Blog

Oct 04, 2023
SBoMs are becoming an important part of software security. That includes the security of firmware that follows the UEFI standard. US Government Executive Order 14028 and documents from the US Department of Commerce NTIA describe why SBoMs are important for security. The UEFI forum has created a SBoM team to develop guidance for the creation and delivery of SBoM data to the firmware ecosystem and end users. A part of this effort is to include SBoM metadata into platform firmware images. This blog contains a proposal for inclusion of such data in those firmware images. It is being posted here to generate discussions and feedback to the SBoM team as it develops its guidance and recommendations.

Tags

Apr 02, 2021

This communication is for everyone in the ACPI/UEFI computing platform ecosystem: those who develop platforms and firmware using ACPI (Advanced Configuration and Power Interface), and those who provide hardware description tables for ACPI implementations. During the development of the ACPI Specification, Version 6.4, the specification working group noted that all ACPI tables in a platform must conform to the same specification version. The specification text is as follows:

Tags

Jul 28, 2020

Don’t miss the next series of webinars from the UEFI 2020 Virtual Plugfest: Security Week. The upcoming presentations will feature discussions on secure firmware and how memory safety issues lead to vulnerabilities in firmware. If you would like to register to attend these live webinars or view previous webinars, visit UEFI Forum BrightTALK channel. Read more about the Security focused webinars:

Feb 25, 2020
To understand how system firmware is generated for modern computer systems, it is important to first understand the ecosystem and commonly used terminology. This post helps readers gain a better understanding of the development process, the industry’s “unique language” and how it applies to UEFI firmware.