Past Events

BrightTALK

UEFI Forum

Coordinating UEFI Vulnerabilities as CERT/CC

November 21, 2024

Webinar Airing at 8 am – 8:45 am PST

Presented by Vijay Sarvepalli, Carnegie Mellon University

Software Engineering Institute's CERT Coordination Center (CERT/CC) has been coordinating vulnerabilities in software since 1988 connecting security researchers and vendors towards a more Coordinated Vulnerability Disclosure (CVD) process. CERT/CC has recently been focused on handling "Systemic Vulnerabilities", under which UEFI was identified as a specific Firmware concern. UEFI vulnerabilities are critical due to their location at the intersection of hardware and software, making them fit a Systemic Vulnerability class.  This talk provides an inside look at how the CERT/CC is attempting to approach the coordination of UEFI vulnerabilities and help the eco-system.

We will discuss the technical challenges of identifying these vulnerabilities, the complexities of coordinating with affected vendors, and the strategies used to communicate risks to the public. Through real-world examples, we’ll illustrate the importance of collaboration in addressing these issues and share insights on how various stakeholders can help us achieve this.

Attendees will hopefully learn about the role of CERT/CC in helping organizations and provide practical steps when coordinating UEFI vulnerabilities. The aim is to assist very small to large organizations so they can benefit from our work at CERT/CC to bring transparency and CVD maturity to UEFI ecosystem.

Register for the Webinar

BrightTALK
UEFI Forum

UEFI Unveiled: Ensuring Transparency in Your Firmware

October 24, 2024

Webinar Airing at 8 am – 8:45 am PST

Presented by Tim Lewis, Insyde 

Recent government and industry activity allows users to know what software what software is used to create and deploy firmware. Software Bills of Materials (SBOM) allow users to see what components were used to create a firmware image, how they are licensed, and which security issues might affect them. 

This session highlights UEFI, open-source and industry efforts to integrate and validate SBOMs in each stage of the firmware development process as well as where more work is still needed. The presenter will explore how to use SBOM tools and explain how SBOM affects the supply chain, including OEMs, ODMs and Enterprise customers. Finally, the session will cover some major uses of SBOM, such as licensing and security. 

Register for the Webinar

UEFI VIRTUAL PLUGFEST WEBINARS

Webinars – UEFI BrightTALK Channel

The UEFI educational webinars serve as an opportunity to learn more about UEFI from UEFI Forum members. The webinars are free and open to the public.

Recordings of the webinars will be made available after the presentations have concluded. If you register now but are unable to attend the live presentation, you can view the presentation recording on the UEFI Forum YouTube channel after the webinar has concluded. 

 

Challenges and Benefits of Integrating Wireless Drivers in UEFI Firmware

March 13, 2024

Webinar Airing at 8 am – 8:45 am PST

Presented by Hemanth Venkatesh Murthy, Dell

Adding new features into UEFI-based platform firmware commonly has challenges due to storage space constraints. Wireless Drivers, which are typically large compared to other UEFI Drivers, have additional challenges due to variants of a particular platform having different chipsets but common BIOS. 

The session will discuss the solutions that were implemented in Dell BIOS to overcome the challenges and the benefits of integrating the wireless drivers like Firmware-Over-The-Air (FOTA) and OS Recovery.

EDK2Code: VSCODE Extension for EDK2 

February 20, 2024

Webinar Airing at 8 am – 8:45 am PST

Presented by Guillermo Palomino Sosa, Intel

The EDK2Code Extension is a Visual Studio Code (VSCODE) extension for EDK2 developers missing Integrated Development Environment (IDE)-like features that are present for other popular development frameworks. The extension reads the compiled information or DSC files to provide full context of what has been integrated into the build process. With this information the extension provides the user with a new set of VSCODE commands to navigate through the source code. Some examples of commands are Goto Library definition, Goto INF file, Goto Library implementation, etc. The Extension also provides context and syntax support for EDK2 files and ACPI files. The EDK2Code Extension has been released as an open-source project and is available through the VSCODE marketplace. 

