Friday, November 29, 2024

Turbulent weather, books, and new jobs

Weather issues have impacted the region recently. The power at my home was out for a few days but I was able to reach the office. While there I recall one conversation from a colleague "Power outages in India, not just this long." A similar sentiment was express by a Brazilian co-worker. I suppose the outage reflects the pleasure and peril of the Pacific Northwest with its significant old growth and above-ground power lines. One challenge this offered was having to take a 4am PST call from  the office to deliver a talk to an open source firmware event in Germany at

Part of my Franken-prezo can be seen below. It was pieced together from old public slides spanning CanSecWest '15 in Vancouver BC through Hacker-to-Hacker circa late '23 in São Paulo, Brazil, viz., 

Recently a local university asked me to give their students a talk on BIOS. I agreed on the conditions that it wasn't at 4am PST and that it was in-person. If they had asked last week I would have added the additional proviso of not occurring during a post wind-pocalypse power outage :)

Given this is a blog that purports to cover musings on firmware and UEFI, I figured that I'd note that recent event.

Speaking of firmware, before this talk and continuing in the spirit of this blog's theme there was an Intel blog posting related to the Open Computing Project Summit recently about open source server host firmware 

Postings like this and recent work by 9e mentioned in are always nice to see as they describe work with provides community choice and offers additional insight into how this class of platform is built. In addition, this work potentially heightens awareness of the circular economy.

This above-cited blog post-dated my time at Intel and pre-dated my time

As I mentioned in, I felt a bit nervous about retiring when everyone was telling me that I was 'too young.' As such, I cut my retirement a bit short and recently joined a new tech company

(ID# blinded in picture).

The Microsoft experience has been pretty interesting so far. The old and new commute only differ by a small distance shown below. In fact I had taken that trek a few times in the past, both walking during the summer months and driving during the rainy days when collaborating with Microsoft as an Intel employee.

And the Microsoft campus here in Redmond, WA is sprawling. I initially found myself using a maps application on my phone to navigate both walking through and driving across the campus. To my delight, one location I found was a physical library in Microsoft building 92. Real books, not epubs and mobis and pdfs and html renderings.....! And to my surprise there were a couple of familiar titles on the shelves, including a couple of host firmware texts - and

And now the latter has been YouTube-ized

When I related this library finding to former Intel colleague (now an eng at AMD?) he shared a snapshot of the books on his home office desktop, including

Speaking of firmware books, Jiming Sun's presentation  on firmware requirements from a CSP provided a unique perspective.

He also mentioned at the 11:10 minute mark some background on FSP and the embedded firmware book, too. Therein he noted the popularity of the book by way of the site

#1 firmware book? Fascinating metric. I'm not sure about the dataset used to generate that ranking. Although now at Amazon AWS, Jiming was a good collaborator during our joint tenure at Intel. 

On the topic of books, on the Weds workday ahead of the T-day holiday I found another surprise when a coworker dropped by my touchdown/temporary office with one of the firmware books in hand

I like books. And doors on offices are another fascinating phenomena after several decades of largely living in a cubicle. 

Moving beyond the topic of books and continuing with co-workers theme, I see that another former Intel co-worker has left the blue building (Inside Blue to Outside Blue, departed the Blue Planet, gone from being an In-tel to an Out-tel?) is the other half of the 300-issued-patents duo of 2014 who has a new opportunity

I guess the lure of the 'enhanced retirement package' of September drew him out, too? Maybe it was the new job title and mission which both sound pretty cool.

Speaking of retirement, or now post-retirement, since landing at MS I've tried to look up some former collaborators like mentioned in but noticed that he's been gone for some time. During this inquiry I observed an interesting aspect of his profile that includes a mention of our joint work, viz., "Co-invented UEFI secure boot with Vincent Zimmer of Intel. UEFI boot vulnerabilities were identified by a novel information flow modeling technique. "

I don't recall ever showing up in someone's LI experience listing. Interesting.

Although I started the blog grousing about weather maladies I really cannot complain so much. Another "Vincent Zimmer" has had it much worse recently it appears.

