EDK II Security White Papers

A list of White Papers and information for EDK II Security from multiple sources

• https://uefi.org
• https://software.intel.com/en-us/firmware/
• https://tianocore.org
• Industry standard:
  • NIST: https://csrc.nist.gov/publications/sp800
  • TCG: http://trusted.computinggroup.com/
• SideChannel: Intel Software Developer Zone -firmware speculative execution
• MDS: Intel Software Developer Zone - microarchitectural data sampling

General:

• Book - building secure firmware (October 2020)
• uefi.org - An Introduction to Platform Security (Spring 2018)
• uefi.org - Threat Modeling for Modern System FW.pdf (July 2013)

EDK II Code:

• A Tour Beyond BIOS - Security Design Guide in_EDK_II.pdf (Sept 2016)
• EDK II Secure Coding Guide (June 2019)
• EDK II Secure Code Review Guide (June 2019)
• OCP - Secure Firmware Development Best Practices (May 2020)
• Universal Scalable Firmware - Security (October 2021)

Memory Protection:

• A Tour Beyond BIOS – Memory Protection in UEFI BIOS - gitbook (March 2017)
• A Tour Beyond BIOS - Mitigate Buffer Overflow in UEFI (April 2018)

SMM Protection:

• A Tour Beyond BIOS Secure SMM Communication (April 2016)
• uefi.org - SMM Protection in EDK II (Spring 2017)

SecureBoot/AuthVariable:

• Understanding the UEFI Secure Boot Chain (June 2019)
• A Tour Beyond BIOS - Implementing UEFI Authenticated Variables in SMM with EDK II (Oct 2015)

TrustedBoot/TPM2:

• Understanding the Trusted Boot Chain Implementation (Nov 2020)
• A Tour Beyond BIOS - with the UEFI TPM2 Support in EDK II (Sept 2014)
• FSP2 Measurement and Attestation (July 2021)
• uefi.org - Traceable Firmware Bill of Materials Overview

DMA: [A Tour Beyond BIOS - Using IOMMU for DMA Protection in UEFI firmware] (https://software.intel.com/sites/default/files/managed/8d/88/intel-whitepaper-using-iommu-for-dma-protection-in-uefi.pdf) (Oct 2017)

Capsule/Recovery: [A Tour Beyond BIOS - Capsule Update and Recovery in EDK II] (https://github.com/tianocore-docs/Docs/blob/main/White_Papers/A_Tour_Beyond_BIOS_Capsule_Update_and_Recovery_in_EDK_II.pdf) (Dec 2016)

S3: [A Tour Beyond BIOS - Implementing S3 Resume with EDK II] (https://github.com/tianocore-docs/Docs/blob/main/White_Papers/A_Tour_Beyond_BIOS_Implementing_S3_resume_with_EDKII_V2.pdf) (Oct 2015)

Profile: [A Tour Beyond BIOS - Implementing Profiling in EDK_II] (https://github.com/tianocore-docs/Docs/blob/main/White_Papers/A_Tour_Beyond_BIOS_Implementing_Profiling_in_EDK_II.pdf) (July 2016)

STM/VMM:

• A Tour Beyond BIOS - Launching STM to Monitor SMM in EDK II (Aug 2015)
• A Tour Beyond BIOS - Launching a VMM in EDK II (Oct 2015)
• A Tour Beyond BIOS - Supporting SMM Resource Monitor using EDK II (June 2015)

StandaloneMM: A Tour Beyond BIOS - Launching Standalone SMM Drivers in the PEI Phase using EDK II (May 2015) [A Tour Beyond BIOS - Launching Standalone SMM Drivers in the PEI Phase using EDK