This webinar will discuss the EDK2Code Extension, including its main commands and functionalities. A demo will also be shown during this presentation to walk through the extension's capabilities. 

 

-
Hillsboro, Oregon
UEFI Forum

The UEFI Fall 2023 UEFI Developers Conference & Plugfest, hosted by the UEFI Forum, will take place on October 9 - 12 at the Embassy Suites by Hilton Portland in Hillsboro, Oregon. UEFI Plugfests provide the opportunity to test your platforms, devices, and firmware, while also attending educational/technical sessions and networking opportunities with industry’s most prolific thought-leaders. If you are a UEFI Forum member and would like to participate, please view the event information below.

If you have any questions, please reach out to the UEFI Forum PR team at press@uefi.org. Connect with us on Twitter and LinkedIn to stay up to date on the latest event information.

Please fill out the disclosure document. All members will be made to submit this form onsite: Disclosure Agreement
 
View the Logistics packet
 
UEFI Developers Conference Session Descriptions - Available Now! 
The UEFI Forum is pleased to offer a three-day program of educational sessions from the leading industry experts. The event agenda is not available and topics for this years event include security, the firmware supply chain, open source firmware updates and more. 
 
View the event agenda
 

 

March 21, 2023

In this presentation, speakers from Intel will cover Universal Scalable Firmware (USF), including security aspects. This talk will focus on the security and trust elements of USF and relation to others, including those in the UEFI Forum including ACPI, UEFI and PI. Additionally, this talk will cover key USF security topics like post quantum crypto and its impact on the firmware & UEFI, as well as OpenSSL and cryptographic libraries needed to build UEFI features.

 

When the UEFI specification was originally developed, it targeted traditional platforms (servers, desktops, and laptops) using general purpose operating systems. As migration to new platform types has occurred, firmware developers for emerging platform types have pointed out that some UEFI standard required interfaces may not be needed by some platform types. Implementing these unused interfaces and their supporting code can be an unnecessary burden to smaller and constrained devices such as those for the IoT, embedded, automotive and other markets.

In this webinar, we will discuss the history behind the UEFI specifications and the rationale and benefits of adding in the new Conformance Profiles capability. We will explain how developers can leverage the Conformance Profile Table in the UEFI specification and review real world use cases.

 

Traditionally, capturing a Software Bill of Materials (SBOM) for UEFI firmware has been seen as challenging. Some technical challenges include immutable blobs in the image (e.g., Intel FSP and CPU microcode). Other roadblocks are due to a process where IHVs contribute binary DXE objects to the ODM. Finally, some challenges are due to commercial issues where code might be licensed from the IBV but modified by the ODM.

This talk will focus on the following topics:

  • How to include accurate SBOM metadata that is compliant with NTIA’s The Minimum Elements for a Software Bill of Materials (SBOM) guidelines in a UEFI firmware project?
  • What edge conditions and use cases need to be considered when implementing SBOM?
  • What approaches can enable extracting and consuming SBOM data from one supply chain partner to another?

The talk plans to address several industry-wide items necessary for the broader adoption of SBOM in the firmware ecosystem.

EDK2 has accepted a port of Python 3.6.8 that can be used in the UEFI Shell. Chipsec has adopted it and it can now be used to run Chipsec's suite of tests against the platform. This presentation will show some of the changes that had to be made to the EDK2 version of the python interpreter that were necessary to run Chipsec. The presentation will provide a brief overview of the Chipsec framework, some of its capabilities and why it's useful to everyone including but not limited to: IBVs, OEMs.

The process of addressing a firmware security issue can be long and complex. This webinar will provide recommendations for moving security updates into the field fast and addresses in detail the release process of typical firmware security fixes, starting from the initial disclosure from third parties to the processes of addressing the issues with the affected firmware and impacted ODM & OEM teams, all the way to public disclosure. Also addressed is the firmware supply chain’s impact on firmware patch cycles and how different approaches to these cycles can leave devices vulnerable.

