https://github.com/tianocore/tianocore.github.io/wiki/UEFI-Driver-Writer’s-Guide
https://edk2-docs.gitbooks.io/edk-ii-uefi-driver-writer-s-guide/
Tag: UEFI
What You Don’t Know about Firmware Might Get You ∅wn3d
Brian Richardson of Intel has an article on firmware security. It even mentions CHIPSEC and NIST 147!
UEFI-Dev-x86: Docker/QEMU-based UEFI app dev environment
Re-usable UEFI app development testbed. Once in the shell type “FS0:” and then “main.efi”. Requires Docker.
UDK2018-UEFI-Shell: UDK2018 stripped down to shell build
Windows-centric.
UDK2018 stripped down to shell build with VS2017
https://github.com/JoaquinConoBolillo/UDK2018-UEFI-Shell
Related new project by same author:
fTPM-based-UEFI-remote-attestation: fTPM-based UEFI remote attestation (duh)
Zero documentation at this point:
https://github.com/Hecmay/fTPM-based-UEFI-remote-attestation
HorseEFI: small and simple UEFI SDK, provides the most common protocols and a small library
Windows-centric project. Quoting all of the documentation, for anything else, see the sources:
“A Small and simple UEFI SDK which provides the most common protocols and a small library (printf etc)”
Visual-ANSI-C-for-UEFI-Shell: create and debug ANSI C UEFI Shell apps using Visual Studio 2017
uefi.tech: list of UEFI tools and resources
EFI-CI: Red Hat team’s build CI for EFI-related tools
This repo contains the tools to build images to run CI for the Red Hat bootloader team’s EFI tools. This build includes all of the dependencies of the build as well as the testing infrastructure, to minimize the time spent per Travis build. Each repo has a .travis.yml will install this docker image, fetch and build any prerequisites, and build that repo using whatever branch travis specifies.
uefi.tech mirroring uefi.org’s fw_os_forum mailing list postings
[[UPDATE: It appears uefi.tech has changed their policy regarding scraping list postings. They have updated their site.]]
Re: https://firmwaresecurity.com/2018/04/09/new-uefi-centric-web-site-uefi-tech-uefitech/
I don’t know who is behind this new UEFI web site. The site is scraping postings from the UEFI Forum’s public mailing list, FW_OS_Forum and adding them to their web board, automatically adding the poster to their site, making it look like people who are posting to the FW_OS_Forum list are also posting on the uefi.tech forum.
For example:
http://lists.mailman.uefi.org/pipermail/fw_os_forum/20180409/000068.html
http://www.uefi.tech/viewtopic.php?f=9&t=11&p=67&sid=cfcbd9ed0310915eaf2e397f1b978e8f#p67
EFI-Undervolt: EFI boot loader which undervolts or overclocks a CPU before starting the OS
https://github.com/johkra/efi-undervolt
Microsoft-centric:
#define LOADER L“\\EFI\\Microsoft\\Boot\\bootmgfw.efi“
radare-uefi: helper radare2 script to analyze UEFI firmware modules
New UEFI-centric web site: uefi.tech (@uefitech)
Unclear who created this site, but if you are looking for UEFI resources here is a new web site:
There’s even a ‘web board’ on Firmware Security:
http://www.uefi.tech/viewforum.php?f=7&sid=368672e20c14a5429658f2c541f594c4
This is a peroiodic reminder that any link I point to may not be secure, use proper online security when accessing any new resource.
Intel seeks BIOS/UEFI Tools Developer
BIOS-UEFI Firmware Tools Engineer
As BIOS-UEFI Firmware Tools Engineer you will develop tools and scripts needed for build and test automation infrastructure that is the backbone of the the Continuous Integration process in Intel’s Data Center UEFI firmware BIOS team.[…]
https://jobs.intel.com/ShowJob/Id/1573600/BIOS%20UEFI%20Firmware%20Tools%20Engineer
PS: I need to figure out a way to get some swag/etc from jobs that’re filled via this blog. ;-(
PS: Intel HR: spaces in URLs is generally frowned upon.
WinMagic on Microsoft Pre-Boot Full Disk Encryption Authentication
WinMagic makes full-disk encryption products, including a UEFI one, which the UEFI CA (Microsoft) signs, AFAIK.
Is Microsoft really claiming Pre-Boot Authentication for Full Disk Encryption is not necessary?[…]To summarize, Microsoft has got this one wrong. The fault in their logic is thinking that PBA is limited to protection against memory attacks AFTER automatically unlocking the drive. They missed the whole point of PBA, which is to prevent anything being read from the drive, such as the operating system BEFORE the user has confirmed they have the correct password or other credentials. PBA is a necessary component of a FDE solution in order to fully achieve the confidentiality (and compliance) that full disk encryption is capable of providing.
