March 21, 2023
In this presentation, speakers from Intel will cover Universal Scalable Firmware (USF), including security aspects. This talk will focus on the security and trust elements of USF and relation to others, including those in the UEFI Forum including ACPI, UEFI and PI. Additionally, this talk will cover key USF security topics like post quantum crypto and its impact on the firmware & UEFI, as well as OpenSSL and cryptographic libraries needed to build UEFI features.
When the UEFI specification was originally developed, it targeted traditional platforms (servers, desktops, and laptops) using general purpose operating systems. As migration to new platform types has occurred, firmware developers for emerging platform types have pointed out that some UEFI standard required interfaces may not be needed by some platform types. Implementing these unused interfaces and their supporting code can be an unnecessary burden to smaller and constrained devices such as those for the IoT, embedded, automotive and other markets.
In this webinar, we will discuss the history behind the UEFI specifications and the rationale and benefits of adding in the new Conformance Profiles capability. We will explain how developers can leverage the Conformance Profile Table in the UEFI specification and review real world use cases.
Traditionally, capturing a Software Bill of Materials (SBOM) for UEFI firmware has been seen as challenging. Some technical challenges include immutable blobs in the image (e.g., Intel FSP and CPU microcode). Other roadblocks are due to a process where IHVs contribute binary DXE objects to the ODM. Finally, some challenges are due to commercial issues where code might be licensed from the IBV but modified by the ODM.
This talk will focus on the following topics:
The talk plans to address several industry-wide items necessary for the broader adoption of SBOM in the firmware ecosystem.
EDK2 has accepted a port of Python 3.6.8 that can be used in the UEFI Shell. Chipsec has adopted it and it can now be used to run Chipsec's suite of tests against the platform. This presentation will show some of the changes that had to be made to the EDK2 version of the python interpreter that were necessary to run Chipsec. The presentation will provide a brief overview of the Chipsec framework, some of its capabilities and why it's useful to everyone including but not limited to: IBVs, OEMs.
The process of addressing a firmware security issue can be long and complex. This webinar will provide recommendations for moving security updates into the field fast and addresses in detail the release process of typical firmware security fixes, starting from the initial disclosure from third parties to the processes of addressing the issues with the affected firmware and impacted ODM & OEM teams, all the way to public disclosure. Also addressed is the firmware supply chain’s impact on firmware patch cycles and how different approaches to these cycles can leave devices vulnerable.
Due to COVID-19 travel restrictions and health concerns, the Spring 2020 UEFI Plugfest was canceled. In place of the Spring Plugfest, the UEFI Virtual Plugfest will now take place online through a series of themed educational webinars presented by UEFI Forum members. The webinars will be free and open to the public. Given the success of these webinars, we will be continuing this program into 2023.
Recordings of the webinars will be available after the presentations have concluded. If you register now but are unable to attend the live presentation, you can view the presentation recording on the UEFI Forum YouTube channel after the webinar has concluded.
Upcoming Webinars:
Today, firmware attacks are on the rise. A platform may have different firmware coming from multiple vendors. It is important to know the original source of these firmware components. Trusted Computer Group (TCG) published a set of specifications on reference integrity manifest (RIM) information models and firmware integrity measurement (FIM) to enable compliance with NIST SP 800-155 BIOS Integrity Measurements.
In this presentation, the speakers will introduce the work to measure firmware at the component level and later use that as evidence for a traceable firmware Bill of Materials (BOM) for verification. This webinar will introduce two examples. The first example is how we provide Intel firmware support package (FSP) component measurement to help trace the Intel Firmware Support Package (FSP) binary. The second example is how we use Secure Protocol and Data Model (SPDM) protocol to communicate and record the device firmware measurement to trace the device firmware.
For debugging UEFI, print statements (“printf”) are often an engineer’s most powerful tool: some bugs are caused by complex sequences of events that are too long and intricate to root-cause using just breakpoints and watch windows. But printf has some drawbacks: its processing code can run hundreds of instructions in the target code being debugged, and this execution time added to the backpressure caused by transports such as serial console output can cause the performance of the boot code to slow significantly. This can mask timing-dependent bugs that are often the most intermittent or seemingly random. An at-speed version of print statements, enabled by the Intel Trace Hub, provides all the benefits of printf without the performance impact.
This webinar will provide advanced examples on the use of at-speed printf in conjunction with other debugging and trace tools to triage intermittent bugs on Intel platforms.
In order to resist the threat from quantum computers, National Institute of Standard and Technology (NIST) started the Post-Quantum Cryptography (PQC) project in 2016 and tried to define a set of new standard - quantum-resistant public-key cryptographic algorithms. Now two stateless hash-based signature (HBS) algorithms (XMSS in RFC 8391 and LMS in RFC 8554) are approved in NIST SP 800-208 for some special use case, such as digital signature verification on firmware update. The third round algorithms (9 key establishment algorithms and 6 general digital signature algorithms) are submitted. The industry is evaluating the impact of adoption of these post quantum cryptography algorithms, such as network transport layer security (TLS) protocol. And there are also projects prototyping the PQC algorithm to make the hardware and software ready for that trend, such as liboqs in open quantum safe project. The UEFI BIOS includes a set of security feature that requires the cryptography, such as secured boot, capsule update, secure recovery, HTTPS boot, measured boot, etc.