On the flip side, when I was leaving Intel, there was a session where the team was queried about what folks thought the imminent retirees would do post-Intel. One suggestion for me was a future as a patent attorney, and another suggestion was that I'd give a Ted Talk. On the latter suggestion it looks like another "Vincent Zimmer" beat me to the punch I think that disqualifies me for a future Ted Talk - speaker name hash collision rule :) 

On the topic of the former suggestion of going back to school in the above-listed bon voyage meeting, I attended a Saturday conference on the Racket programming language during my retirement windows between Intel and MS. During the lunch break-out at UW Kane Hall I expressed my interest in pursuing more formal graduate education when the PhD candidate to my left mentioned "yes, I'm in year 10 of my PHD program. I had to switch advisors and topics." Hmm. Given those types of statistics it would be a foot race between a PHD and Medicare eligibility for me. There were some interesting talks at the conference, though, including a keynote from the SICP authors

I really enjoyed their first-person view of technology and personal journies therein.

And the conference shared other other bon mots on programming.  Some may think Racket (and functional programming languages like Lisp in general) is so far from mainstream languages that there is little value in delving into these alt-langs, but I'm always surprised at the cross over of ideas from one language community to another or how a clean, pedagogic language can clarify your thinking on a subject.

Maybe I'll just continue the auto-didactic path and see if I can audit some uni courses of interest? I still remember Richard Ladner's late 1990's wisdom during my UW CS algorithms course - "What I teach you this quarter will become irrelevant soon, but what I can impart to you all is to teach you how to teach yourself and learn on your own." One of these AI sessions reminded me of this spirit in the slide below.

Speaking of gifts that keep on giving.....

Of course even Racket conference touched on AI, mostly via a spoof of LLMs by one UBC prof. 

On a more serious approach to AI, though, I did attend a few IEEE-sponsored IEEE AI events on the UW campus and in Seattle, too. 

I have to confess that the half-dozen LLM and AI texts & papers on my desk didn't receive as much, er, 'attention' (pun intended, as I'd like to have applied during the 4 week retirement.

So this is nice symmetry. The blog opened with describing a talk to university students and ended with some wistful higher education sentiments. Not quite Finnegans' Wake of the first and last sentence running together, but good enough for JIT blog-writing I suppose.

I am still holding out using copilot or gemini or chatgpt or locally phi/llama/qwen/.... by way of ollama to create and/or polish these postings. I guess I like to maintain the raw, natural intelligence (or natural obtuseness) feel versus the polished AI-driven edits/creation.  I am curious about other's thoughts on the topic. Maybe I'm just another John Henry versus the machine on this one....But in other activities these tools are amazing....Maybe just for this blog I've leave them out and keep it's artisanal feel :)

And so much for a November posting. Churn in the weather and the tech employment scene seem to be the themes of this posting.  

Tuesday, September 24, 2024

Reflecting on my time at a tech company (aka 'Retiring from Intel')

I've queued up some blog drafts over the last couple of months but I haven't been able to generate the energy to finish them. They just didn't seem to have enough bulk to them.

So why posting now and with this 'new' content?  

Well, I want to share that I have elected to retire from Intel after 27.5 years. My last day will be September 30. While I'm moving on to the next chapter of life, I'll always cherish the time I spent at Intel. 

And in fact it is with no small amount of temerity I write this message, especially after receiving so many soulful and impactful farewell messages recently from Intel colleagues also opting into this retirement package.  I'm somewhat 'late' in penning my message, I'm afraid (at this point in time I haven't sent out the broad bcc'd "I'm leaving" email).  And then there's my all-time favorite parting message I captured from Sham at the end of the posting that I could never hope to emulate. 

But emulate I won't. In fact, I'll write this as I do most of my postings, sort of a rambling message to myself; on this sentiment I'm apparently not alone given quote of another 1.5 decade blogger "I keep this blog for me to write, not necessarily for others to read." For this particular post I couldn't figure out where to insert a 'TL;DR' since I sometimes think that could be the title or theme of this whole blog series :) I only regret that I won't have a reason to author a successor to

So for more of the TL 'too long," rewind the clock 32.5 years to my first five years post-undergrad in industry prior to Intel.  In those early days of 1992 back in Houston I was introduced to BIOS and embedded firmware development using Intel technology, from the i8051 through i80186 … and culminating with the P6. Beyond the data sheets, I also immersed myself deeply in Intel driven specifications like PCI and I2O (although forgotten by PCI SIG and, many still live on at These experiences ranged from poring over the black cover data public tomes of data books to the yellow-cover NDA documents, while continually being intrigued by what was happening at Intel via reading reports on the company in print periodicals like EE Times; this was the early 90’s prior to the internet going big.

