Boot Shim is a small ARM32 Windows Boot Manager Application that intended to chain-load the normal UEFI environment for UEFI application development on hacked Lumias. As Lumia verifies bootarm.efi or whatever on initialization even when Secure Boot is turned off, this application can provide additional image load capabilities, but you have to develop it from the framework provided.[…]
Tag: UEFI
Lua EFI compiler needs maintainer
One more thing to add to above list:
You could maintain the apparently abandoned Lua port to UEFI.
Boot2Snow: UEFI bootloader for SnowFlake, Rust-based OS
SnowFlake is a new OS written in Rust.
Boot2Snow is based on System76’s firmware-update.
https://github.com/SnowFlakeOS/SnowFlake
https://github.com/system76/firmware-update
FindESP: tool to find the associated EFI System Partition from a given disk object or mount point
Command Line to find the associated EFI System Partition from a given disk object or mount point
https://github.com/Micky1979/findesp
Gloader: A simple wrapper for efibootmgr that can be used to create an entry in UEFI.
A simple wrapper for efibootmgr that can be used to create an entry in UEFI. That entry can boot a properly configured kernel and deleting the need of an intermediate bootloader.
2048: a new UEFI game, written in assembly
Tianocore Security Advisory 27: Minnowboard UEFI Variable Deletion/Corruption
Tianocore EDK2 security advisory page has been updated, for the first time since 2016! It looks like a single entry:
https://edk2-docs.gitbooks.io/security-advisory/content/
27. UEFI Variable Deletion/Corruption
Description: Input validation error in MinnowBoard 3 Firmware versions prior to 0.65 allow local attacker to cause denial of service via UEFI APIs.
Recommendation: This update improves input validation by firmware and is strongly recommended. For firmware development projects, incorporate the updates in https://github.com/tianocore/edk2-platforms/tree/devel-MinnowBoard3-UDK2017. When using MinnowBoard 3, update to version 0.65 or later. Updated firmware is available at https://firmware.intel.com/projects/minnowboard3
Acknowledgments: Reported by Intel.
References: CVE-2017-5699
The referenced CVE is still empty, hopefully someone at Intel/MITRE/NIST is going to take care of that sometime.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5699
https://nvd.nist.gov/vuln/detail/CVE-2017-5699
Updraft: new UEFI game
DBXtool has support for Microsoft dbxupdate.bin
DBXtool[1] is a tool by Peter Jones of Red Hat. So it works with Fedora, and perhaps other versions of Linux. It is an interesting tool in that it is one of the few tools that look at the UEFI SecureBoot PKI list of blacklisted keys, that UEFI Forum occassionally updates[2]. Last year there was the Microsoft leaks Golden Keys” story, which was overblown, watch Jeremiah’s video on Youtube from the Fall 2016 UEFI Plugfest for more details. I just noticed that DBXtool has support[3] for a dbxupdate.bin file from Microsoft, separate from the UEFI.org-hosted DBX file, related to this Microsoft Golden Keys incident.
Peter’s comment from that checkin:
Add a new dbxupdate.bin
This is the dbxupdate.bin referenced in CVE-2016-3320 and
https://support.microsoft.com/en-us/kb/3179577
It’s for their bootloaders, not ours.
[1] https://github.com/rhboot/dbxtool
https://github.com/rhboot/dbxtool/commits/master
[2] http://uefi.org/revocationlistfile
http://www.uefi.org/sites/default/files/resources/dbxupdate.zip
[3] https://github.com/rhboot/dbxtool/commit/1e9334f1287c4703e7dfb40121e00d16d109e903
https://support.microsoft.com/en-us/kb/3179577
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-100
https://support.microsoft.com/en-us/help/3172729/ms16-100-description-of-the-security-update-for-secure-boot-august-9
WordPress mangles Github Gist URLs, so remove the spaces from the next URL to make it work:
https://gist. github.com/acepace/ df34b5213f1e0fae6529eb703d947187
Some more background on UEFI SB DBX:
https://www.rodsbooks.com/efi-bootloaders/controlling-sb.html
https://habrahabr.ru/post/273497/
https://translate.google.com/translate?hl=en&sl=ru&u=https://habrahabr.ru/post/273497/&prev=search (English translation above Russian document)
https://blog.fpmurphy.com/2012/11/list-secure-boot-certificates.html
https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-secure-boot-key-creation-and-management-guidance
http://www.linuxjournal.com/content/take-control-your-pc-uefi-secure-boot
https://wiki.gentoo.org/wiki/Sakaki%27s_EFI_Install_Guide/Configuring_Secure_Boot
https://www.insyde.com/press_news/blog/uefi-24-review-part-13-hash-certificates-used-secure-boot-revocation
https://lwn.net/Articles/706610/
http://wiki.osdev.org/UEFI#Secure_Boot
Besides Peter’s DBXtool, I’m not aware of many other tools that use the DBX file. There’s this PowerShell script:
Again, WordPress mangles Gist URLs, remove spaces to make this work:
https://gist. github.com/mattifestation/ 991a0bea355ec1dc19402cef1b0e3b6f
I wish I could point to a tool avaialble in each OS/distro that your firmware has the latest blacklist applied…
PS: Peter also works on the Shim. And he’s updated his canary:
https://blog.uncooperative.org/blog/2018/01/08/shim-info/
https://blog.uncooperative.org/shim-info-2018-01-08.txt.asc
Torito C Library
Joaquin Cono Bolillo has created the Torito C Library, a Standard C Library for UEFI x86-64 target platform for Microsoft Visual Studio 2017.
“torito C Library” is an implementation targeting the ANSI/ISO C Standard Library compatibility to create applications for different operating systems using design –and debug– infrastructure provided by Microsoft Visual Studio 2017 VS2017.
