Due to COVID-19 travel restrictions and health concerns, the Spring 2020 UEFI Plugfest was canceled. In place of the Spring Plugfest, the UEFI Virtual Plugfest will now take place online through a series of themed educational webinars presented by UEFI Forum members. The webinars will be free and open to the public. Given the success of these webinars, we will be continuing this program into 2021.
Recordings of the webinars will be available after the presentations have concluded. If you register now but are unable to attend the live presentation, you can view the presentation recording on the UEFI Forum YouTube channel after the webinar has concluded.
Past Webinars:
The Impact of Post Quantum Cryptography on UEFI BIOS
Tuesday, July 27, 2021
In order to resist the threat from quantum computers, National Institute of Standard and Technology (NIST) started the Post-Quantum Cryptography (PQC) project in 2016 and tried to define a set of new standard - quantum-resistant public-key cryptographic algorithms. Now two stateless hash-based signature (HBS) algorithms (XMSS in RFC 8391 and LMS in RFC 8554) are approved in NIST SP 800-208 for some special use case, such as digital signature verification on firmware update. The third round algorithms (9 key establishment algorithms and 6 general digital signature algorithms) are submitted. The industry is evaluating the impact of adoption of these post quantum cryptography algorithms, such as network transport layer security (TLS) protocol. And there are also projects prototyping the PQC algorithm to make the hardware and software ready for that trend, such as liboqs in open quantum safe project. The UEFI BIOS includes a set of security feature that requires the cryptography, such as secured boot, capsule update, secure recovery, HTTPS boot, measured boot, etc.
In this presentation, the speakers will introduce the impact of the PQC to the UEFI BIOS and the prototype work to adopt the PQC in the firmware area.
ACPI-Lite: Exploring a Simplified Mechanism for Abstracting Platforms with ACPI
Tuesday, July 6, 2021
This talk explores some strategies and approaches in defining a lighter-weight subset of ACPI. The end goal is to support more variance in hardware using less code, less overhead and less engineering time. The goal of the session is not to push a specific proposal, but to get the conversation started to help chart ACPI's future.
Understanding and PI Architectural Events
Tuesday, May 18, 2021
The presentation is inspired by the two new event groups introduced in UEFI 2.9 specification. It showcases the entire family of the UEFI and PI architectural events highlighting applicability and use cases of each event group. It also discusses best practices, do’s and don’ts and corner cases of event handler construction.
Best Practices for UEFI Secure Boot Customization
Thursday, April 15, 2021
UEFI Secure Boot helps provide an effective defense against boot malware, but following today’s best practices in its implementation, deployment and configurability can help it increase its effectiveness against increasingly sophisticated exploits. This webinar will address how the latest recommendations for UEFI firmware from national security organizations can be leveraged to design secure devices that are able to meet stringent national security standards.
Compute Express Link™ 2.0 Update
Tuesday, March 30, 2021
Compute Express Link™ (CXL™) is an open industry standard interconnect offering high-bandwidth, low latency connectivity between host processor and devices such as accelerators, memory buffers, and smart I/O devices. CXL 1.1 debuted in August 2019. Building on the industry success and acceptance of CXL as evidenced by the 130+ member companies with active participation, CXL Consortium announced the availability of CXL 2.0 in Nov 2020. CXL 2.0 enables additional usage models while maintaining full backward compatibility with CXL 1.1. CXL 2.0 enhances the CXL specification in many areas: CXL Switch, persistent memory, standardized Memory Device interface, Hot-plug and link security.
In this presentation, we will go over each of these areas and their implications to ACPI and UEFI interfaces as well as the UEFI Firmware Layer.
UEFI Debug with Intel Architectural Event Trace Webinar
Thursday, February 25, 2021
Architectural Event Trace (AET) is a technology on modern Intel silicon that enables processors to provide real-time event trace information. AET differs from code execution trace, which is concerned with the path a processor takes through code; AET traces interactions between individual processors in a system and other processors, the BIOS, OS, device drivers, and external peripherals. Events such as hardware interrupts, exceptions, MSR reads/writes and many others can easily be traced with modern debuggers. And especially when used in conjunction with code execution trace, AET provides additional insight into the root causes of hardware, firmware and software issues.
