Sunday, January 1, 2017

Saying good bye to 2016

I meant to do a final blog of '16 but I instead opted to catch the fireworks at the Seattle Space Needle

I like the end of the year as it hosts the Chaos Communications Conference (33c3). I recall seeing Trammell Hudson's Thunderstrike 2 over the '15 holiday, and for this '16 holiday I watched his talk on Heads, variously described in

I like Trammell's threat model write up at, too. Today we only have the higher level

It was interesting to see his mention of Intel (R) FSP and also reference our work on pre-OS DMA protection

Another talk of interest for the pre-OS was the review of porting UEFI Secure Boot for virtual machines This entails the Open Virtual Machine Format (OVMF) variant of EDKII that executes upon QEMU and is used as the guest firmware in projects like KVM, Virtualbox, etc.

The latter talk included a reference to the EDKII lock box
work and emulating the full System Management Mode (SMM) infrastructure. The addition of more of the SMM infrastructure in was positively mentioned, too.

Speaking of security and 33c3, an interesting read about researchers and industry was posted to As long as the flaws are responsibly disclosed such that the conference presentations aren't zero-day events, I cannot argue with their sentiment.

One common element discussed in Heads and the Virtual Secure Boot topics entailed availability of full platforms. In that area there is great progress in having a set of full EDKII platform code in source that works with an Intel(R) FSP for the embedded Apollo Lake (APL) SOC (formerly known as "Broxton") in the repository

Regarding security and treatment of EDKII issues, we have moved our advisory update to gitbook from the former two PDF postings These recent postings represent fixes that honored the industry request for six month embargo of the project updates. Going forward we'd like to auto-generate the advisory from Bugzilla, but for now the document is manually curated. There have also been discussions of moving from the advisory document issue enumeration to things like CVE's which is an investigation in progress, too.

Moving into 2017, maybe I'll catch up to George Westinghouse's number of issued US Patents. I left 2016 with 354 issued, whereas George has 361

2017 should also feature an update to a couple of UEFI books, including Beyond BIOS and Harnessing the UEFI Shell Beyond BIOS was originally published in 2006, so this update will mark over a decade since its first appearance.

It has been an interesting run on this project, with over 17 years on the EFI team and nearly 20 years at Intel. I look forward to what the next wave of technology will bring in '17 and beyond.

Post a Comment