Contact Us

Share

Applications

2 months 3 weeks ago
vzimmer

This paper introduces the memory map security practices in a UEFI BIOS.

2 months 3 weeks ago
vzimmer

In the current UEFI PI infrastructure, SMM drivers are loaded into SMRAM and execute in a ring-0 privilege environment. However, there are lots of SMRAM based attacks that have occurred in the world [SMM01][SMM02][SMM03][SMM04][SMM05][SMM06]. As such, some platforms might need a way to monitor the SMM driver’s actions and block some malicious behavior. Some ideas to provide a least-privilege environment where SMM code behavior can be mediated have been presented before [SMM07][SMM08]. In this paper we explore the creation of a “monitor” management protocol in SMM to resolve this problem and scale as a solution for all possible SMM implementations.

11 months 1 week ago
vzimmer

This paper presents the design and boot flow of the TPM2 support in the Security Package of EDKII. The EDKII code acts as the “Root of Trust for Measurement” (RTM) in this scenario.

1 year 1 week ago
vzimmer

This paper describes some manageability and security usages of UEFI.

Documents

4 months 1 day ago
vzimmer

This paper presents details on how to create an Intel® Firmware Support Package (FSP)-conformant [FSP EAS] binary by using in EDKII [EDK2]. After this “FSP Production”, then the resultant Intel FSP binary can be integrated into any boot loader [FSP Consumer].

10 months 5 days ago
vzimmer

This paper presents the internal structure and boot flow of PI S3 resume design, as implemented in the EDKII.

11 months 3 weeks ago
vzimmer

This Intel implementation of EDKII demonstrates the possibilities available using the scalable architecture of both the code base and the associated underlying industry standards

11 months 2 weeks ago
vzimmer

This paper presents the internal structure and boot flow of the SMM-based UEFI Authenticated Variable driver in the Security Package of the EDKII.

3 months 5 days ago
vzimmer

In the current UEFI PI infrastructure, SMM drivers are loaded in the PI DXE phase. Usages such as the Intel® Firmware Support Package (FSP) may include requirements that the SMM initialization be done in the early PI PEI phase, namely since current FSP environments are in PEI. Intel FSP is a binary to encapsulate Intel silicon module initialization. In addition, server Reliability, Availability, Serviceability (RAS) features may also require some RAS SMM modules to be launched in PEI because portions of RAS are part of the silicon module set. This paper presents how to support launching silicon specific SMM drivers in the PI PEI phase, while at the same time maintaining compatibility to launch existing SMM drivers in the PI DXE phase.

6 months 1 week ago
vzimmer

This paper introduces the design of the memory map in a UEFI BIOS.

7 months 1 week ago
vzimmer

This paper presents on a design methodology for using Intel VT-d in a UEFI BIOS for purposes of resisting DMA attacks against the host UEFI firmware from devices.

4 months 1 day ago
vzimmer

This paper presents the internal structure and boot flow of Intel® Firmware Support Package (FSP) conformant binary [FSP EAS] wrapper package in EDKII [EDK2]. This wrapper will consume an Intel FSP binary and be combined with EDKII-based platform code and core modules to support UEFI OS boots.

11 months 3 weeks ago
vzimmer

This paper presents the internal structure and boot flow of Intel® Firmware Support Package (FSP) wrapper package in EDKII, which consumes an Intel FSP binary to support UEFI OS boot.

2 years 7 months ago
Palsamy

This paper describes how UEFI based technology can implement the ACPI Platform Error Interface.

3 years 2 months ago
Brian

This guide explains the basic usage of the Intel® DQ57TM UEFI 2.3.1 Development Kit, including upgrading the BIOS image.

2 years 8 months ago
Intel

This collaborative paper between Cisco and Intel engineers provides an overview of security technologies as applies to current PC systems. The goal of this paper is to contrast and compare various security technologies, initiatives, and practices that may be applied to client or server x86 platforms.

3 months 1 week ago
vzimmer

This paper talks about the challenges for Cloud computing. The Open Compute Project (OCP) [OCP] vies to provide interoperability between many elements in the data center, pioneering ‘open hardware’ precepts for this market area.
Just as the OCP goal is to have interoperability between all elements of the server complex, UEFI [UEFI-BOOK] attempts to provide similar business interoperability. Specifically, the UEFI/PI/ACPI designs have followed the same spirit, effecting this intent through industry standard API’s. Through these API’s we can have plug and play binaries between different business elements.
UEFI can help open up the boot and management firmware elements of OCP that have traditionally been vendor specific and not fully interoperable.
This paper isn’t exhaustive but instead attempts to highlight some Cloud challenges with corresponding solutions based upon UEFI.

Other

3 years 2 months ago
Brian

BIOS image and upgrade utility for the Intel® DQ57TM UEFI 2.3.1 Development Kit. Please refer to the release notes and EULA included in the ZIP file for details.

3 years 2 months ago
Brian

BIOS image and upgrade utility for the Intel® DQ57TM UEFI 2.3.1 Development Kit. Please refer to the release notes and EULA included in the ZIP file for details.

3 years 2 months ago
Brian

BIOS image and upgrade utility for the Intel® DQ57TM UEFI 2.3.1 Development Kit. Please refer to the release notes and EULA included in the ZIP file for details.

3 years 2 months ago
Brian

BIOS image and upgrade utility for the Intel® DQ57TM UEFI 2.3.1 Development Kit. Please refer to the release notes and EULA included in the ZIP file for details.

Training

11 months 3 days ago
Brian

This session is an overview of the Intel® Firmware Support Package (Intel® FSP) to encapsulate Intel® silicon initialization. Intel FSP allows customers to scale platform initialization and work more easily with open source Intel® architecture (IA) firmware ecosystems, such as UEFI and the open-source EDK II framework.

11 months 3 days ago
Brian

The Intel® Unified Binary Management Suite (Intel® UBMS) is designed to simplify firmware deployment on Intel platforms. Intel UBMS is an integrated development environment for rapid firmware customization based on binary components. The suite eliminates the need for source code manipulation and simplifies the platform development process. This also allows 3rd party vendors to leverage existing UEFI code and enable Intel® UBMS customers.