This webinar will provide advanced examples on the utility of AET and other debug and trace logic on Intel platforms.
Arm SystemReady and the UEFI Firmware Ecosystem
Tuesday, January 26, 2021
Arm SystemReady is a new program bringing a level of consistency across a broad range of Arm-based devices in the cloud, in the network and in high-performance IoT (HPIoT) endpoints. It includes new set of standards and a compliance certification program, with the goal of ensuring that Arm systems "Just Work" with standard off-the-shelf operating systems and hypervisors. The program is based on a set of minimum hardware and firmware requirements. Firmware standards such as UEFI, ACPI, and SMBIOS are key elements in these requirements.
This presentation will introduce the Arm SystemReady program, the Base Boot Requirements (BBR) and the Base Boot Security Requirements (BBSR) firmware specifications. The session show-cases enablement efforts for devices under this program, using open source firmware projects such as TianoCore and U-Boot. It also highlights open source firmware test suites used in SystemReady certification.
Virtual Firmware for Intel® Trust Domain Extensions
Tuesday, December 15, 2020
Intel® Trust Domain Extensions (Intel® TDX) introduce architectural elements to help deploy hardware-isolated, virtual machines (VMs) called trust domains (TDs). Intel TDX is designed to isolate VMs from the virtual-machine manager (VMM)/hypervisor and any other non-TD software on the platform to protect TDs from a broad range of software.
This presentation introduces the architecture for TDX Virtual Firmware (TDVF), and the firmware reference implementation available in open source. The talk covers how TDVF runs from the TD reset vector, records runtime measurements, manages private memory, interacts with the Intel TDX module in Secure Arbitration Mode (SEAM), and loads the operating system (OS).
Firmware Integrity Measurements and Attestation
Wednesday, October 21, 2020
In 2011, the USG National Institute of Standards and Technology (NIST) published a draft of “BIOS Integrity Measurement Guidelines” (NIST Special Publication 800-155). For various reasons, these guidelines have not been widely accepted or implemented. Last year, NIST entered a collaboration with the Trusted Computing Group (TCG) to develop specifications that could be industry accepted and TCG has started publishing drafts of these specifications. This presentation will update the UEFI Forum membership on the status of this collaboration and how it will likely affect platform firmware.
The world of UEFI is unlike OS-based software ecosystems in several aspects and the difference can be daunting to a developer who is starting to write UEFI device drivers. This talk is aimed at junior independent hardware vendor (IHV) driver developers, at BIOS developers and at Integrators.
The topics covered will include:
- Common issues encountered and how to overcome them
- Resources that proved valuable in development and maintenance:
- Continuous Integration
- Comprehensive Debugging Information
- Documentation (EDKII and Yours)
- Examples of interesting bugs encountered in the wild
The goal of this webinar is to illustrate some areas for improvement within our community and help junior driver developers overcome early difficulties.
Implementing and Using the UEFI Key Management Service (KMS)
The UEFI specification has had the Key Management Service (KMS) protocol definition since version 2.3.1 and provides services to generate, store, retrieve, and manage cryptographic keys. As normal, the specification provides just the definition for the service and the underlying implementation can vary. There are several implementation options to implement the KMS protocol. A simple implementation is to build it on top of something already in the system such as a TPM. The most practical implementation requires interfacing with a Key Management Interoperability Protocol (KMIP) Server over a secure network connection. This presentation will cover the high-level interactions between a UEFI firmware and a KMIP server to implement the UEFI KMS protocol and several real use cases of the KMS protocol in modern systems.
Best Practices for Secure Firmware Patching
Wednesday, August 19
Today firmware is ever-present, and although we understand the importance of updating firmware, there still isn't widespread adoption of best practices for updating firmware in the enterprise. Updating is critical to keeping systems safe and understandably why a firmware update plan is necessary, from both a system and device side. In this presentation, Insyde Software and Eclypsium address the topic of firmware updates and provide some best practices to add to an overall security strategy.