Who knows? Maybe some of the work I contributed to at Intel, whether papers or books or specifications such as mentioned in, might end up at bitsavers some day, say Beyond BIOS will have a URL like the RMX book

Given my early exposure to Intel, imagine my delight in getting recruited by Intel to lead the development of Itanium firmware for the Merced CPU in late 1996 and joining the Intel High-End Server Division (HESD) in February 1997 in DuPont WA. The Intel recruiter told me that I could ‘go to Hillsboro for Xeon or Dupont for Itanium.’ I wasn’t familiar w/ any place in the PNW so the obvious choice was to join the Intel 64-bit wave! Prior to joining Intel, I still recall my Compaq manager saying when I served notice “I guess you’re going to Portland Oregon” when in fact I was heading to Washington state. Commencing in ’97 I was now part of the mission to help create the technology behind those great products and standards I’d admired so much.  

Since then, I truly realized the saying of Steve Jobs 'The only way to do great work is to love what you do,' and I've truly loved working alongside such talented and dedicated individuals in this work. That was the missing link from my pre-Intel days, namely the broad experience with Intel employees.

Speaking of people and technology and standards, now more than half my life, or these last 27.5 years at Intel, have more than exceeded my hopes, but it’s the people with whom I’ve collaborated, learned, and grown I appreciate the most.  Thank you all for creating a positive and inspiring work environment. From co-creators of the SAL+NuBiOS & SAL+AMI ‘Salami’ firmware for Merced in HESD, the Workstation Product Group (WPG) Kittyhawk native C code that booted Intel P3 on 840 Rambus and Merced 460GX w/ either the AMI 630 ‘furball’ or the EFI sample as the late-stage payloads. Then off to Microcomputer Software Lab (MSL) in MD6 to work on the hit series of scaling EFI from 0.92 to today’s UEFI 2.11, along with “Tiano” that yielded EDK->EDKII and the Intel Platform innovation Framework for the Extensible Firmware Interface (e.g., “Framework”) specifications that have become the UEFI Platform Initialization (PI) specifications of today. This latter work spanned orgs from MSL to EPG to SEG to SSG to SATG to DEG to my final home here in CCG. I guess the only platform group I missed was embedded, although I enjoyed collaborating with those folks from ACSFL in the late 90’s to today’s slim bootloader.

I suppose I can date the badges by BDE or ADE ('Before drop-e' or 'After drop-e')

It’s open source platform code like slim bootloader, coreboot, and EDKII features/platforms that have occupied the last 10 years of scaling the Firmware Support Package (FSP), ….. along with the primary mission of FSP to have a clear business boundary between Intel owned versus customer codes. With this last decade also including contributing to NIST 800-193 platform firmware resiliency and recovery.  And and and ….

...and booting.  Measured boot, UEFI Secure boot, ipv6 boot/netboot6, HTTP boot, boot-from-Wifi.....Sometimes I'd use 'booting from a sneaker' as a variant of the Toaster or Fabrikam sort of pedagogic fake device, but given Bluetooth and smart accessories/shoes I suspect this one will fall into the 'life imitates art.'

And I could take a whole detour on security and friends long past. Someone said I was the final member of the below bench to exit. John of PSIRT, Yuriy of threat research, Kirk of all-things-SMM security, ... Zimmer as the UEFI security guy. I still recall a colleague saying 'bring boxes of the Intel Press Beyond BIOS and Shell books. The visitors will love them.' Given the muscle ache from both lugging them down to Portland and back to Seattle I couldn't help but think of the Harold Ramis quote in Ghostbusters that 'print is dead.'  Even those many years ago no one wanted those bulky dead-tree texts.

Beyond the tech milestones, I still recall a few words of wisdom from a now-retired colleague. One was ‘the best architecture is sometimes knowing what to leave out’ (I heard it but didn’t necessarily always practice it) and the other was ‘I don’t know why people don’t get it, but BIOS can be a great career.’  And a great Intel career it has been. Another was ‘the higher leadership ascends you’ll find the more impactful decisions they have to make with successively less information.’  So my take away is that you should take it easy on the bosses, especially in tough times.

