Thursday, December 22, 2011

Windows 8 Hardware Certification Requirements

Check out the document windows8-hardware-cert-requirements-system.pdf, which can be downloaded from http://msdn.microsoft.com/library/windows/hardware/hh748188. The platform builders often refer to these as 'logo requirements.'

The document includes details on UEFI network boot on IPV4 and IPV6 under System.Fundamentals.PXE.PXEBoot, along with more information on implementing UEFI secure boot under System.Fundamentals.Firmware.UEFISecureBoot and measured boot under System.Fundamentals.TrustedPlatformModule.TPMRequirements.

The matter includes guidance that complements the UEFI2.3.1a specification, IETF RFC's (such as RFC5970 on IPV6 network boot), and other industry standards, for purposes of describing how to build a UEFI platform for this class of operating system.

Tuesday, December 13, 2011

Random notes

After so many years, it is good to see so much activity around UEFI Secure Boot and the proposed usage of this capability in upcoming operating systems. The UEFI Forum www.uefi.org has been working on refining this capability since the publication of the UEFI 2.0 specification in 2006, culminating in its present form in the UEFI 2.3.1a specification published this year.

I introduced the concept of a UEFI-based Root of Trust for Verification / Enforcement (RTV/RTE) in the 2007 paper Platform Trust Beyond BIOS Using the Unified Extensible Firmware Interface http://dblp.uni-trier.de/rec/bibtex/conf/csreaSAM/Zimmer07. As I concluded in that paper:

This paper has shown that the future of extensible platform firmware beyond BIOS holds many perils and opportunities. The perils include the new ability to have extensible code loading in the pre-operating system regime, but the opportunities include the use of measured and secure boot to harden the platform and authorize code loading. And in a world of ever-more-secure operating systems, the pre-OS may become a more interesting target for the Blackhat's of the world. As such, these UEFI protections are even more important to implement.


The paper also describes how the UEFI RTV complements a Trusted Computing Group Trusted Platform Module (TPM) Root of Trust for Storage/Recording (RTS/RTR) and a UEFI based Root of Trust for Measurement (RTM) to work in tandem with the TPM. Finally, the paper describes using formal integrity models like Clark-Wilson to decompose a system and the use of UEFI Capsule updates to have a cryptographically-assured update of the underlying UEFI Platform Initialization (PI)-based UEFI features.

For more recent information on a UEFI RTM, check out the IBM/Intel paper http://download.intel.com/technology/efi/SF09_EFIS001_UEFI_PI_TCG_White_Paper.pdf.
In addition to that material from 2007 and 2009, article 5 of the November Intel Technology Journal describes the UEFI Secure and Measured Boot scenario in light of the UEFI 2.3.1a specification
Other interesting discussions of the Measured and Secure boot interplay can be found in http://channel9.msdn.com/Events/BUILD/BUILD2011/HW-462T. Matt Garrett also notes "Secure boot is a valuable feature. It does neatly deal with the growing threat of pre-OS malware" http://mjg59.dreamwidth.org/6503.html.