🙂 IMO, there are multiple implementations of signed code, signed updates, and a signed boot-up process, controlled by multiple (not a single) organization. I’m still hoping to see some professor gets a grad student to write a report doing a proper comparision of the various modern firmware security implementations’ strengths, so someone can start to make a reasonale decision as to which firmware security architecture is the solution for them.
UEFI Forum Spring 2018 plugfest agenda
The UEFI Plugfest is in Seattle later this month.
I guess I missed the CFP, as the agenda is now available… 😦
* Intel: An Introduction to Platform Security
* Phoenix: TBD
* Arm:UEFI Updates, Secure Firmware and Secure Services on Arm
* Intel: The State of ASL Programming
* Intel: Implementing MicroPython in UEFI
* Insyde Software: UEFI and the Security Development Lifecycle
* Intel: Attacking and Defending the Platform
* Microsoft: Microsoft Security Features and Firmware Configurations
* Arm: Dynamic Tables Framework: A Step Towards Automatic Generation of ACPI & SMBIOS Tables
* Microsoft: Microsoft Sample Code on GitHub and Walkthrough on Firmware Updates and WU
* Linaro: Edk2-Platforms Overview
* AMI: Enabling Advanced NVMe Features Through UEFI
New ACPI IDs for November: Nexstgo and Insyde
Here’s the list of new ACPI specs for 2017 (so far), 2 new entries in November, first update since Summer:
Company ACPI ID Approved on Date
VR Technology Holdings Limited 3GVR 01/19/2017
Exar Corporation EXAR 02/28/2017
Coreboot Project BOOT 02/28/2017
Marvell Technology Group Ltd. MRVL 05/25/2017
IHSE GmbH IHSE 06/22/2017
Insyde Software INSY 11/10/2017
Nexstgo Company Limited NXGO 11/13/2017
http://www.uefi.org/acpi_id_list
http://www.uefi.org/uefi-acpi-export (XLS download)
For the 2 new entries, I can’t find any data on what their ACPI tables do, nor where their specs are:
http://www.nexstgo.com/
http://www.catalog.update.microsoft.com/ScopedViewInline.aspx?updateid=1724ebc5-cbbf-407f-a4da-c3b769f88690
It is a shame that the spreadsheet doesn’t have a column with more useful info, eg: URL to the vendor’s spec, perhaps which HW/OS it is valid for, which version of ACPI it requires, flag if table has FWTS test, license of vendor’s spec (eg, click-through EULA required for some ARM/MSFT/TCG docs), etc.
Fall UEFI plugfest presentations uploaded
Fall 2017 UEFI Plugfest – October 30-November 3, 2017
State of the UEFI – Mark Doran (UEFI Forum President)
UEFI Security Response Team (USRT) – Dick Wilkins (UEFI Forum)
“Last Mile” Barriers to Removing Legacy BIOS – Brian Richardson (Intel)
UEFI Firmware Security Concerns and Best Practices – Dick Wilkins (Phoenix)
Strategies for Stronger Software SMI Security in UEFI Firmware – Tim Lewis (Insyde)
UEFI in Arm Platform Architecture – Dong Wei (ARM)
Self-Certification Tests (SCTs) in UEFI World – Eric Jin (Intel) and Alex Hung (Canonical)
Firmware Test Suite -Uses, Development, Contribution and GPL – Alex Hung (Canonical)
Near Field Communication (NFC) and UEFI – Tony Lo (AMI)
EDK2 Platforms Overview – Leif Lindholm (Linaro)
UEFI Manageability and REST Services – Abner Chang (HPE) and Ting Ye (Intel)