And there is my 3-tuple of advice I sometimes give others and myself:  ‘business first, team second, and career third.’  To me this means focus on the business priorities first, even if they transcend your team’s charter. Next help develop and foster a strong team environment for the mission to collaborate on these business challenges.  And a distant third is your career.  I don’t mean to imply career growth is unimportant but more that if you focus on the business priorities and the team, a well-managed company will acknowledge your efforts.  

Also, observe where the interesting problems are being worked and good team cultures exist. Given that insight, when given the opportunity to engage in such focus areas and collaborators it may help your career long term.  And 'keep learning.' This may sound a bit strange coming from me since a boss recently said ‘...and if you don’t want to keep learning then just “retire”.  I personally hope to do both, but the exhortation to 'keep learning' is golden irrespective of one's employer or employment state or age or.....

And given this is a wrap-up sort of blog, I've probably repeated a few themes mentioned before. Some are quite important, though, such as 'it's the people that matter.' Projects and tech come and go. The people are the key invariant of value. For example, sometimes folks think I get excited by books and patents, but it's the co-authors and co-inventors that thrill me. I may forget a book chapter or set of independent claims, but I'll never forget the rich set of colleagues with whom I toiled shoulder-to-shoulder on these endeavors. And these endeavors match my triad of biz/team/career in that they were all done to help further a business strategy, secondarily they entailed team collaboration (sometimes co-authors outside of team or company), and at the end of the day, they may have helped (or hindered) my career arc. As long as I hit #1 and #2, though, I'm at peace.

Other wisdom? Don't bash other technology. I still regret writing 

twenty years ago in You win by being good, not by belittling the competition. And the fact that the PC industry for 20+ years had shipped on this 'monolithic', 'space constrained' BIOS rebutted my argument And to be honest, Tiano in 2004 wasn't the exemplar of software quality and stability.

I find a kindred soul in Prof G's advice that 'work life balance is a myth' but the part I perhaps erred on is ignoring the qualifier 'when you are young.' I have kept this unbalance through 3+ decades :) But it has been a great trip and I can see doing more when there are opportunities to dent some more

I not sure what the next phase of the journey will be, but I couldn't help but laugh when reading this cartoon from the New Yorker recently. I sort of put my own spin on it, although some may say it reads well in its original.

And I sure have quite a reading backlog to attack (see background of posts like 

Regarding timing of this event, my Fidelity advisor said 'you can retire but there is the risk of you getting bored.' And a retiring Intel security Fellow opined 'you are too young to retire.' In retrospect I realize that I may be a bit junior to many of the 'retirement' cohort I see exiting since I dove head-first into tech w/o MS+PhD or military or al hang-time. But given the exponential arcs of so much happening in tech and the richness of the world, I suspect I can find many a palliative to the specter of boredom (more 'dent' opportunities - see above).

Speaking of 'fellow,' that was definitely a milestone I had hoped to achieve in my quarter-century tenure at Intel. I try not to be sour grapes and think of the externally-hired-in fellows who only had to align with Professor Galloway's 'it's easy to fall in love with someone for an hour' when comparing external versus internal promotions. Instead I'd say Intel offered many open doors for me and perhaps I simply stumbled into the door jam? It was never aspiring toward the fellow role just for the sake of the title. Instead, I view achieving a fellow promotion as both an acknowledgement of the observed fellow-level impact plus the ability to have more insight into and ability to help advise the business (i.e., a bigger platform to help make those 'dents in the universe').

Regarding that out-of-reach cohort, I did have a chance to leave a small mark for system software next to the Fellows and Senior Fellows, as chronicled in and Recall the century-milestones I related of:


If not fellow, I have at least tried to level up to my 'Senior' taxonomy this year, though, by applying for senior member status of the ACM 

and the IEEE, respectively

I just made it into 'senior member' under the 30 year milestone of my time with IEEE, for example. So I'm exiting this tech company as a pure-play 'senior' (e.g., Intel Sr. PE, Sr. member ACM, Sr. member IEEE), it seems. What's next on the 'senior' theme?  More senior moments undoubtedly, sliding into senior citizen-hood, ....?

