Part 1: Overview
Chapter 1: Introduction Security
Threat Model
Design
Validation
Chapter 2: Introduction Host Firmware
Industry Standard
Boot Flow / Phase hand-off
Minimal Firmware Requirement
Hardware ROT
CPU/silicon init
PCI resource allocation.
prepare platform info (memmap/ACPI) Jump to OS.
Runtime Interface (SMM, UEFI Runtime, ASL)
General Principle - Protect / Detect / Recovery
Part 2: Boot Security
Chapter 3: Firmware Resilience - Protection
Flash Lock
Flash Wear out
Capsule Flow (*)
Signed Update
Chapter 4: Firmware Resilience - Detection
Boot Flow (*)
Intel Boot Guard
OBB Verification
UEFI Secure Boot
Local
Remote
TXT- SX
(coreboot)
Chapter 5: Firmware Resilience - Recovery
Recovery Flow (*)
Signed Recovery
Top Swap
Rollback, SVNs
Chapter 6: OS/Loader Resilience
Platform Recovery
OS Recovery
(Android Verified Boot)
Chapter 7: Trusted Boot
Measured Boot Flow (*)
SRTM (Boot Guard)
DRTM (TXT)
TPM1.2/2.0
Physical Presence
MOR / Secure MOR
Chapter 8: Authentication
User Authentication
HDD Password
OPAL Password
Chapter 9: S3 resume
S3 resume flow (*)
LockBox
Chapter 10: Device Security
PCI Bus (*)
DMA protection
Device Measurement
Device Authentication
Device firmware update
Chapter 11: Silicon Security Configuration
Flash SPI lock
SMM Lock
BAR Lock
Chapter: Supply Chain (Vincent)
OEM/ODM/BIOS vendor/IHV
Open source
Fingerprinting
Manufacturing flow to shipment
Part 3: Data Security
Chapter 12: UEFI Kernel
DXE/PEI Core (*)
Heap Guard
Stack Guard
NX protection
Enclave
Chapter 13: Management Mode SMM Core (*)
SMM Communication (*)
StandaloneMM (*)
MMIO Protection
Secure SMM Communication
Intel Runtime Resilience
STM (SMI Transfer Monitor)
Chapter: UEFI Variable (Vincent)
Authentication
Variable Lock
Variable Check
Variable Quota Management
Confidentiality
Integrity and Rollback
TPM Binding
RPMB
RPMC
Part 4: Miscellaneous
Chapter 14: General Coding Practice
Buffer Overflow
Banned API
Integer Overflow
SafeInt lib
Chapter: Cryptograph (Vincent)
Hash usage in firmware
Encryption usage in firmware
Signing & verification usage in firmware
Chapter 15: Compiler Defensive Technology
Stack Cookie
Non-Executable
Address Space Randomization
Control Flow Integrity (CFI) / Control Flow Enforcement (CET)
Runtime Check (stack/un-initialized data/integer overflow)
Chapter: Race Condition (Vincent)
BSP/AP handling in UEFI
BSP/AP handling in SMM
TOC/TOU
Chapter 16: Information Leak
Side Channel
MDS
SMM
Chapter 17: Programming Language C Language
Rust Language
Part: Security Test
Chapter 18: HBFA
About the Author: Jiewen Yao is a principal engineer in the Intel Architecture, Graphics, and Software Group. He has been engaged as a firmware developer for over 15 years. He is a member of the UEFI Security sub team, and the TCG PC Client sub working group. He has presented at industry events such as the Intel Developer Forum, UEFI Plugfest, and RSA conference. He worked with co-author Vincent Zimmer to publish 30 "A Tour Beyond BIOS" technical papers for tianocore.org and firmware.intel.com. He holds 40 US patents.
Vincent Zimmer is a senior principal engineer in the Intel Architecture, Graphics, and Software Group. He has been engaged as a firmware developer for over 25 years and leads the UEFI Security sub team. He has presented at industry events such as the Open Source Firmware Conference, Linux Fest Northwest, Intel Developer Forum, UEFI Plugfest, Open Compute Project Summit, BlackHat Las Vegas, BSides Seattle, Toorcon, and Cansecwest. In addition to collaborating with Jiewen Yao on many white papers, he has co-authored several books on firmware, papers, and over 400 issued US patents.
