Skip to content

EDK II white papers

Jump to bottom
Laurie Jarlstrom edited this page Jul 1, 2016 · 37 revisions
EDK II White papers
Download PDF Title
Description
  • Date Published
.PDF Getting Started with UEFI HTTP over TLS (HTTPS) Boot on EDK II - contributed by Wu Jiaxin
HTTP over TLS (HTTPS) boot is a standard implementation for securely booting using the Unified Extensible Firmware Interface (UEFI) over a network device. HTTPS Boot is especially important for clients using potentially insecure networks outside of corporate infrastructure. Security for UEFI HTTPS Boot is provided by the underlying Transport Layer Security (TLS).
This document assumes that the reader is familiar with the EDK II HTTP Boot Getting Started Guide - below
  • July 2016 Rev 0.7
.PDF A Tour Beyond BIOS Open Source IA Firmware Platform Design Guide in EDK II- contributed by Vincent Zimmer and Jiewen Yao

This paper introduces a design guide for an EDK II open source IA firmware solution. In order to make an open IA firmware solution simple, we demonstrate a firmware design approach with minimal features.
The only criteria are
  1. It can boot to the OS
  2. It is secure.
We can remove many unnecessary silicon or platform features like Capsule update, Recovery, S3 resume, SMBIOS, EC, Super IO (SIO), I2C, and only enable ACPI & SMM to support booting.
  • May 2016
.PDF A Tour Beyond BIOS Secure SMM Communication- contributed by Star Zeng, Vincent Zimmer and Jiewen Yao

This paper introduces how we can do secure SMM communication in a UEFI BIOS.
Audience: This paper assumes that audience has basic EDKII/UEFI firmware development experience, and basic knowledge of SMM.
  • April 2016
.PDF EDK II HTTP Boot Getting Started Guide - contributed by Ye Ting, Fu Siyuan, and Zhang Lubo
This document is a getting started guide for using the HTTP boot capability introduced in the UEFI Specification, revision 2.5.
  • April 2016 Rev 0.8
.PDF A Tour Beyond BIOS Memory Map and Practices in UEFI BIOS- contributed by Vincent Zimmer and Jiewen Yao

This paper introduces the memory map security practices in UEFI BIOS.
Audience: This paper assumes that audience has basic EDKII/UEFI firmware development experience.

The main job of BIOS is to initialize the platform hardware and report information to a generic operating system (OS). The memory map is one of the most important pieces of information. The operating system can only load a kernel, driver or application in the right place if it knows how memory is allocated. In UEFI Memory Map, we introduced the memory map design in UEFI BIOS, and saw how a typical platform reports the memory map to an OS. In this paper we will discuss how to enhance the memory map reporting and provide security practice for memory protection to harden platforms.
  • March 2016
.PDF or .VSD EDK II Topology SMM - White Paper contributed by Lee Hamel
EDK II Topology – SMM: Topology of how SMM is set up and executed
  • Jan 2016
.PDF or .VSD
 EDK II Topology S3 - White Paper contributed by Lee Hamel
EDK II Topology - S3: Topology of how S3 is set up and executed
  • Jan 2016
.PDF or .VSD EDK II Topology PCI Enumeration - White Paper contributed by Lee Hamel
EDK II Topology - PCI Enumeration: Topology of how PCI Enumeration is set up and executed
  • Jan 2016
PDF UDK Build Integration of Reset Vector - White Paper contributed by Lee Hamel
How the Reset Vector is integrated into a UDK build
  • Jan 2016
.PDF A Tour Beyond BIOS Implementing UEFI Authenticated Variables in SMM with EDKII
This paper presents the internal structure and boot flow of the SMM-based UEFI Authenticated Variable driver in the MDE Module Package and Security Package of the EDKII.
Prerequisite This paper assumes that audience has EDKII/UEFI firmware development experience. He or she should also be familiar with UEFI/PI firmware infrastructure, such as SEC, PEI, DXE, runtime phase.
  • Oct 2015
.PDF A Tour Beyond BIOS Implementing S3 Resume with EDKII
This paper presents the internal structure and boot flow of PI S3 resume design, as implemented in the EDKII.
Prerequisite This paper assumes that audience has EDKII/UEFI firmware development experience. He or she should also be familiar with UEFI/PI/ACPI firmware infrastructure, such as SEC, PEI, DXE, runtime phase, and S-states.
  • Oct 2015
PDF or Zip A Tour Beyond BIOS into UEFI Secure Boot White Paper
This document provides an overview of the implementation and intent behind the UEFI Secure Boot feature and capability of UEFI Specification, Version 2.3.1C, http://www.uefi.org The goal of the paper is to provide
  • an understanding of the motivations behind this capability
  • a walk-through of the implementation
  • a future evolution.
This paper targets firmware, software, and BIOS engineers.
  • July 2012
.PDF EDK II Build Decoded
Discussion of the files that are used in a build and their purpose.
  • April 2012
.PDF How to create Visual Studio solution
How to create a Visual Studio solution for an EDK II tree.
  • April 2012
.PDF EDK II Performance Optimization
This paper focuses on techniques and methodologies which can be used to characterize and optimize the performance of EDK II based firmware. (PDF)
  • April 2010

Home | Getting Started with EDK II | Reporting Issues | Community Information | Community Support | Inclusive Language | Tasks | BSD+Patent

Wiki Navigation:

Home
Getting Started with EDK II
Build Instructions
EDK II Platforms
EDK II Documents
EDK II Release Planning
Reporting Issues
Reporting Security Issues
Community Information
Inclusive Language
Additional Projects & Tasks
Training
Community Support
Community Virtual Meetings
GHSA GitHub Security Advisories Proceess (Draft)

Clone this wiki locally