-

Due to COVID-19 travel restrictions and health concerns, the Spring 2020 UEFI Plugfest was canceled. In place of the Spring Plugfest, the UEFI Virtual Plugfest will now take place online through a series of themed educational webinars presented by UEFI Forum members. The webinars will be free and open to the public. Given the success of these webinars, we will be continuing this program into 2023.

Recordings of the webinars will be available after the presentations have concluded. If you register now but are unable to attend the live presentation, you can view the presentation recording on the UEFI Forum YouTube channel after the webinar has concluded.

Upcoming Webinars:

Webinar
Today, firmware attacks are on the rise. A platform may have different firmware coming from multiple vendors. It is important to know the original source of these firmware components. Trusted Computer Group (TCG) published a set of specifications on reference integrity manifest (RIM) information models and firmware integrity measurement (FIM) to enable compliance with NIST SP 800-155 BIOS Integrity Measurements. In this presentation, the speakers will introduce the work to measure firmware at the component level and later use that as evidence for a traceable firmware Bill of Materials (BOM) for verification. This webinar will introduce two examples. The first example is how we provide Intel firmware support package (FSP) component measurement to help trace the Intel Firmware Support Package (FSP) binary. The second example is how we use Secure Protocol and Data Model (SPDM) protocol to communicate and record the device firmware measurement to trace the device firmware.
Webinar

For debugging UEFI, print statements (“printf”) are often an engineer’s most powerful tool: some bugs are caused by complex sequences of events that are too long and intricate to root-cause using just breakpoints and watch windows. But printf has some drawbacks: its processing code can run hundreds of instructions in the target code being debugged, and this execution time added to the backpressure caused by transports such as serial console output can cause the performance of the boot code to slow significantly. This can mask timing-dependent bugs that are often the most intermittent or seemingly random. An at-speed version of print statements, enabled by the Intel Trace Hub, provides all the benefits of printf without the performance impact.

This webinar will provide advanced examples on the use of at-speed printf in conjunction with other debugging and trace tools to triage intermittent bugs on Intel platforms.

Webinar

In order to resist the threat from quantum computers, National Institute of Standard and Technology (NIST) started the Post-Quantum Cryptography (PQC) project in 2016 and tried to define a set of new standard - quantum-resistant public-key cryptographic algorithms. Now two stateless hash-based signature (HBS) algorithms (XMSS in RFC 8391 and LMS in RFC 8554) are approved in NIST SP 800-208 for some special use case, such as digital signature verification on firmware update. The third round algorithms (9 key establishment algorithms and 6 general digital signature algorithms) are submitted. The industry is evaluating the impact of adoption of these post quantum cryptography algorithms, such as network transport layer security (TLS) protocol. And there are also projects prototyping the PQC algorithm to make the hardware and software ready for that trend, such as liboqs in open quantum safe project. The UEFI BIOS includes a set of security feature that requires the cryptography, such as secured boot, capsule update, secure recovery, HTTPS boot, measured boot, etc.

In this presentation, the speakers will introduce the impact of the PQC to the UEFI BIOS and the prototype work to adopt the PQC in the firmware area.

Webinar

This talk explores some strategies and approaches in defining a lighter-weight subset of ACPI. The end goal is to support more variance in hardware using less code, less overhead and less engineering time. The goal of the session is not to push a specific proposal, but to get the conversation started to help chart ACPI's future.

Webinar

The presentation is inspired by the two new event groups introduced in UEFI 2.9 specification. It showcases the entire family of the UEFI and PI architectural events highlighting applicability and use cases of each event group. It also discusses best practices, do’s and don’ts and corner cases of event handler construction.

Webinar
UEFI Forum
Webinar Airing from 8:00 – 8:45 am PT UEFI Secure Boot helps provide an effective defense against boot malware, but following today’s best practices in its implementation, deployment and configurability can help it increase its effectiveness against increasingly sophisticated exploits. This webinar will address how the latest recommendations for UEFI firmware from national security organizations can be leveraged to design secure devices that are able to meet stringent national security standards.
Webinar

Compute Express Link™ (CXL™) is an open industry standard interconnect offering high-bandwidth, low latency connectivity between host processor and devices such as accelerators, memory buffers, and smart I/O devices. CXL 1.1 debuted in August 2019. Building on the industry success and acceptance of CXL as evidenced by the 130+ member companies with active participation, CXL Consortium announced the availability of CXL 2.0 in Nov 2020. CXL 2.0 enables additional usage models while maintaining full backward compatibility with CXL 1.1. CXL 2.0 enhances the CXL specification in many areas: CXL Switch, persistent memory, standardized Memory Device interface, Hot-plug and link security.

