-
Notifications
You must be signed in to change notification settings - Fork 344
EDK II white papers
Laurie Jarlstrom edited this page Sep 8, 2016
·
37 revisions
EDK II White papers | |||
---|---|---|---|
Download PDF |
Title Description
|
||
A Tour Beyond BIOS Security Design Guide in EDK II - contributed by Jiewen Yao, Vincent Zimmer The purpose of this document is to provide security guidelines to developers, implementers, and code reviewers of the EDK II firmware. The topics discussed in this paper are intended to aid in reducing bugs associated with common security vulnerability classes present in EDK II. Following these guidelines will increase the overall security of platforms implementing the firmware and ensure platforms are not as susceptible to malicious behavior.
|
|||
A Tour Beyond BIOS Implementing Profiling in EDK II - contributed by Jiewen Yao, Vincent Zimmer, Star Zeng and Fan Jeff The Unified Extensible Firmware Interface (UEFI) and Platform Initialization (PI) specification defines rich execution environments such as Security (SEC), Pre-EFI Initialization (PEI), Driver Execution Environment (DXE), System Management Mode (SMM) and UEFI Runtime (RT) for firmware drivers. There are more and more features added into a firmware. At same time, the firmware still has a resource constrained environment. In addition to functionality, the size, performance, and security are three major concerns of a firmware engineer. This paper introduces several profiling features implemented in EDK II to help the UEFI firmware developer to analyze the size, performance and security of a UEFI firmware implementation.
|
|||
Getting Started with UEFI HTTP over TLS (HTTPS) Boot on EDK II - contributed by Wu Jiaxin
HTTP over TLS (HTTPS) boot is a standard implementation for securely booting using the Unified Extensible Firmware Interface (UEFI) over a network device. HTTPS Boot is especially important for clients using potentially insecure networks outside of corporate infrastructure. Security for UEFI HTTPS Boot is provided by the underlying Transport Layer Security (TLS). This document assumes that the reader is familiar with the EDK II HTTP Boot Getting Started Guide - below
|
|||
A Tour Beyond BIOS Open Source IA Firmware Platform Design Guide in EDK II- contributed by Vincent Zimmer and Jiewen Yao This paper introduces a design guide for an EDK II open source IA firmware solution. In order to make an open IA firmware solution simple, we demonstrate a firmware design approach with minimal features. The only criteria are
|
|||
A Tour Beyond BIOS Secure SMM Communication- contributed by Star Zeng, Vincent Zimmer and Jiewen Yao This paper introduces how we can do secure SMM communication in a UEFI BIOS. Audience: This paper assumes that audience has basic EDKII/UEFI firmware development experience, and basic knowledge of SMM.
|
|||
EDK II HTTP Boot Getting Started Guide - contributed by Ye Ting, Fu Siyuan, and Zhang Lubo
This document is a getting started guide for using the HTTP boot capability introduced in the UEFI Specification, revision 2.5.
|
|||
A Tour Beyond BIOS Memory Map and Practices in UEFI BIOS- contributed by Vincent Zimmer and Jiewen Yao This paper introduces the memory map security practices in UEFI BIOS. Audience: This paper assumes that audience has basic EDKII/UEFI firmware development experience. The main job of BIOS is to initialize the platform hardware and report information to a generic operating system (OS). The memory map is one of the most important pieces of information. The operating system can only load a kernel, driver or application in the right place if it knows how memory is allocated. In UEFI Memory Map, we introduced the memory map design in UEFI BIOS, and saw how a typical platform reports the memory map to an OS. In this paper we will discuss how to enhance the memory map reporting and provide security practice for memory protection to harden platforms.
|
|||
.PDF or .VSD |
EDK II Topology SMM - White Paper contributed by Lee Hamel EDK II Topology – SMM: Topology of how SMM is set up and executed
|
||
.PDF or
.VSD |
EDK II Topology S3 - White Paper contributed by Lee Hamel EDK II Topology - S3: Topology of how S3 is set up and executed
|
||
.PDF or .VSD |
EDK II Topology PCI Enumeration - White Paper contributed by Lee Hamel EDK II Topology - PCI Enumeration: Topology of how PCI Enumeration is set up and executed
|
||
UDK Build Integration of Reset Vector - White Paper contributed by Lee Hamel How the Reset Vector is integrated into a UDK build
|
|||
A Tour Beyond BIOS Implementing UEFI Authenticated Variables in SMM with EDKII
This paper presents the internal structure and boot flow of the SMM-based UEFI Authenticated Variable driver in the MDE Module Package and Security Package of the EDKII. Prerequisite This paper assumes that audience has EDKII/UEFI firmware development experience. He or she should also be familiar with UEFI/PI firmware infrastructure, such as SEC, PEI, DXE, runtime phase.
|
|||
A Tour Beyond BIOS Implementing S3 Resume with EDKII
This paper presents the internal structure and boot flow of PI S3 resume design, as implemented in the EDKII. Prerequisite This paper assumes that audience has EDKII/UEFI firmware development experience. He or she should also be familiar with UEFI/PI/ACPI firmware infrastructure, such as SEC, PEI, DXE, runtime phase, and S-states.
|
|||
PDF or Zip |
A Tour Beyond BIOS into UEFI Secure Boot White Paper This document provides an overview of the implementation and intent behind the UEFI Secure Boot feature and capability of UEFI Specification, Version 2.3.1C, http://www.uefi.org The goal of the paper is to provide
|
||
EDK II Build Decoded Discussion of the files that are used in a build and their purpose.
|
|||
How to create Visual Studio solution How to create a Visual Studio solution for an EDK II tree.
|
|||
EDK II Performance Optimization This paper focuses on techniques and methodologies which can be used to characterize and optimize the performance of EDK II based firmware. (PDF)
|
Home
Getting Started with EDK II
Build Instructions
EDK II Platforms
EDK II Documents
EDK II Release Planning
Reporting Issues
Reporting Security Issues
Community Information
Inclusive Language
Additional Projects & Tasks
Training
Community Support
Community Virtual Meetings
GHSA GitHub Security Advisories Proceess (Draft)