Decoding UEFI Firmware: Unraveling Intricacies of System Firmware, its Ecosystem and Supply Chain

By Dick Wilkins, Tim Lewis, William Keown, Brian Mullen, Dong Wei and Vincent Zimmer 

This paper provides an overview of UEFI, explains the UEFI Forum's efforts to ensuring UEFI compliant firmware security and discusses how the UEFI Forum supports the supply chain in responding to vulnerabilities. 

UEFI Conformance Profiles: Allowing "Reduced Model" Implementations

By Dick Wilkins and Samer El-Haj-Mahmoud

This document explains a new "Conformance Profiles" capability, provided by the UEFI Specification, that will allow the creation subsets of UEFI required interfaces, along with specifics of how to communicate descriptions of those subsets to loaded software, in a standard way.

Building Secure Firmware

Published by Jiewen Yao and Vincent Zimmer

This book covers the secure implementation of various aspects of firmware, including standards-based firmware—such as support of the Trusted Computing Group (TCG), Desktop Management Task Force (DMTF), and Unified Extensible Firmware Interface (UEFI) specifications—and also provides code samples and use cases. Beyond the standards, alternate firmware implementations such as ARM Trusted Firmware and other device firmware implementations (such as platform roots of trust), are covered.

Getting A Handle on Firmware Security

The platform security industry seems to be nearing a tipping point where security will need to become a primary design consideration and industry cooperation even more necessary. This paper provides a high level look at firmware security threat areas, security tips and resources to help map a course for strengthening firmware security.

Beyond BIOS: Developing with the Unified Extensible Firmware Interface, Third Edition
Published by Vincent Zimmer, the latest edition includes:

  • An overview of UEFI and underlying Platform Initialization (PI) specifications
  • How to create UEFI applications and drivers
  • Workflow to design the firmware solution for a modern platform
  • Advanced usages of UEFI firmware for security and manageability

To learn more and purchase these materials, visit the links below.

Harnessing the UEFI Shell: Moving the Platform Beyond Dos, Second Edition
Published by Michael Rothman, Vincent Zimmer, and Tim Lewis, the second edition covers UEFI Shell 2.2, how to write shell scripts, and more. To learn more and purchase these materials, visit the links below.

Establishing the Root of Trust

UEFI Forum white paper explaining how a hardware-based root of trust can help ensure system security in the pre-OS phase.

The Chain of Trust: Keeping Computing Systems More Secure - Revised August 2019

UEFI Forum white paper explaining the Chain of Trust and its role in keeping computing systems secure

Clarifying the Ten Most Common Misconceptions About UEFI

UEFI Forum industry white paper demystifies prevalent misconceptions about UEFI technology. 

UEFI Secure Boot in Modern Computer Security Solutions - Revised August 2019

UEFI Forum published whitepaper that outlines the:

  • History and emergence of UEFI specifications
  • Advent of attacks on mobile devices
  • Application of UEFI Secure Boot as an optional feature
  • Role of UEFI specs in addressing rootkit and bootkit attacks

UEFI Drive Partition Limits Fact Sheet

Describes the limitation of Master Boot Record (MBR) Partition on systems with disk drives of greater than 2.2 Terabyte capacity and the UEFI solution for this limitation.

A Tale of Two Standards Article

Compares the evolutions of the boot firmware technology and networking solutions.

UEFI Today: Bootstrapping the Continuum

Intel Technology Journal, Volume 15, Issue 1 focused on UEFI and the impact the technology has had on platform engineering. The content architects for this edition are Vincent Zimmer and Michael Rothman.