Enabling Rust for UEFI Firmware
Thursday, August 20
This webinar will introduce work in progress to enable Rust, a modern language designed for memory safe operations, in EDK II. The session will also include use cases for Rust in EDK II, advantages of Rust when applied to firmware components, limitations in firmware environments and the types of issues that can be avoided by using a memory safe language in EDK II. Memory safety issues contributed to approximately 70% of recent security issues in software. In firmware, over 50% of reported issues in EDK II open source are related to memory safety.
JTAG-Based UEFI Debug and Trace
Tuesday, July 14
The IEEE Joint Test Action Group (JTAG) standards define debug, test and hardware validation technologies that are ingrained within much of today’s commercial silicon. In particular, platform debug is enabled by JTAG-based run-control (for example: halt, go, set breakpoint, single-step) and trace (for example: instruction trace, real-time UEFI “tool-hosted printf” message trace). On many systems, JTAG-based debugging is typically available from the very first instruction after CPU reset, allowing it to assist with development of early boot software that runs before any device or bus is initialized.
This presentation will provide examples on the utility of JTAG-based UEFI debug and trace on x86 platforms.
Microsoft’s Continued Advancements in the UEFI Ecosystem
Wednesday, July 15
The webinar will include a summary of Microsoft’s continued investments into the business-critical UEFI ecosystem. This will include open source tools to improve developer efficiency (allowing more time for testing), open source continuous integration and unit testing in TianoCore, and an exploration of the “Code First” model including several case studies of new Windows features built upon open source Project Mu’s EDK2-based code, tests, & documentation.
TrenchBoot and GRUB - A Quick Introduction
Tuesday, June 16
TrenchBoot is a cross-community OSS integration project for hardware-rooted, late launch integrity of open and proprietary systems. It reduces the attack surface exposed by the platform firmware. The presentation will introduce the TrenchBoot itself and later discuss how it compares to a UEFI secure boot and where it complements the secure boot. The webinar will also explore various challenges created by the UEFI environment for TrenchBoot but also for DRTM in general. Then the presentation will highlight some solutions to the discovered deficiencies discussed in the OSS community.
LinuxBoot Integration with UEFI Host Firmware
Wednesday, June 17
This webinar introduces LinuxBoot, its integration into host firmware solutions, provides current status and makes a proposal on how the UEFI firmware industry could embrace the challenges and opportunities that alternative firmware approaches introduce.
Compute Express Link (CXL): Proposed Enhancements to UEFI and ACPI Specifications
Tuesday, May 19 from 8:00 am – 8:45 am PT
Compute Express Link (CXL) is a new high-speed CPU-to-Device and CPU-to-Memory interconnect designed to accelerate next-generation data center performance. CXL is designed to be an industry open standard interface for high-speed communications, as accelerators and memory expanders are increasingly used to complement CPUs in support of emerging applications. The CXL 1.1 specification is already available, with work on future versions underway. CXL reinforces the need for standardization, with focus on technologies such as UEFI, ACPI and PCIe to provide the necessary interfaces between the firmware and the operating systems to support CXL new use cases of accelerators and memory expansion across different implementations. This presentation will first briefly introduce CXL 1.1 standard. It will then delve into the technical details of the proposed enhancements to the UEFI and ACPI specifications required for operating systems to manage CXL devices and ports in a system.
Building a System That “Just Works” – Arm Firmware Ecosystem
Wednesday, May 20
This webinar will provide an overview of the market reality of the boot system firmware on Arm systems, from servers to edge devices. It covers the range of firmware standards available for those systems, including Arm Trusted Firmware, SBBR (UEFI/ACPI), EBBR (UEFI on top of uboot), as well as LinuxBoot. The session also covers the evolution of the Arm firmware standards and the ServerReady program around UEFI and ACPI to design systems that “just work”, regardless of the segment.