tianocore-wiki.github.io

EDK II Security White Papers

A list of White Papers and information for EDK II Security from multiple sources

• https://uefi.org
• https://software.intel.com/en-us/firmware/
• https://tianocore.org
• Industry standard:
  • NIST: https://csrc.nist.gov/publications/sp800
    
  • TCG: http://trusted.computinggroup.com/
• SideChannel: Intel Software Developer Zone -firmware speculative execution
• MDS: Intel Software Developer Zone - microarchitectural data sampling

General:

• Book - building secure firmware (October 2020)
• uefi.org - An Introduction to Platform Security (Spring 2018)
• uefi.org - Threat Modeling for Modern System FW.pdf (July 2013)

EDK II Code:

• A Tour Beyond BIOS - Security Design Guide in_EDK_II.pdf (Sept 2016)
• EDK II Secure Coding Guide (June 2019)
• EDK II Secure Code Review Guide (June 2019)
• OCP - Secure Firmware Development Best Practices (May 2020)
• Universal Scalable Firmware - Security (October 2021)

Memory Protection:

• A Tour Beyond BIOS – Memory Protection in UEFI BIOS - gitbook (March 2017)
• A Tour Beyond BIOS - Mitigate Buffer Overflow in UEFI (April 2018)

SMM Protection:

• A Tour Beyond BIOS Secure SMM Communication (April 2016)
• uefi.org - SMM Protection in EDK II (Spring 2017)

SecureBoot/AuthVariable:

• Understanding the UEFI Secure Boot Chain (June 2019)
• A Tour Beyond BIOS - Implementing UEFI Authenticated Variables in SMM with EDK II (Oct 2015)

TrustedBoot/TPM2:

• Understanding the Trusted Boot Chain Implementation (Nov 2020)
• A Tour Beyond BIOS - with the UEFI TPM2 Support in EDK II (Sept 2014)
• FSP2 Measurement and Attestation (July 2021)
• uefi.org - Traceable Firmware Bill of Materials Overview

DMA: A Tour Beyond BIOS - Using IOMMU for DMA Protection in UEFI firmware (Oct 2017)

Capsule/Recovery: A Tour Beyond BIOS - Capsule Update and Recovery in EDK II (Dec 2016)

S3: A Tour Beyond BIOS - Implementing S3 Resume with EDK II (Oct 2015)

Profile: A Tour Beyond BIOS - Implementing Profiling in EDK_II (July 2016)

STM/VMM:

• A Tour Beyond BIOS - Launching STM to Monitor SMM in EDK II (Aug 2015)
• A Tour Beyond BIOS - Launching a VMM in EDK II (Oct 2015)
• A Tour Beyond BIOS - Supporting SMM Resource Monitor using EDK II (June 2015)

StandaloneMM: A Tour Beyond BIOS - Launching Standalone SMM Drivers in the PEI Phase using EDK II (May 2015)

This site is open source. Improve this page.