So now to prepare for the next months. One colleague who left from another tech company years ago into Intel told me it took him 2 years to get over leaving his last shop. And another colleague who left Intel for a FAANG company a couple of years ago told me that you fade away quickly from people's memories at Intel, easily within 2 years (2 mos., 2 days, 2 hrs?). So I guess the overlap is 'getting over' job.last and being forgotten by colleagues.last :)

Time.  Time.  As I sit on 12 weeks of accumulated sabbatical (closing in on 16) & a vacation free recent couple of years, I suppose the universe with this 'enhanced retirement package' has finally figured out a way to make me close my Intel laptop lid. And close it I shall. 

In closing, my personal tell is that once I’m done with the meat of a conversation I start philosophizing too much.  And on that note it’s time to end this conversation since my philosophizing has eaten the word budget on this post more than usual.

Thank you all and good-bye,


PS if you ever need to contact me, my info is at the top of

Sunday, June 30, 2024


500k.  An interesting milestone. This figure comes from the Springer-Verlag site I was asked by a colleague how many of the free Kindle copies have been downloaded from Amazon and I didn't have any idea.  Probably a multiple of this number given the paucity of free books in this category?

Either way, the milestone generates a few thoughts. One is a reminder writing technical books isn't about generating large incomes from their sales. A recent Hacker news thread and its associated article are a reminder of this.

"My motivation for writing the book was never the money, and I've generally treated the royalties as a nice bonus. I started writing because I cared a lot about the technology, and I wanted to share it with other people. Writing the book was my way of contributing something to a community that I'd benefited from a lot in my career." 

Another memory includes a dual perspective to the 'open platform blog', namely the binary dimension. If you recall from that posting I cite the open source presentation that included the line "Minimize IP components in binary like Intel FSP." So the FSP evolution was always the binary portion of having the open platform code based full solution. A rough roadmap of this work leading up to 2022 can be found in

As a refresher, in 2014 we were faced with how to support platform code of both coreboot and EDKII-ilk The proposal of the multi-division working group I started then included the approach show in

The IOT division (now NEX) was already leaning in to using FSP but they mixed the SOC specific details and the API. One of the first things we did was to split out the interface from the SOC-specific implementation. This led to the series of FSP External Architecture Specifications (EAS) found at and the 'integration guides' found on, such as

As part of the journey of making community based development less difficult, I was able to clean up the license of the FSP from a 10-page click-through to a simple one based upon the microcode license

With FSP2.0 we introduced the FSP-T, FSP-M, and FSP-S to support the non-memory mapped boot map of Apollo Lake (a topology described in, and 2.1 introduced dispatch mode for easier integration in a native EDKII environment. The original way to interface with the Intel FSP used by coreboot and slim bootloader is called API mode.

All along the way the FSP's themselves were based upon a mixture of closed source EDKII style silicon code and open source EDKII infrastructure, as exemplified by the

So you will see that the timeline above from the 2022 book stops with FSP2.3.  Since then we dropped the FSP 2.4 specification. 2.4 was a pretty radical change to FSP that added things like 64-bit support, SMM encapsulation, cooperative state storage, and additional multi-phase. These FSP changes were part of the broader Universal Scalable Firmware (USF) effort  

USF was for a while called 'SubZero' to compose as part of the larger oneAPI effort publicly discussed by Raja at 

(BTW - this hierarchy also explains the challenges in writing a firmware technical book)

Idea was to have a 'sub zero' or 'level -1' as distinct form the level 0 device driver work of oneAPI

The USF stack entailed breaking up the specific concerns of SOC, platform, and boot technology, as shown in figure And unlike the 2014 IDF presentation that just showed FSP supporting coreboot and EDKII, USF vied to support additional platform code technologies, such as and even the pure-Rust based, at least until the latter removed their FSP support in order to keep the project based purely on open sources.

This narrative isn't just my perspective. J. Zhang from Meta had written the following 


It's interesting that parties outside of my company use 'OSF' (i.e., Open Source Firmware) acronym a lot that I'm sometimes surprised in that I rarely if ever hear the term within the corporate walls. 