Spring 2018 UEFI Forum plugfest presentations uploaded
* State of the UEFI – Mark Doran (UEFI Forum President)
* An Introduction to Platform Security – Brent Holtsclaw and John Loucaides (Intel)
* Firmware Security: Hot Topics to Watch – Dick Wilkins (Phoenix Technologies, Ltd.)
* UEFI Updates, Secure firmware and Secure Services on Arm – Dong Wei and Matteo Carlini (Arm)
* The State of ACPI Source Language (ASL) Programming – Erik Schmauss (Intel)
* Implementing MicroPython as a UEFI Test Framework – Chris McFarland (Intel)
* UEFI and the Security Development Lifecycle – Tim Lewis (Insyde)
* Attacking and Defending the Platform – Erik Bjorge and Maggie Jauregui (Intel)
* Microsoft Security Features and Firmware Configurations – Scott Anderson, Jeremiah Cox and Michael Anderson (Microsoft)
* Dynamic Tables Framework: A Step Towards Automatic Generation of Advanced Configuration and Power Interface (ACPI) & System Management BIOS (SMBIOS) Tables – Sami Mujawar (Arm)
* Microsoft Sample Code on GitHub and Walkthrough on Firmware Updates to Windows Update (WU) – Bret Barkelew, Keith Kepler, and Michael Anderson (Microsoft)
* Embedded Development Kit 2 (EDK2): Platforms Overview – Leif Lindholm (Linaro)
* Enabling Advanced NVMe Features Through UEFI – Zachary Bobroff (AMI)
https://uefi.blogspot.com/2018/04/spring-2018-uefi-plugfest-presentations.html
http://www.uefi.org/learning_center/presentationsandvideos
I expect videos on Youtube shortly after PDFs have become available.
Matthew Garret on the Linux Kernel Lockdown Patch, and UEFI
Re: Kernel Lockdown Patch:
Matthew Garret of Google has a new blog post that gives some background on this patch, w/r/t UEFI:
EdkiiShellTool: debug tools for UEFI
Wow, this has existed for a while and I didn’t know about it. Multiple very useful UEFI Shell tools!
Gcd: A tool to dump GCD data structure, according to PI specification.
HobList: A tool to dump HOB data structure, according to PI specification.
MemoryAttributesDump: A tool to dump Memory Attribute Table and Properties Table, according to UEFI specification.
HstiWsmtDump: A tool to dump HSTI table and WSMT table, according to Microsoft HSTI and WSMT specification.
EsrtFmpDump: A tool to dump ESRT table and FMP capsule information, according to UEFI specification.
MemoryTypeInfo: A tool to dump EDKII memory type information, according to EDKII implementation.
PerfDump: A tool to dump EDKII performance data, according to EDKII implementation.
PcdDump: A tool to dump PCD information according to PI specification and PCD internal database according to EDKII implementation.
SmmProfileDump: A tool to dump EDKII SMM profile data, according to EDKII implementation.
EdkiiCoreDatabaseDump: Tools to dump EDKII DXE Core, SMM Core, and PEI Core internal data structure, according to EDKII implementation.
https://github.com/jyao1/EdkiiShellTool
Linus on UEFI and Kernel Lockdown patch
This is a fascinating thread to read. Linus does not understand UEFI, he doesn’t understand how his code works on many systems. I get that he wishes UEFI didn’t exist, but many Linux users access Linux via Windows PCs. It is not valid to ignore the boot issues on those systems, especially in a world getting more and more security-aware.
I confess that I sometimes act like Linus as well, I’m ashamed to say. But I’m not responsible for one of the most important open source projects around; if I was I’d try to be a bit more mature to the contributors, lower ratio of UPPERCASE OBSCENETIES per constructive feedback. Linux users who have UEFI-based systems owe a lot of thanks to Matthew and a handful of others, like Peter, …in spite of Linus.
https://lkml.org/lkml/2018/4/3/817
https://lkml.org/lkml/2018/4/4/565
Tianocore releases UDK2018
Tianocore, not the UEFI Forum, has released UDK2018, the latest UEFI Dev Kit, a snapshot of the EDK-II, tied to particular revision of the specs.
https://github.com/tianocore/tianocore.github.io/wiki/UDK2018-Core-Update-Notes
https://github.com/tianocore/tianocore.github.io/wiki/UDK2018-Key-Features
https://github.com/tianocore/tianocore.github.io/wiki/UDK2018
https://github.com/tianocore/edk2/releases/tag/vUDK2018
https://github.com/tianocore-docs/Docs/blob/master/UDK/UDK2018/SecurityPkgNotes.md
Firmware Security 
You must be logged in to post a comment.