A recent whitepaper posted and an upcoming talk

A Tour Beyond BIOS into UEFI Secure Boot at the download location http://sourceforge.net/projects/edk2/files/General%20Documentation/A_Tour_Beyond_BIOS_into_UEFI_Secure_Boot_White_Paper.pdf/download was recently posted.    My co-author Lee Rosenbaum and I provide a integrity model for an extensible pre-OS that motivates UEFI Secure Boot

along with a review of the implementation at tianocore.org.   I provide an overview of some of the material in the paper at the toorcamp talk next Thursday near Neah Bay.

Roy Hopkins of Intel/McAfee and I https://intel.activeevents.com/sf12/scheduler/speakers.do will be presenting Intel and McAfee: Hardening and Harnessing the Secure Platform on Tuesday, September 11, at the Intel Developer Forum in San Francisco, CA. The topics will include:

-UEFI and Platform Initialization (PI) security overview
-Hardening the platform and development assurance practices
-Introducing McAfee* Endpoint Encryption
-Value proposition of a secured preboot
-Maintain the chain of trust.

I look forward to meeting people in SF next month.

UEFI 2.3.1 Errata C, and more

A few things have happened recently.

These include the publication of errata C of the UEFI2.3.1 specification at www.uefi.org.    One interesting update in that document includes support for network booting additional architecture types.   See "Processor Architecture Types" at  http://www.ietf.org/assignments/dhcpv6-parameters/dhcpv6-parameters.txt.  Notable additions in that list include PowerPC and ARM64, along with reconciling some earlier conflicts between the UEFI specification and early RFC's.   This update, along with http://tools.ietf.org/rfc/rfc5970.txt, allows for rich network bootstrap opportunities.

In addition to the UEFI and IETF updates, a YouTube video of "Security & Personal Computing" was just posted to the intelchannel at http://www.youtube.com/watch?v=lZ505uz1TZ4.   In this talk I provide a broad overview of some the efforts underway in the industry around platform protection.

On that same topic, my presentation proposal http://toorcamp.org/content12/33 for ToorCamp 2012 was accepted.   The entire schedule of talks can be found at http://toorcamp.org/talks.  Dan "I broke DNS" Kaminsky is speaking that same day http://toorcamp.org/content12/28, and the speaker immediately prior to my talk http://toorcamp.org/content12/2 will discuss hacking measured and UEFI secure boot.   It should be interesting.

Anniversary day

Today makes 15 years since I started working at Intel. Coincidentally, it also makes 20 years for me in the technology industry (post undergrad).

I worked on my first embedded systems project 20 years ago, converting an embedded control system from assembly to C. And during the last 12 years on the EFI project, work has included converting a PC/AT BIOS ecosystem largely written in 16-bit assembly to a C-based infrastructure based upon UEFI.

Crazy stuff.

I've heard that the half life of an engineer is 15 years. I look forward to where the journey takes me next.

It has been an interesting run thus far.

Cheers

UDK2010.SR1 is now available

This is the latest UEFI Development Kit 2010 Specification Release 1 (SR1) that supports UEFI 2.3.1 and the PI1.2 specifications. The UDK2010.SR1 Release is now available at http://www.tianocore.org. Many of the capabilities discussed earlier in the blog, including netboot6 and secure boot, are available in the Networking Package (NetworkPkg) and Security Package (SecurityPkg), respectively.

Windows 8 Hardware Certification Requirements

Check out the document windows8-hardware-cert-requirements-system.pdf, which can be downloaded from http://msdn.microsoft.com/library/windows/hardware/hh748188. The platform builders often refer to these as 'logo requirements.'

The document includes details on UEFI network boot on IPV4 and IPV6 under System.Fundamentals.PXE.PXEBoot, along with more information on implementing UEFI secure boot under System.Fundamentals.Firmware.UEFISecureBoot and measured boot under System.Fundamentals.TrustedPlatformModule.TPMRequirements.

The matter includes guidance that complements the UEFI2.3.1a specification, IETF RFC's (such as RFC5970 on IPV6 network boot), and other industry standards, for purposes of describing how to build a UEFI platform for this class of operating system.

Random notes

After so many years, it is good to see so much activity around UEFI Secure Boot and the proposed usage of this capability in upcoming operating systems. The UEFI Forum www.uefi.org has been working on refining this capability since the publication of the UEFI 2.0 specification in 2006, culminating in its present form in the UEFI 2.3.1a specification published this year.

I introduced the concept of a UEFI-based Root of Trust for Verification / Enforcement (RTV/RTE) in the 2007 paper Platform Trust Beyond BIOS Using the Unified Extensible Firmware Interface http://dblp.uni-trier.de/rec/bibtex/conf/csreaSAM/Zimmer07. As I concluded in that paper:

This paper has shown that the future of extensible platform firmware beyond BIOS holds many perils and opportunities. The perils include the new ability to have extensible code loading in the pre-operating system regime, but the opportunities include the use of measured and secure boot to harden the platform and authorize code loading. And in a world of ever-more-secure operating systems, the pre-OS may become a more interesting target for the Blackhat's of the world. As such, these UEFI protections are even more important to implement.

The paper also describes how the UEFI RTV complements a Trusted Computing Group Trusted Platform Module (TPM) Root of Trust for Storage/Recording (RTS/RTR) and a UEFI based Root of Trust for Measurement (RTM) to work in tandem with the TPM. Finally, the paper describes using formal integrity models like Clark-Wilson to decompose a system and the use of UEFI Capsule updates to have a cryptographically-assured update of the underlying UEFI Platform Initialization (PI)-based UEFI features.

For more recent information on a UEFI RTM, check out the IBM/Intel paper http://download.intel.com/technology/efi/SF09_EFIS001_UEFI_PI_TCG_White_Paper.pdf.

http://www.cs.berkeley.edu/~kubitron/courses/cs194-24-S14/hand-outs/SF09_EFIS001_UEFI_PI_TCG_White_Paper.pdf

In addition to that material from 2007 and 2009, article 5 of the November Intel Technology Journal describes the UEFI Secure and Measured Boot scenario in light of the UEFI 2.3.1a specification

http://www.intel.com/content/www/us/en/research/intel-technology-journal/2011-volume-15-issue-01-intel-technology-journal.html.

Other interesting discussions of the Measured and Secure boot interplay can be found in http://channel9.msdn.com/Events/BUILD/BUILD2011/HW-462T. Matt Garrett also notes "Secure boot is a valuable feature. It does neatly deal with the growing threat of pre-OS malware" http://mjg59.dreamwidth.org/6503.html.

UEFI Edition of the Intel Technology Journal

The latest edition of the Intel Technology Journal is "UEFI Today: Bootstrapping the Continuum." The articles contained therein include an overview of UEFI, Silicon enabling with PI, IHV / OEM usage, Fast boot, Security / Networking, Debug, and HP usage of UEFI. These articles were co-authored with the original equipment manufacturers, independent hardware vendors, operating system vendors and silicon/chipset suppliers in order to provide alternate views into the usages of UEFI across the industry.

A direct link to the document is also available at http://www.intel.com/content/www/us/en/research/intel-technology-journal/2011-volume-15-issue-01-intel-technology-journal.html.

Take a look.