Due to COVID-19 travel restrictions and health concerns, the Spring 2020 UEFI Plugfest has been canceled. In place of the Spring Plugfest, the UEFI 2020 Virtual Plugfest will now take place online through a series of themed educational webinars presented by UEFI Forum members. The webinars will be free and open to the public. Given the success of these webinars, we will be continuing this program into 2021.
Recordings of the webinars will be available after the presentations have concluded. If you register now but are unable to attend the live presentation, you can view the presentation recording on the UEFI Forum YouTube channel after the webinar has concluded.
Upcoming Webinars:
Virtual Firmware for Intel® Trust Domain Extensions
Tuesday, December 15, 2020
Webinar Airing from 8:00 am – 9:00 am PT
Interactive Q&A from 9:00 am – 9:30 am PT
Intel® Trust Domain Extensions (Intel® TDX) introduce architectural elements to help deploy hardware-isolated, virtual machines (VMs) called trust domains (TDs). Intel TDX is designed to isolate VMs from the virtual-machine manager (VMM)/hypervisor and any other non-TD software on the platform to protect TDs from a broad range of software.
This presentation introduces the architecture for TDX Virtual Firmware (TDVF), and the firmware reference implementation available in open source. The talk covers how TDVF runs from the TD reset vector, records runtime measurements, manages private memory, interacts with the Intel TDX module in Secure Arbitration Mode (SEAM), and loads the operating system (OS).
Register for the webinar: https://www.brighttalk.com/webcast/18206/453600
Past Webinars:
Firmware Integrity Measurements and Attestation
Wednesday, October 21, 2020
In 2011, the USG National Institute of Standards and Technology (NIST) published a draft of “BIOS Integrity Measurement Guidelines” (NIST Special Publication 800-155). For various reasons, these guidelines have not been widely accepted or implemented. Last year, NIST entered a collaboration with the Trusted Computing Group (TCG) to develop specifications that could be industry accepted and TCG has started publishing drafts of these specifications. This presentation will update the UEFI Forum membership on the status of this collaboration and how it will likely affect platform firmware.
The world of UEFI is unlike OS-based software ecosystems in several aspects and the difference can be daunting to a developer who is starting to write UEFI device drivers. This talk is aimed at junior independent hardware vendor (IHV) driver developers, at BIOS developers and at Integrators.
The topics covered will include:
- Common issues encountered and how to overcome them
- Resources that proved valuable in development and maintenance:
- Continuous Integration
- Comprehensive Debugging Information
- Documentation (EDKII and Yours)
- Examples of interesting bugs encountered in the wild
The goal of this webinar is to illustrate some areas for improvement within our community and help junior driver developers overcome early difficulties.
Implementing and Using the UEFI Key Management Service (KMS)
The UEFI specification has had the Key Management Service (KMS) protocol definition since version 2.3.1 and provides services to generate, store, retrieve, and manage cryptographic keys. As normal, the specification provides just the definition for the service and the underlying implementation can vary. There are several implementation options to implement the KMS protocol. A simple implementation is to build it on top of something already in the system such as a TPM. The most practical implementation requires interfacing with a Key Management Interoperability Protocol (KMIP) Server over a secure network connection. This presentation will cover the high-level interactions between a UEFI firmware and a KMIP server to implement the UEFI KMS protocol and several real use cases of the KMS protocol in modern systems.
Best Practices for Secure Firmware Patching
Wednesday, August 19
Today firmware is ever-present, and although we understand the importance of updating firmware, there still isn't widespread adoption of best practices for updating firmware in the enterprise. Updating is critical to keeping systems safe and understandably why a firmware update plan is necessary, from both a system and device side. In this presentation, Insyde Software and Eclypsium address the topic of firmware updates and provide some best practices to add to an overall security strategy.
Enabling Rust for UEFI Firmware
Thursday, August 20
This webinar will introduce work in progress to enable Rust, a modern language designed for memory safe operations, in EDK II. The session will also include use cases for Rust in EDK II, advantages of Rust when applied to firmware components, limitations in firmware environments and the types of issues that can be avoided by using a memory safe language in EDK II. Memory safety issues contributed to approximately 70% of recent security issues in software. In firmware, over 50% of reported issues in EDK II open source are related to memory safety.
JTAG-Based UEFI Debug and Trace
Tuesday, July 14
The IEEE Joint Test Action Group (JTAG) standards define debug, test and hardware validation technologies that are ingrained within much of today’s commercial silicon. In particular, platform debug is enabled by JTAG-based run-control (for example: halt, go, set breakpoint, single-step) and trace (for example: instruction trace, real-time UEFI “tool-hosted printf” message trace). On many systems, JTAG-based debugging is typically available from the very first instruction after CPU reset, allowing it to assist with development of early boot software that runs before any device or bus is initialized.
This presentation will provide examples on the utility of JTAG-based UEFI debug and trace on x86 platforms.
Microsoft’s Continued Advancements in the UEFI Ecosystem
Wednesday, July 15
The webinar will include a summary of Microsoft’s continued investments into the business-critical UEFI ecosystem. This will include open source tools to improve developer efficiency (allowing more time for testing), open source continuous integration and unit testing in TianoCore, and an exploration of the “Code First” model including several case studies of new Windows features built upon open source Project Mu’s EDK2-based code, tests, & documentation.
TrenchBoot and GRUB - A Quick Introduction
Tuesday, June 16
TrenchBoot is a cross-community OSS integration project for hardware-rooted, late launch integrity of open and proprietary systems. It reduces the attack surface exposed by the platform firmware. The presentation will introduce the TrenchBoot itself and later discuss how it compares to a UEFI secure boot and where it complements the secure boot. The webinar will also explore various challenges created by the UEFI environment for TrenchBoot but also for DRTM in general. Then the presentation will highlight some solutions to the discovered deficiencies discussed in the OSS community.
LinuxBoot Integration with UEFI Host Firmware
Wednesday, June 17
This webinar introduces LinuxBoot, its integration into host firmware solutions, provides current status and makes a proposal on how the UEFI firmware industry could embrace the challenges and opportunities that alternative firmware approaches introduce.
Compute Express Link (CXL): Proposed Enhancements to UEFI and ACPI Specifications
Tuesday, May 19 from 8:00 am – 8:45 am PT
Compute Express Link (CXL) is a new high-speed CPU-to-Device and CPU-to-Memory interconnect designed to accelerate next-generation data center performance. CXL is designed to be an industry open standard interface for high-speed communications, as accelerators and memory expanders are increasingly used to complement CPUs in support of emerging applications. The CXL 1.1 specification is already available, with work on future versions underway. CXL reinforces the need for standardization, with focus on technologies such as UEFI, ACPI and PCIe to provide the necessary interfaces between the firmware and the operating systems to support CXL new use cases of accelerators and memory expansion across different implementations. This presentation will first briefly introduce CXL 1.1 standard. It will then delve into the technical details of the proposed enhancements to the UEFI and ACPI specifications required for operating systems to manage CXL devices and ports in a system.
Building a System That “Just Works” – Arm Firmware Ecosystem
Wednesday, May 20
This webinar will provide an overview of the market reality of the boot system firmware on Arm systems, from servers to edge devices. It covers the range of firmware standards available for those systems, including Arm Trusted Firmware, SBBR (UEFI/ACPI), EBBR (UEFI on top of uboot), as well as LinuxBoot. The session also covers the evolution of the Arm firmware standards and the ServerReady program around UEFI and ACPI to design systems that “just work”, regardless of the segment.