In this presentation, we will go over each of these areas and their implications to ACPI and UEFI interfaces as well as the UEFI Firmware Layer.

Webinar

Architectural Event Trace (AET) is a technology on modern Intel silicon that enables processors to provide real-time event trace information. AET differs from code execution trace, which is concerned with the path a processor takes through code; AET traces interactions between individual processors in a system and other processors, the BIOS, OS, device drivers, and external peripherals. Events such as hardware interrupts, exceptions, MSR reads/writes and many others can easily be traced with modern debuggers. And especially when used in conjunction with code execution trace, AET provides additional insight into the root causes of hardware, firmware and software issues.

This webinar will provide advanced examples on the utility of AET and other debug and trace logic on Intel platforms.

Webinar

Arm SystemReady is a new program bringing a level of consistency across a broad range of Arm-based devices in the cloud, in the network and in high-performance IoT (HPIoT) endpoints. It includes new set of standards and a compliance certification program, with the goal of ensuring that Arm systems "Just Work" with standard off-the-shelf operating systems and hypervisors. The program is based on a set of minimum hardware and firmware requirements. Firmware standards such as UEFI, ACPI, and SMBIOS are key elements in these requirements.

This presentation will introduce the Arm SystemReady program, the Base Boot Requirements (BBR) and the Base Boot Security Requirements (BBSR) firmware specifications. The session show-cases enablement efforts for devices under this program, using open source firmware projects such as TianoCore and U-Boot. It also highlights open source firmware test suites used in SystemReady certification.

-
Hillsboro, Oregon

Spring 2020 UEFI Plugfest – Postponed

Due to the evolving situation with the Coronavirus, the UEFI Forum has decided to postpone the upcoming Spring 2020 UEFI Plugfest that was to take place March 30 – April 2, 2020, at the Embassy Suites by Hilton in Hillsboro, Oregon. All registrations and sponsorship donations will be canceled and refunded.

The UEFI Forum is actively exploring the possibility of rescheduling the event later this year so that UEFI Forum members still have the opportunity to test their devices and network within the firmware community.

We are also investigating the possibility of turning the presentation track into a series of webinars or virtual meetings. More information will be made available in the coming weeks.

Regarding lodging at the Embassy Suites by Hilton Portland Hillsboro, Oregon, please contact the hotel directly to cancel your room reservation.

If you have any questions, please reach out to events@uefi.org.

GoToWebinar - http://bit.ly/2tRtyZt

The expert panel for the webinar, “Understanding UEFI Testing” will include:

  • Moderator: Brian Richardson 
  • Panelists:
    • Dong Wei, UEFI Vice President and UEFI Test Work Group Chair
    • Alex Hung, Canonical
    • Supreeth Venkatesh, Arm

The panelists will discuss how to prepare products for upcoming UEFI Forum Plugfests. The presentation will include an overview of the UEFI Test Work Group (UTWG), the Firmware Test Suite (FWTS), the UEFI Self Certification Test and more. The webinar is open to the public and attendees will get the chance to participate in a live Q&A session.

Registration for this free, one-hour webcast is now open: Register today.

GoToMeeting

The expert panel for the webinar, “How to Create a Secure Development Lifecyle for Firmware,” will include:

  • Moderator: Brian Richardson (TBD)
  • Panelists:
    • Dick Wilkins, Phoenix
    • Tim Lewis, Insyde Software
    • Eric Johnson, AMI

The panelists will describe best practices for creating a secure development lifecycle (SDL) for implementation of better protected firmware. The webinar is open to the public and attendees will get the chance to participate in a live Q&A session.

