Details

<b>Part 1: Overview</b><p><b>&nbsp;</b></p>

<p><b>Chapter 1: Introduction Security</b></p>

<p>Threat Model</p>

<p>Design</p>

<p>Validation</p>

<p>&nbsp;</p>

<p><b>Chapter 2: Introduction Host Firmware</b></p>

<p>Industry Standard</p>

<p>Boot Flow / Phase hand-off</p>

<p>Minimal Firmware Requirement</p>

<p>Hardware ROT</p>

<p>CPU/silicon init</p>

<p>PCI resource allocation.</p>

prepare platform info (memmap/ACPI)<p></p>

<p>Jump to OS.</p>

<p>Runtime Interface (SMM, UEFI Runtime, ASL)</p>

<p>General Principle -&nbsp; Protect / Detect / Recovery</p>

<p>&nbsp;</p>

<p><b>Part 2: Boot Security</b></p>

<p><b>&nbsp;</b></p>

<p><b>Chapter 3: Firmware Resilience - Protection </b></p>

<p>Flash Lock</p>

<p>Flash Wear out</p>

<p>Capsule Flow (*)</p>

<p>Signed Update</p>

<p>&nbsp;</p>

<p><b>Chapter 4: Firmware Resilience - Detection </b></p>

<p>Boot Flow (*)</p>

<p>Intel Boot Guard</p>

<p>OBB Verification</p>

<p>UEFI Secure Boot</p>

<p>Local</p>

<p>Remote</p>

<p>TXT- SX</p>

<p>(coreboot)</p>

<p>&nbsp;</p>

<p><b>Chapter 5: Firmware Resilience – Recovery </b></p>

<p>Recovery Flow (*)</p>

<p>Signed Recovery</p>

<p>Top Swap</p>

<p>Rollback, SVNs</p>

<p>&nbsp;</p>

<p><b>Chapter 6: OS/Loader Resilience </b></p>

<p>Platform Recovery</p>

<p>OS Recovery</p>

<p>(Android Verified Boot)</p>

<p>&nbsp;</p>

<p><b>Chapter 7: Trusted Boot </b></p>

<p>Measured Boot Flow (*)</p>

<p>SRTM (Boot Guard)</p>

<p>DRTM (TXT)</p>

<p>TPM1.2/2.0</p>

<p>Physical Presence</p>

<p>MOR / Secure MOR</p>

<p>&nbsp;</p>

<p><b>Chapter 8: Authentication </b></p>

<p>User Authentication</p>

<p>HDD Password</p>

<p>OPAL Password</p>

<p>&nbsp;</p>

<p><b>Chapter 9: S3 resume </b></p>

<p>S3 resume flow (*)</p>

<p>LockBox</p>

<p>&nbsp;</p>

<p><b>Chapter 10: Device Security </b></p>

<p>PCI Bus (*)</p>

<p>DMA protection</p>

<p>Device Measurement</p>

<p>Device Authentication</p>

<p>Device firmware update</p>

<p>&nbsp;</p>

<p><b>Chapter 11: Silicon Security Configuration</b></p>

<p>Flash SPI lock</p>

<p>SMM Lock</p>

<p>BAR Lock</p>

<p>Chapter: Supply Chain (Vincent)</p>

<p>OEM/ODM/BIOS vendor/IHV</p>

<p>Open source</p>

<p>Fingerprinting</p>

<p>Manufacturing flow to shipment</p>

<p>&nbsp;</p>

<p><b>Part 3: Data Security</b></p>

<p><b>&nbsp;</b></p>

<p><b>Chapter 12: UEFI Kernel </b></p>

<p>DXE/PEI Core (*)</p>

<p>Heap Guard</p>

<p>Stack Guard</p>

<p>NX protection</p>

<p>Enclave</p>

<p>&nbsp;</p>

<b>Chapter 13: Management Mode </b><p></p>

<p>SMM Core (*)</p>

<p>SMM Communication (*)</p>

<p>StandaloneMM (*)</p>

<p>MMIO Protection</p>

<p>Secure SMM Communication</p>

<p>Intel Runtime Resilience</p>

<p>STM (SMI Transfer Monitor)</p>

<p>Chapter: UEFI Variable (Vincent)</p>

<p>Authentication</p>

<p>Variable Lock</p>

<p>Variable Check</p>

<p>Variable Quota Management</p>

<p>Confidentiality</p>

<p>Integrity and Rollback</p>

<p>TPM Binding</p>

<p>RPMB</p>

<p>RPMC</p>

<p>&nbsp;</p>

<p><b>Part 4: Miscellaneous</b></p>

<p><b>&nbsp;</b></p>

<p><b>Chapter 14: General Coding Practice </b></p>

<p>Buffer Overflow</p>

<p>Banned API</p>

<p>Integer Overflow</p>

<p>SafeInt lib</p>

<p>Chapter: Cryptograph (Vincent)</p>

<p>Hash usage in firmware</p>

<p>Encryption usage in firmware</p>

<p>Signing & verification usage in firmware</p>

<p>&nbsp;</p>

<p>Chapter 15: Compiler Defensive Technology </p>

<p>Stack Cookie</p>

<p>Non-Executable</p>

<p>Address Space Randomization</p>

<p>Control Flow Integrity (CFI) / Control Flow Enforcement (CET)</p>

<p>Runtime Check (stack/un-initialized data/integer overflow)</p>

<p>Chapter: Race Condition (Vincent)</p>

<p>BSP/AP handling in UEFI</p>

<p>BSP/AP handling in SMM</p>

<p>TOC/TOU</p>

<p>&nbsp;</p>

<p><b>Chapter 16: Information Leak </b></p>

<p>Side Channel</p>

<p>MDS</p>

<p>SMM</p>

<p>&nbsp;</p>

