EDK II White papers - lzeng14/tianocore GitHub Wiki

EDK II White papers
Download PDF Title
Description
  • Date Published
Gitbook PDF A Tour Beyond BIOS- Security Enhancement to Mitigate Buffer Overflow in UEFI contributed by Jiewen Yao, Vincent Zimmer and Jian Wang
A buffer overflow is “one of the most important exploitation techniques in the history of computer security.” [Tanenbaum] “Buffer overflows are ideally suited for introducing three of the most important protection mechanisms available in most modern systems: stack canaries, data execution protection, and address-space layout randomization.”[Tanenbaum] However, the current UEFI firmware implementation only adopted a few of these mechanisms.
This paper will introduce how to enable the protection mechanisms in UEFI firmware to harden the pre-boot phase.
GitBook PDF EDK II HTTP Boot Getting Started Guide- contributed by Ye Ting, Fu Siyuan, and Zhang Lubo
This document is a getting started guide for using the HTTP boot capability introduced in the UEFI Specification, revision 2.5.
  • January 2018 Rev 0.9
  • April 2016 Rev 0.8 .PDF
Gitbook PDF Getting Started with UEFI HTTPS Boot on EDK II contributed by Wu Jiaxin, Fu Siyuan and Brian Richardson
HTTP over TLS (HTTPS) boot is a standard implementation for securely booting using the Unified Extensible Firmware Interface (UEFI) over a network device. HTTPS Boot is especially important for clients using potentially insecure networks outside of corporate infrastructure. Security for UEFI HTTPS Boot is provided by the underlying Transport Layer Security (TLS). This paper assumes the reader is familiar with the EDK II HTTP Boot Getting Started Guide available on this page.
  • May 2017 Rev 1.3
  • Feb 2017 Rev 1.2 .PDF
Gitbook PDF A Tour Beyond BIOS- Memory Protection in UEFI BIOS contributed by Jiewen Yao and Vincent Zimmer
Data execution protection (DEP) is intended to prevent an application or service from executing code from a non-executable memory region. This helps prevent certain exploits that store code via a buffer overflow.
In the White paper A Tour Beyond BIOS-Security Enhancement to Mitigate Buffer Overflow below, we only discussed the DEP for protecting the stack and setting the not-present page for detecting `NULL` address accesses and as the guard page. This document will have a more comprehensive discussion of the DEP adoption in the current UEFI firmware to harden the pre-boot phase.
  • March 2017
.PDF A Tour Beyond BIOS- Capsule Update and Recovery in EDK II contributed by Jiewen Yao and Vincent Zimmer
The firmware update capability represents an important feature for the system firmware on the mother board and the various device firmware instances, such as a host bus adapter-attached PCI option ROM, embedded controller (EC), baseboard management controller (BMC), etc. The firmware recovery is also a feature to support firmware boot in recovery mode in cases where the main flash image is errant or corrupt.
In this paper, we provide more details on how we implement capsule update and recovery in EDK II.
  • December 2016
.PDF A Tour Beyond BIOS Security Design Guide in EDK II contributed by Jiewen Yao and Vincent Zimmer
The purpose of this document is to provide security guidelines to developers, implementers, and code reviewers of the EDK II firmware. The topics discussed in this paper are intended to aid in reducing bugs associated with common security vulnerability classes present in EDK II. Following these guidelines will increase the overall security of platforms implementing the firmware and ensure platforms are not as susceptible to malicious behavior.
  • September 2016
.PDF A Tour Beyond BIOS Implementing Profiling in EDK II - contributed by Jiewen Yao, Vincent Zimmer, Star Zeng and Fan Jeff
The Unified Extensible Firmware Interface (UEFI) and Platform Initialization (PI) specification defines rich execution environments such as Security (SEC), Pre-EFI Initialization (PEI), Driver Execution Environment (DXE), System Management Mode (SMM) and UEFI Runtime (RT) for firmware drivers. There are more and more features added into a firmware. At same time, the firmware still has a resource constrained environment. In addition to functionality, the size, performance, and security are three major concerns of a firmware engineer. This paper introduces several profiling features implemented in EDK II to help the UEFI firmware developer to analyze the size, performance and security of a UEFI firmware implementation.
  • July 2016
.PDF A Tour Beyond BIOS Open Source IA Firmware Platform Design Guide in EDK II- contributed by Vincent Zimmer and Jiewen Yao