In this presentation, the speakers will introduce the impact of the PQC to the UEFI BIOS and the prototype work to adopt the PQC in the firmware area.
This talk explores some strategies and approaches in defining a lighter-weight subset of ACPI. The end goal is to support more variance in hardware using less code, less overhead and less engineering time. The goal of the session is not to push a specific proposal, but to get the conversation started to help chart ACPI's future.
The presentation is inspired by the two new event groups introduced in UEFI 2.9 specification. It showcases the entire family of the UEFI and PI architectural events highlighting applicability and use cases of each event group. It also discusses best practices, do’s and don’ts and corner cases of event handler construction.
Webinar Airing from 8:00 – 8:45 am PT
UEFI Secure Boot helps provide an effective defense against boot malware, but following today’s best practices in its implementation, deployment and configurability can help it increase its effectiveness against increasingly sophisticated exploits. This webinar will address how the latest recommendations for UEFI firmware from national security organizations can be leveraged to design secure devices that are able to meet stringent national security standards.
Compute Express Link™ (CXL™) is an open industry standard interconnect offering high-bandwidth, low latency connectivity between host processor and devices such as accelerators, memory buffers, and smart I/O devices. CXL 1.1 debuted in August 2019. Building on the industry success and acceptance of CXL as evidenced by the 130+ member companies with active participation, CXL Consortium announced the availability of CXL 2.0 in Nov 2020. CXL 2.0 enables additional usage models while maintaining full backward compatibility with CXL 1.1. CXL 2.0 enhances the CXL specification in many areas: CXL Switch, persistent memory, standardized Memory Device interface, Hot-plug and link security.
In this presentation, we will go over each of these areas and their implications to ACPI and UEFI interfaces as well as the UEFI Firmware Layer.
Architectural Event Trace (AET) is a technology on modern Intel silicon that enables processors to provide real-time event trace information. AET differs from code execution trace, which is concerned with the path a processor takes through code; AET traces interactions between individual processors in a system and other processors, the BIOS, OS, device drivers, and external peripherals. Events such as hardware interrupts, exceptions, MSR reads/writes and many others can easily be traced with modern debuggers. And especially when used in conjunction with code execution trace, AET provides additional insight into the root causes of hardware, firmware and software issues.
This webinar will provide advanced examples on the utility of AET and other debug and trace logic on Intel platforms.
Arm SystemReady is a new program bringing a level of consistency across a broad range of Arm-based devices in the cloud, in the network and in high-performance IoT (HPIoT) endpoints. It includes new set of standards and a compliance certification program, with the goal of ensuring that Arm systems "Just Work" with standard off-the-shelf operating systems and hypervisors. The program is based on a set of minimum hardware and firmware requirements. Firmware standards such as UEFI, ACPI, and SMBIOS are key elements in these requirements.
This presentation will introduce the Arm SystemReady program, the Base Boot Requirements (BBR) and the Base Boot Security Requirements (BBSR) firmware specifications. The session show-cases enablement efforts for devices under this program, using open source firmware projects such as TianoCore and U-Boot. It also highlights open source firmware test suites used in SystemReady certification.
Spring 2020 UEFI Plugfest – Postponed
Due to the evolving situation with the Coronavirus, the UEFI Forum has decided to postpone the upcoming Spring 2020 UEFI Plugfest that was to take place March 30 – April 2, 2020, at the Embassy Suites by Hilton in Hillsboro, Oregon. All registrations and sponsorship donations will be canceled and refunded.
The UEFI Forum is actively exploring the possibility of rescheduling the event later this year so that UEFI Forum members still have the opportunity to test their devices and network within the firmware community.
We are also investigating the possibility of turning the presentation track into a series of webinars or virtual meetings. More information will be made available in the coming weeks.
Regarding lodging at the Embassy Suites by Hilton Portland Hillsboro, Oregon, please contact the hotel directly to cancel your room reservation.
If you have any questions, please reach out to events@uefi.org.
The expert panel for the webinar, “Understanding UEFI Testing” will include:
The panelists will discuss how to prepare products for upcoming UEFI Forum Plugfests. The presentation will include an overview of the UEFI Test Work Group (UTWG), the Firmware Test Suite (FWTS), the UEFI Self Certification Test and more. The webinar is open to the public and attendees will get the chance to participate in a live Q&A session.
Registration for this free, one-hour webcast is now open: Register today.
The expert panel for the webinar, “How to Create a Secure Development Lifecyle for Firmware,” will include:
The panelists will describe best practices for creating a secure development lifecycle (SDL) for implementation of better protected firmware. The webinar is open to the public and attendees will get the chance to participate in a live Q&A session.