Goal: The “torito C Library” is designed to enable the developer to create Standard C programs for UEFI Shell, Windows NT and Linux (in future releases) running in x86-64 mode. Standard C compliant source code shall be easily portable to operating systems supported by “torito C Library”.
The “torito C Library” shall provide full library compatibility with: ANSI X3.159-1989 (“ANSI C”), ISO/IEC 9899 First edition 1990-12-15 (“C90”), ISO/IEC 9899 First edition 1990-12-15, Amendment 1, 1995-04-01 (“C95”)
Status:
The “torito C Library” is still in state of EVALUATION
Field tests are urgently required.
Feedback is very WELCOME.
A non-EVALUATION-library will be provided for helpful supporters for free.
The functions below are already implemented and carefully tested, every single one of them:
_ModuleEntryPoint, _iob, _setjmp, _snprintf, _vsnprintf, abs, asctime, atexit, atoi, atol, calloc, clearerr, clock, ctime, difftime, div, exit, fclose, feof, ferror, fflush, fgetc, fgetpos, fgets, fopen, fprintf, fputc, fputs, fread, free, freopen, fscanf, fseek, fsetpos, ftell, fwrite, gets, gmtime, isalnum, isalpha, iscntrl, isdigit, isgraph, islower, isprint, ispunct, isspace, isupper, isxdigit, labs, ldiv, localtime, longjmp, main(argc, argv), malloc, memcmp, memcpy, memmove, memset, mktime, nprintf, perror, printf, putc, putchar, puts, rand, realloc, rewind, scanf, setbuf, setvbuf, snprintf, sprintf, srand, sscanf, strcat, strchr, strcmp, strcpy, strcspn, strefierror, strerror, strftime, strlen, strncat, strncmp, strncpy, strpbrk, strspn, strstr, strtok, strtol, strtoul, swprintf, time, tolower, toupper, ungetc, vfprintf, vfscanf, vprintf, vscanf, vsnprintf, vsprintf, vswprintf, wcscat, wcschr, wcscmp, wcscpy, wcscspn, wcslen, wcsncat, wcsncmp, wcsncpy, wcspbrk, wcsrchr, wcsspn, wcsstr, wcstok, wmemcmp, wmemcpy, wmemmove, wprintf.
Punchdrum: macOS GUI for bootoption
GUI wrapper for bootoption that creates a bootable (systemd-boot) flash drive for the sole purpose of adding a loader to the firmware menu.
https://github.com/vulgo/Punchdrum
UEFI_Final_Project – Sokoban game for UEFI
efi_analyzer: Analyze EFI binaries
bootoption – Create a new EFI RT variable like BootXXXX but store the data in a property list
bootoption: A program to create and save an EFI boot load option – so that it might be added to the firmware menu later. May be used to work around situations where it is problematic to modify BootOrder, BootXXXX in NVRAM, while targeting a given instance of a loader from the booted OS: during loader installation, for example.
Usage: bootoption -p path -d description -o file
-p path to EFI executable
-d boot option description
-o file to write to (XML property
android-efi – EFI bootloader for Android boot images
android-efi is a simple EFI bootloader for Android™ boot images. It accepts the partition GUID of an Android boot partition on the command line, loads the kernel, ramdisk and command line and finally hands over control to the kernel.[…]
uefi-rs – library to enable writing UEFI apps in Rust language
This library allows you to write UEFI applications in Rust. UEFI is the successor to the BIOS. It provides an early boot environment for OS loaders and other low-level applications. The objective of this library is to provide safe and performant wrappers for UEFI interfaces, and allow developers to write idiomatic Rust code. This crate’s documentation is fairly minimal, and you are encouraged to refer to the UEFI specification for detailed information. You can find some example code in the tests directory, as well as use the build.py script to generate the documentation. This repo also contains a x86_64-uefi.json file, which is a custom Rust target for 64-bit UEFI applications.[…]
UEFIStarter: framework to simplify UEFI development with TianoCore EDK2
This is a small C framework for UEFI development built on top of TianoCore EDK2. This project is not a comprehensive course in UEFI development. If you’re just starting to write UEFI code you’ll need to use additional material like the official TianoCore documentation, and the UEFI Specification. The library and UEFI applications included in this code are meant to simplify a few repetitive tasks when developing UEFI code. For example there is a configurable command line argument parser that will validate input strings and convert them into the target datatype, e.g. integers. This project started out with another UEFI development kit (gnu-efi) but eventually outgrew the original SDK, so I migrated it to TianoCore EDK2017. As a result of this there are still a few library functions included that are already built-in into TianoCore. It is my hope that this code helps anyone looking into, or starting with, UEFI development: I did that myself a few months ago and found parts of the various documentations frustratingly lacking. If I can spare you some of the headache I had I’m happy.
puppet-efibootmgr: Puppet module for managing EFI boot order
puppet-efibootmgr
Puppet module for managing EFI boot order
Ubuntu 17.10 corrupting BIOS – many Lenovo laptops models (and Acer and Toshiba)
“Canonical has pulled downloads for its Ubuntu 17.10 Linux distribution following reports that it can trigger a bug in the UEFI firmware of selected Lenovo, Acer, and Toshiba laptops, corrupting the BIOS and disabling the ability to boot from USB Drives.”
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1734147
Intel Sytem Debugger on debugging UEFI and SMM
I’m not sure if this is a new change, but I just noticed that the Intel System Debugger appears to have some fresh documentation:
https://software.intel.com/node/744419
Common Debugger Tasks
* Viewing and Modifying Registers
* Execution Trace
* Debugging UEFI BIOS
* Debugging Runtime Loaded Linux* OS Kernel Modules
* Debugging System Management Mode (SMM)
* Programming a Flash Memory
Firmware Security 
You must be logged in to post a comment.