To me the important part of doing USF was the openness, including POC's and specification drafts at For example, we fabricated the FSP 2.4 changes for 64-bit at, YAML-based configuration (versus bespoke BSF), SMM encapsulation in FSP (originally inspired by, and a 'bootable FSP' or FSP@Reset or 'FSP-R'

During the early days of FSP we didn't just document the platform code usage to 'consume' the FSP but we also explicated how to 'produce' and FSP (i.e., the type of recipe used in the FSP QEMU instances above) 

And now in 2024 the bottom 3 of the collaborators are at Microsoft. Quite the change over time.

Additional information on USF can be found at, and

We even described about how to have shareable C code, the predominate language of EDKII, coreboot, and slim bootloader, with Rust

Speaking of Rust, the recently published on MS  Rust support generated a few questions to me recently. I’m a fan of moving firmware into Rust in addition to other defense in depth (isolation, ISA mitigations, etc). We did an initial integration of Rust into EDKII 5 years ago described in  and  We also provided guidance on Rust for firmware in one of our book chapters

There is also the camp of using 'modern C++' as another memory safe language like Rust for systems programming. I'm open to smart pointers and other idioms of those applied to firmware, but the same issue of the 'unsafe UEFI protocols' with their raw pointers will have the safety scoped to only the interior of PEIMs, DXE drivers, UEFI drivers, and UEFI applications, respectively. 

The tianocore community ended up not pushing the Rust work into EDKII upstream for various reasons (people/value/feedback), including no one wanting to invest in the EDKII build system and drive an integration like this. Later work with Google Summer of Code yielded getting the UEFI Rust Crate up streamed This allows for building stand-alone .efi images with this crate and including the resultant binary into EDKII full firmware integration.  This latter approach allows community to leverage the goodness of the Rust ecosystem that is vibrant/supported/growing – Cargo, libraries of crates, auto test and doc generation, etc – and avoid some of the vagaries of the EDKII native build system.

In addition to the API changes, the provenance of firmware was a design point. As such, we created the specification to describe how how to create manifests and measurements for the FSP and do the corresponding work for the Universal Payload (UPL) UPL is another aspect of the USF work that provides interoperability between how to boot, whether a UEFI style boot with the EDKII payload package, LinuxBoot, or an embedded hypervisor or RTOS. This type of layering for a very diffuse supply chain is akin to attempts like Just as the Android userland should be platform independent, there is a similar demarcation in UEFI where the bulk of the DXE drivers for UEFI compatibility is platform independent, with the same argument holding for a more generic Linux kernel for LinuxBoot

Speaking of FSP 2.4, in postings the 64-bit work gets a call-out from Google in It still feels like yesterday when I coded up the first PEI code code to transition to a 64-bit DXE from a 32-bit PEIM 20 years ago. Given our small amount of cache-as-RAM at the time it seemed otherworldly to imagine moving both PEI and DXE to 64-bit at that time, so we opted for the 32-bit PEIM and 64-bit DXE we have had up to today. I also recall looking at the sample code of the AMD64 data book at the time to inspire some of this machine transition code creation. 

Although most of the posted FSP's are client and microserver at

big core Xeon is joining the list. 

Specifically the use of FSP for Xeon gets mention in and has made progress with and associated open source platform code at, including the Eagle Stream mentioned above and the upcoming GNR The spr coreboot workflow has a nice overview at, too.

AMD has been working on open sourcing coreboot code for their Epyc servers, with that leverages the libraries (sort of like an open source variant of Intel's FSP-S code) and binaries posted

Open source platform code is interesting. It may offer sustainability options, such as creating your own firmware for a decommissioned server board, or one for which ownership has been transferred. The concept of ownership transfer can be found in work at the OCP This type of sentiment of part of the circular economy thinking.

Speaking of servers, I joined Intel to lead the 64-bit Merced firmware. We launched EFI on that platform but built upon SAL and PC/AT BIOS. Afterward when Tiano and the Framework-based EDK code was developed for a full platform initialization, I was asked to lead getting the first IA32 Xeon product to adopt the technology. It was the Blackford chipset-based platform. There was immense push-back from the internal teams to EDK and EFI in general. Originally we thought servers would embrace EFI for use-cases like provisioning, etc., but it turned out servers were the most conservative product category at often last to change.