Registration for this free, one-hour webcast is now open: Register today.
The Role of Redfish in UEFI Forum Firmware Specifications Webinar will feature a panel of firmware experts representing the Forum and DMTF, including:
The panelists will provide an overview of Redfish, implementation challenges, and how Redfish and UEFI firmware interact with each other. The webinar is open to the public and attendees will get the chance to participate in a live Q&A session.
Registration for this free, one-hour webcast is now open: Register today.
The Firmware Secure Coding Webinar will feature a panel of firmware security experts representing the Forum, including:
Moderator: Brian Richardson, Director of Firmware Ecosystem Development Intel Corporation
The inherent nature of firmware makes it an appealing target for hackers as the hardening of traditional exploit vectors (e.g., operating systems and the applications) is leading to new routes of attack. Join the UEFI Forum Secure Coding webinar to hear the panel of security experts discuss tips and best practices. The webinar is open to the public and attendees will get the chance to participate in a live Q&A session.
Listen to the recording of the Secure Coding Webinar here: https://www.youtube.com/watch?v=fkZPVEhQUmc&t=13s
UEFI Member Harry Hsiung will provide an update on UEFI and ACPI.
The conference details are available here: http://bit.ly/2OVFFtr
The collocated Linux Open Source Summit Europe and Embedded Linux Conference Europe events will feature many presentations focused on firmware.
Learn more about the Linux Open Source Summit Europe: http://bit.ly/2wiZSSn
Learn more about the Embedded Linux Conference Europe: http://bit.ly/2LdQdC4
The Fall 2018 UEFI Plugfest, hosted by American Megatrends, Inc., is October 15-19, 2018 at the Capital Hotel Dahzi in Taipei, Taiwan. Come to learn about the latest UEFI specification enhancements from technology experts and sign-up to test your latest platforms, devices, and firmware during the private Plugfest testing sessions.
REGISTRATION: UEFI Forum members can register here: http://bit.ly/2v5VJ3F. For those registering from Mainland China and cannot access the registration form online, you may download it here.
View the event Logistics Packet here: https://www.uefi.org/sites/default/files/resources/Fall_2018_UEFI_Plugfest_Logistic_Info.pdf
View the Session Details and Schedule here: https://www.uefi.org/sites/default/files/resources/Fall%202018%20UEFI%20Plugfest_Speaker%20Details%20and%20Schedule%2010.3.2018.pdf
View our new What is a UEFI Plugfest video here to learn more about what you can expect at the event.
Plugfest attendees must sign the disclosure agreement and photo and video waiver. Attendees can either sign and bring a printed copy to the event or sign a version on site. Print the disclosure agreement here: https://www.uefi.org/sites/default/files/resources/Disclosure%20Agreements_Fall%202018%20UEFI%20Plugfest%207.25.18.pdf
The Open Source Firmware Summit will focus on EDK2 code and other open source firmware code bases. Vincent Zimmer will provide the keynote for the event with a full abstract to come.
Read more about the event: http://bit.ly/2nXXVXI
The Linux Open Source Summit will feature a presentation titled “Spectre, Meltdown, & Linux” by Greg Kroah-Hartman (The Linux Foundation) on Wednesday, August 29 from 12:00-12:40 pm. Read the presentation abstract here: http://bit.ly/2wcQeAK
The Linux Security Summit event will feature multiple presentations focused on firmware and security.
View more information here: http://bit.ly/2nUtnGe
The Firmware Security 101 Webinar outlined the major challenges currently facing platform security, how the UEFI Forum and UEFI specification address these challenges and finally, how you can join us in the battle to protect firmware from outside threats. The webinar featured a panel of firmware security experts representing the Forum, including:
View the recorded webinar presentation.
Paul English & Lee Fisher of member company PreOS Security will present “Platform Firmware for Blue Teams: Detecting Evil Maid Attacks” from 2:30-3:30pm. The speakers will cover the NIST SP (147,147b,155,193) secure firmware guidance for enterprise blue teams, sysadmins, and SREs. They will introduce firmware-level technology, discuss the problem of firmware-level malware, show existing open source tools.
See the complete schedule of presentations and register here.
Paul English & Lee Fisher of member company PreOS Security present on firmware security. In this presentation, they will cover the NIST SP (147,147b,155,193) secure firmware guidance and discuss the problem of firmware-level malware, including some of the latest vulnerabilities such as Intel AMT, Intel ME and even a bit on Meltdown and Spectre and more.
Visit the Meetup page to learn more.
Brian Richardson, Intel technical evangelist focused on UEFI technology, will be discussing firmware security and using UEFI technology examples in his presentation titled “What you don’t know about firmware might get you 0wn3d.” Learn more about his presentation scheduled for 4:00pm on Dec. 6 click here. The ESC Silicon Valley 2017 conference and expo focuses on four different tracks: embedded hardware design & verification, embedded software design & verification, connected devices & IoT and advanced technologies.
Learn more about ESC Silicon Valley 2017 and purchase passes.