This paper introduces a design guide for an EDK II open source IA firmware solution. In order to make an open IA firmware solution simple, we demonstrate a firmware design approach with minimal features.
The only criteria are
  1. It can boot to the OS
  2. It is secure.
We can remove many unnecessary silicon or platform features like Capsule update, Recovery, S3 resume, SMBIOS, EC, Super IO (SIO), I2C, and only enable ACPI & SMM to support booting.
  • May 2016
.PDF A Tour Beyond BIOS Secure SMM Communication- contributed by Star Zeng, Vincent Zimmer and Jiewen Yao

This paper introduces how we can do secure SMM communication in a UEFI BIOS.
Audience: This paper assumes that audience has basic EDKII/UEFI firmware development experience, and basic knowledge of SMM.
  • April 2016
.PDF A Tour Beyond BIOS Memory Map and Practices in UEFI BIOS- contributed by Vincent Zimmer and Jiewen Yao

This paper introduces the memory map security practices in UEFI BIOS.
Audience: This paper assumes that audience has basic EDKII/UEFI firmware development experience.

The main job of BIOS is to initialize the platform hardware and report information to a generic operating system (OS). The memory map is one of the most important pieces of information. The operating system can only load a kernel, driver or application in the right place if it knows how memory is allocated. In UEFI Memory Map, we introduced the memory map design in UEFI BIOS, and saw how a typical platform reports the memory map to an OS. In this paper we will discuss how to enhance the memory map reporting and provide security practice for memory protection to harden platforms.
  • March 2016
.PDF or .VSD EDK II Topology SMM - White Paper contributed by Lee Hamel
EDK II Topology – SMM: Topology of how SMM is set up and executed
  • Jan 2016
.PDF or .VSD
EDK II Topology S3 - White Paper contributed by Lee Hamel
EDK II Topology - S3: Topology of how S3 is set up and executed
  • Jan 2016
.PDF or .VSD EDK II Topology PCI Enumeration - White Paper contributed by Lee Hamel
EDK II Topology - PCI Enumeration: Topology of how PCI Enumeration is set up and executed
  • Jan 2016
PDF UDK Build Integration of Reset Vector - White Paper contributed by Lee Hamel
How the Reset Vector is integrated into a UDK build
  • Jan 2016
.PDF A Tour Beyond BIOS Implementing UEFI Authenticated Variables in SMM with EDKII
This paper presents the internal structure and boot flow of the SMM-based UEFI Authenticated Variable driver in the MDE Module Package and Security Package of the EDKII.
Prerequisite This paper assumes that audience has EDKII/UEFI firmware development experience. He or she should also be familiar with UEFI/PI firmware infrastructure, such as SEC, PEI, DXE, runtime phase.
  • Oct 2015
.PDF A Tour Beyond BIOS Implementing S3 Resume with EDKII
This paper presents the internal structure and boot flow of PI S3 resume design, as implemented in the EDKII.
Prerequisite This paper assumes that audience has EDKII/UEFI firmware development experience. He or she should also be familiar with UEFI/PI/ACPI firmware infrastructure, such as SEC, PEI, DXE, runtime phase, and S-states.
  • Oct 2015
PDF or Zip A Tour Beyond BIOS into UEFI Secure Boot White Paper
This document provides an overview of the implementation and intent behind the UEFI Secure Boot feature and capability of UEFI Specification, Version 2.3.1C, http://www.uefi.org The goal of the paper is to provide
  • an understanding of the motivations behind this capability
  • a walk-through of the implementation
  • a future evolution.
This paper targets firmware, software, and BIOS engineers.
  • July 2012
.PDF EDK II Build Decoded
Discussion of the files that are used in a build and their purpose.
  • April 2012
.PDF How to create Visual Studio solution
How to create a Visual Studio solution for an EDK II tree.
  • April 2012
.PDF EDK II Performance Optimization
This paper focuses on techniques and methodologies which can be used to characterize and optimize the performance of EDK II based firmware. (PDF)
  • April 2010
⚠️ **GitHub.com Fallback** ⚠️