If you made it this far I apologize. This is the type of blog you get when I camel up a lot of thoughts and don't commit to a final draft, I suppose, for some months. And to continue the meandering, one other sentiment that the above history of crafting firmware specifications reminds me of is how informal, semi-formal, and formal techniques can be applied to this domain going forward. I was reminded of this imperative by the quotation:

"If you’re a software engineer, especially one working on large-scale systems, distributed systems, or critical low-level system, and are not using formal methods as part of your approach, you’re probably wasting time and money. Because, ultimately, engineering is an exercise in optimizing for time and money1."  

I often tell folks that engineers are like applied economists.  Sufficient outcome for the lowest cost. This a another trope along with my 'business/team/career' hierarchy of importance I often quote.

And speaking of another Seattle data point beyond Amazon's Brooker quotation above, I am sad to see that the computer history museum I mentioned 6 years ago is going away UW hosted an event at the museum after Allen's donation ended up renaming the school in his name. Sadly he passed away a few months later. With the following COVID and settling of his estate, it appears that the museum is a victim of the times.

On a brighter note, I was happy to see another local, Microsoft's Dave Thaler

appear in the eBPF documentary I worked with Dave in the late 2000's on evolving UEFI network boot to IPV6  He looks largely the same as when we were drafting the RFC in his MSFT office or co-presenting at some IETF session. I wish I could say the same about myself. And of course the other notable figure from that documentary who now works at Intel and with whom I had the chance to collaborate

is the compute performance guru Brendan Gregg Given his office in Australia I am dubious about f2f co-work opportunities, though, as I had with Dave.

Well, enough for June. Here's looking forward to some thoughts in the upcoming months.

I still need to reconcile my usage of other sites versus blogger. I snapped a couple of conversations since I think the free/community version of Slack removes content after some time window (90 days?).

Specifically, here are some responses I posted on the OSFC slack channel in response to queries, viz.,

I can understand your confusion.  The answer is mostly #3.Per your question - the typical model is for a hardware root of trust (Intel BtG, AMD PSP, etc) to verify the firmware volume w/ SEC+ PEI code, or "Initial Boot Block" (IBB) via a hash comparison.  Then the IBB code has a library to do verification of the OBB via another hash comparison via code like  The OBB is another firmware volume.  The OBB contains DXE and the UEFI Secure boot logic.  The code in the OBB then validates 3rd party UEFI drivers in option ROMs and UEFI images on disk or network via assymetric crypto verification of the Authenticode-based signed PE's.  You can see all of this put together in
The UEFI Spec and its 'Secure boot' (really a mistake made by some folks marketing windows.  The 'secure boot' section was about network auth protocol and the pe/coff signing really didn't get read in until  In general it was a booboo to even call 32.1 'secure', but that's a sin of decades past now.Also, I originally hoped to do per PEIM and per DXE validation as noted 20 years ago in[…]atform_Firmware_Beyond_BIOS_and_Across_all_Intel_R_Silicon with sentence "The Framework and EFI drivers may optionally be
cryptographically validated before use to ensure that a chain of trust exists from power-on until the OS boots and
beyond."  Framework was the name of PI specs before they were donated/std'ized in UEFI Forum as the Platform Initialization (PI) specs.  The thinking was PEIM and DXE binaries could be sourced from different vendors, whereas today most people build their PEI and DXE from source.  It's the UEFI drivers and Apps that are ingested as 3rd party binaries given the different between OEM's (PI code), IHV's (adapter card UEFI drivers), and OSV's (OS loaders) in the supply chain.

The UEFI PI spec defines a dependency expression (depex) section in the firmware file or a PEIM or DXE driver that has an RPN encoding of the ppi or protocol consumed by a module.  The PEI and DXE cores use the depex to see if the required PPI's or Protocols have been published prior to dispatching a PEIM or DXE driver.That's the standards side.  On the code side, the EDKII implementation .inf consumes and produces are not used to generate the dependency expression. The .inf file for a given module has the expression under the '[Depex]' portion of the file[depex]_section.html#215-depex-section.  These are manually created since the developer can conditionally depend upon other ppis/protocols (imagine control flow based upon some platform state such as a GPIO asserted that tells code whether or not to invoke some 'recovery' PPI/protocol).  That's why you see things like "SOMETIMES_CONSUMES" in files like