Registration for this free, one-hour webcast is now open: Register today.

GoToMeeting

The Role of Redfish in UEFI Forum Firmware Specifications Webinar will feature a panel of firmware experts representing the Forum and DMTF, including:

  • Moderator: Brian Richardson, Industry Communications Working Group Chair
  • Panelists:
    • Zach Bobroff, American Megatrends, Inc.
    • Samer El Haj Mahmoud, DMTF
    • Jason Spottswood, Hewlett Packard Enterprise

 

The panelists will provide an overview of Redfish, implementation challenges, and how Redfish and UEFI firmware interact with each other. The webinar is open to the public and attendees will get the chance to participate in a live Q&A session.

Registration for this free, one-hour webcast is now open: Register today.
 

-
Bellevue, WA

The Spring 2019 Plugfest Schedule is now available click here or below. 

The Spring 2019 UEFI Plugfest on April 8-12, 2019 was held at the Embassy Suites by Hilton Seattle Bellevue.

The Spring 2019 UEFI Plugfest Logistics Packet can be downloaded here and below. 

GoToWebinar
UEFI Forum

The Firmware Secure Coding Webinar will feature a panel of firmware security experts representing the Forum, including:

Moderator: Brian Richardson, Director of Firmware Ecosystem Development Intel Corporation

  • Panelists:
    • Dick Wilkins, Phoenix Technologies
    • Trevor Western, Insyde Software
    • Eric Johnson, American Megatrends Inc.


The inherent nature of firmware makes it an appealing target for hackers as the hardening of traditional exploit vectors (e.g., operating systems and the applications) is leading to new routes of attack. Join the UEFI Forum Secure Coding webinar to hear the panel of security experts discuss tips and best practices. The webinar is open to the public and attendees will get the chance to participate in a live Q&A session.

Listen to the recording of the Secure Coding Webinar here: https://www.youtube.com/watch?v=fkZPVEhQUmc&t=13s

-
Vancouver, BC

UEFI Member Harry Hsiung will provide an update on UEFI and ACPI.

The conference details are available here: http://bit.ly/2OVFFtr

-
Edinburgh, ENG
The Linux Foundation

The collocated Linux Open Source Summit Europe and Embedded Linux Conference Europe events will feature many presentations focused on firmware.

Learn more about the Linux Open Source Summit Europe: http://bit.ly/2wiZSSn
Learn more about the Embedded Linux Conference Europe: http://bit.ly/2LdQdC4

-
Taipei, Taiwan
American Megatrends, Inc.

 

The Fall 2018 UEFI Plugfest, hosted by American Megatrends, Inc., is October 15-19, 2018 at the Capital Hotel Dahzi in Taipei, Taiwan. Come to learn about the latest UEFI specification enhancements from technology experts and sign-up to test your latest platforms, devices, and firmware during the private Plugfest testing sessions.


REGISTRATION: UEFI Forum members can register here: http://bit.ly/2v5VJ3F. For those registering from Mainland China and cannot access the registration form online, you may download it here

View the event Logistics Packet here: https://www.uefi.org/sites/default/files/resources/Fall_2018_UEFI_Plugfest_Logistic_Info.pdf

View the Session Details and Schedule here: https://www.uefi.org/sites/default/files/resources/Fall%202018%20UEFI%20Plugfest_Speaker%20Details%20and%20Schedule%2010.3.2018.pdf

View our new What is a UEFI Plugfest video here to learn more about what you can expect at the event.

Plugfest attendees must sign the disclosure agreement and photo and video waiver.  Attendees can either sign and bring a printed copy to the event or sign a version on site. Print the disclosure agreement here: https://www.uefi.org/sites/default/files/resources/Disclosure%20Agreements_Fall%202018%20UEFI%20Plugfest%207.25.18.pdf

 

-
Erlangen, GER

The Open Source Firmware Summit will focus on EDK2 code and other open source firmware code bases. Vincent Zimmer will provide the keynote for the event with a full abstract to come.