<b>Chapter 17: Programming Language </b><p></p>

<p>C Language</p>

<p>Rust Language</p>

<p>Part: Security Test</p>

<p>&nbsp;</p>

<p><b>Chapter 18: HBFA </b></p>

<p>Hardware Emulation</p>

<p>Security Unit Test</p>

<p>Fuzzing (AFL)</p>

<p>Static analysis</p>

<p>&nbsp;</p>

<p><b>Chapter 19: chipsec </b></p>

<p>Configuration Check</p>

<p>SMI Fuzzing</p>

<p>Variable fuzzing</p>

<p>Whitelisting/Blacklisting</p>

&nbsp;<p></p>

<p><b>Part 5: Other</b></p>

<p><b>&nbsp;</b></p>

<p><b>Chapter 20: Conclusion </b></p>

<p><b>&nbsp;</b></p>

<p><b>Part 6: Appendices</b></p>

<p>&nbsp;</p>

<p>Secure coding checklist</p>

<p>Secure review checklist</p>

<p>API summary</p>

<p>&nbsp;</p>

<p><b>Part 7: References</b></p>

<b>Jiewen Yao</b> is a principal engineer in the Intel Architecture, Graphics, and Software Group. He has been engaged as a firmware developer for over 15 years. He is a member of the UEFI Security sub team, and the TCG PC Client sub working group. He has presented at industry events such as the Intel Developer Forum, UEFI Plugfest, and RSA conference. He worked with co-author Vincent Zimmer to publish 30 “A Tour Beyond BIOS” technical papers for tianocore.org and firmware.intel.com. He holds 40 US patents.<p><b>Vincent Zimmer</b> is a senior principal engineer in the Intel Architecture, Graphics, and Software Group. He has been engaged as a firmware developer for over 25 years and leads the UEFI Security sub team. He has presented at industry events such as the Open Source Firmware Conference, Linux Fest Northwest, Intel Developer Forum, UEFI Plugfest, Open Compute Project Summit, BlackHat Las Vegas, BSides Seattle, Toorcon, and Cansecwest. In addition to collaborating with Jiewen Yao on many white papers, he has co-authored several books on firmware, papers, and over 400 issued US patents.</p>

Use this book to build secure firmware.<div><br></div><div>As operating systems and hypervisors have become successively more hardened, malware has moved further down the stack and into firmware. Firmware represents the boundary between hardware and software, and given its persistence, mutability, and opaqueness to today’s antivirus scanning technology, it represents an interesting target for attackers.<p>As platforms are universally network-connected and can contain multiple devices with firmware, and a global supply chain feeds into platform firmware, assurance is critical for consumers, IT enterprises, and governments. This importance is highlighted by emergent requirements such as NIST SP800-193 for firmware resilience and NIST SP800-155 for firmware measurement.</p><p>This book covers the secure implementation of various aspects of firmware, including standards-based firmware—such as support of the Trusted Computing Group (TCG), Desktop Management Task Force (DMTF), and Unified Extensible Firmware Interface (UEFI) specifications—and also provides code samples and use cases. Beyond the standards, alternate firmware implementations such as ARM Trusted Firmware and other device firmware implementations (such as platform roots of trust), are covered.</p><p>You will:</p><p></p><ul><li>Get an overview of proactive security development for firmware, including firmware threat modeling</li><li>Understand the details of architecture, including protection, detection, recovery, integrity measurement, and access control</li><li>Be familiar with best practices for secure firmware development, including trusted execution environments, cryptography, and language-based defenses</li><li>Know the techniques used for security validation and maintenance</li></ul><b><br></b></div>

<p>Provides insights from the inventors of many of the defenses</p><p>Shows you how to apply the best-known methods from the authors' years of platform deployment and standards work</p><p>Teaches you how to integrate real code mapping to theory</p>