Read more about the event: http://bit.ly/2nXXVXI

-
Vancouver, BC
The Linux Foundation

The Linux Open Source Summit will feature a presentation titled “Spectre, Meltdown, & Linux” by Greg Kroah-Hartman (The Linux Foundation)  on Wednesday, August 29 from 12:00-12:40 pm. Read the presentation abstract here: http://bit.ly/2wcQeAK

-
Vancouver, CA
The Linux Foundation

The Linux Security Summit event will feature multiple presentations focused on firmware and security.

View more information here: http://bit.ly/2nUtnGe

GoToMeeting

The Firmware Security 101 Webinar outlined the major challenges currently facing platform security, how the UEFI Forum and UEFI specification address these challenges and finally, how you can join us in the battle to protect firmware from outside threats. The webinar featured a panel of firmware security experts representing the Forum, including:

  • Moderator: Michael Krau, Industry Communications Working Group Chair
  • Panelists:
    • Eric Johnson, American Megatrends, Inc.
    • Tim Lewis, Insyde Software
    • Dick Wilkins, Phoenix Technologies
    • Vincent Zimmer, Intel

View the recorded webinar presentation.

 

-
Embassy Suites by Hilton Seattle Bellevue, 3225 158th Ave SE, Bellevue, WA 98008
The Commons Mixer Building, 15255 NE 40th Street, Redmond, WA 98052

Paul English & Lee Fisher of member company PreOS Security will present “Platform Firmware for Blue Teams: Detecting Evil Maid Attacks” from 2:30-3:30pm. The speakers will cover the NIST SP (147,147b,155,193) secure firmware guidance for enterprise blue teams, sysadmins, and SREs. They will introduce firmware-level technology, discuss the problem of firmware-level malware, show existing open source tools.
 
See the complete schedule of presentations and register here.

1111 3rd Ave #2500, Seattle, WA 98101

Paul English & Lee Fisher of member company PreOS Security present on firmware security. In this presentation, they will cover the NIST SP (147,147b,155,193) secure firmware guidance and discuss the problem of firmware-level malware, including some of the latest vulnerabilities such as Intel AMT, Intel ME and even a bit on Meltdown and Spectre and more.
 
Visit the Meetup page to learn more.
 

-
San Jose Convention Center—150 W San Carlos St, San Jose, CA 95113


Brian Richardson, Intel technical evangelist focused on UEFI technology, will be discussing firmware security and using UEFI technology examples in his presentation titled  “What you don’t know about firmware might get you 0wn3d.” Learn more about his presentation scheduled for 4:00pm on Dec. 6 click here. The ESC Silicon Valley 2017 conference and expo focuses on four different tracks: embedded hardware design & verification, embedded software design & verification, connected devices & IoT and advanced technologies.

Learn more about ESC Silicon Valley 2017 and purchase passes.

-
Capital Hotel—No. 7 Jianguo North Road Sec. 2, Taipei, Taiwan
American Megatrends
-
Los Angeles, CA
-
RISC Networks—81 Broadway, Suite C, Asheville, NC 28801
-
Wanda Hilton, Nanjing, Jiangsu Province, China
-
Santa Fe Convention Center, Santa Fe, New Mexico
-
Embassy Suites Seattle - Tacoma, Washington
-
Capital Hotel Taipei, Taiwan
Phoenix Technologies
-
San Jose, CA
-
Dublin, Ireland
-
Seattle, WA
-
Vancouver, British Columbia
-
San Jose, CA
Piscataway, New Jersey, USA 08854
-
Taipei, Taiwan
Sheraton Chicago Hotel in Chicago, IL
-
Seattle, WA
-
Hyatt Regency, New Orleans, LA
Hosted by the Linux Foundation and the UEFI Forum
-
Microsoft Campus, Redmond, WA
Hosted by Microsoft and the UEFI Forum
-
Taipei, Taiwan
-
Redmond, WA
-
Taipei, Taiwan
-
Sunnyvale, CA
-
Taipei, Taiwan
-
Redmond, WA
-
Taipei, Taiwan
-
DuPont, WA
-
Sunnyvale, CA
-
Nanjing, China
-