"Last Mile" Barriers to Removing Legacy BIOS

Similar documents
PreBoot Provisioning Solutions with UEFI

Implementing Secure Boot: A Refresher on Key & Database Configuration

System Prep Applications A Powerful New Feature in UEFI 2.5

Using the UEFI Shell. October 2010 UEFI Taipei Plugfest Insyde Software

UEFI Plugfest March

UEFI What is it? Spring 2017 UEFI Seminar and Plugfest March 27-31, 2017 Presented by Dong Wei (ARM) presented by. Updated

Manufacturing Tools in the UEFI Secure Boot Environment

ARM Server s Firmware Security

System Firmware and Device Firmware Updates using Unified Extensible Firmware Interface (UEFI) Capsules

Hardware Prototyping Using a Windows-Hosted UEFI environment

Engineering UEFI Firmware for Windows: Best Practices and Pitfalls to Avoid

UEFI in Arm Platform Architecture

Tailoring TrustZone as SMM Equivalent

Solutions for the Intel Platform Innovation Framework for EFI July 26, Slide 1

Firmware Test Suite - Uses, Development, Contribution and GPL

UEFI and the Security Development Lifecycle

UEFI Forum Update. UEFI Spring Plugfest March 29-31, 2016 Presented by Dong Wei (The UEFI Forum)

UEFI State of the Union Ecosystem enabling update

Strengthening the Chain of Trust. Kevin Lane HP Jeff Bobzin Insyde Software

Firmware Implementation Techniques to Achieve Windows 8 Fast Boot

UEFI Manageability and REST Services

UEFI and IoT: Best Practices in Developing IoT Firmware Solutions

ARM Trusted Firmware ARM UEFI SCT update

Fall 2017 UEFI Plugfest Agenda

Standardized Firmware for ARMv8 based Volume Servers

Implementing MicroPython as a UEFI Test Framework

An Introduction to Platform Security

General Firmware Overview of Recommendations for Window OS

BIOS Update Release Notes

UEFI Security Response Team (USRT)

BIOS Update Release Notes

Creating Advanced Graphics Libraries on top of GOP

ECE 471 Embedded Systems Lecture 15

Intel Transparent Computing

What is Standard APEX? TOOLBOX FLAT DESIGN CARTOON PEOPLE

BIOS Update Release Notes

BIOS Update Release Notes

UEFI Plugfest Dupont, WA

UEFI ARM Update. UEFI PlugFest March 18-22, 2013 Andrew N. Sloss (ARM, Inc.) presented by

DELLEMC. TUESDAY September 19 th 4:00PM (GMT) & 10:00AM (CST) Webinar Series Episode Nine WELCOME TO OUR ONLINE EVENTS ONLINE EVENTS

UEFI updates, Secure firmware and Secure Services on Arm

Designing Interoperability into IA-64 Systems: DIG64 Guidelines

BIOS Update Release Notes

AMD RAID Installation Guide

Windows 8 BIOS Boot settings

Windows To Go and USB Boot

Implementing Advanced USB Interrupt Transfers

Guide to SATA Hard Disks Installation and RAID Configuration

BIOS Update Release Notes

Microsoft UEFI Certification Authority

Comparison on BIOS between UEFI and Legacy

BIOS Update Release Notes

BIOS Update Release Notes

Enabling Advanced NVMe Features Through UEFI

Spring 2018 UEFI Plugfest

IA32 OS START-UP UEFI FIRMWARE. CS124 Operating Systems Fall , Lecture 6

QL45xxx UEFI HII BIOS. 5/4/2016 Karl Erickson

PL-I Assignment Broup B-Ass 5 BIOS & UEFI

Guide to SATA Hard Disks Installation and RAID Coniguration

BIOS Update Release Notes

AMD Security and Server innovation

Firmware in the datacenter: Goodbye PXE and IPMI. Welcome HTTP Boot and Redfish!

BIOS Update Release Notes

LENOVO THINKSTATION P520C, P520, P720, & P920 WINDOWS 10 INSTALLATION

Boot Mode Considerations: BIOS vs. UEFI

BIOS Update Release Notes

BIOS Update Release Notes

The Role UEFI Technologies Play in ARM Platform Architecture

BIOS Update Release Notes

BIOS Update Release Notes

BIOS Update Release Notes

BIOS Update Release Notes

UEFI Development Anti- Patterns

BIOS Setup. RenderCube Rack GPU Gen2

BIOS Update Release Notes

BIOS Update Release Notes

GSE/Belux Enterprise Systems Security Meeting

UEFI 2.1 Features. Added protocols. New member functions or equivalent

BIOS Update Release Notes

Building Better Firmware Experience An OEM Perspective

ECE 471 Embedded Systems Lecture 12

BIOS Update Release Notes

UEFI Test Tools For Linux Developers

Intel vpro Technology Virtual Seminar 2010

Table of contents. Technical white paper HP Elite Dock with Thunderbolt 3 & HP ZBook Dock with Thunderbolt 3 Features and troubleshooting

ጷ laps Veeam in Categories TRY NOW

BIOS Update Release Notes

Perl Install Module Windows Xp From Cd Boot

Lessons Learned from Implementing a Wi-Fi and BT Stack

BIOS Update Release Notes

BIOS Update Release Notes

March Getting Started with the Intel Desktop Board DQ77MK UEFI Development Kit

Big and Bright - Security

Leveraging Windows Update to Distribute Firmware Updates Model Based Servicing (MBS)

How to Really Secure the Internet

BIOS Update Release Notes

BIOS Update Release Notes

BIOS Update Release Notes

BIOS Update Release Notes

3 November 2009 e09127r1 EDD-4 Hybrid MBR support

Transcription:

presented by "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 November 3, 2017 Presented by Brian Richardson (Intel Corporation)

Agenda What is the Last Mile? Wait we re still talking about BIOS? Why? Advantages using UEFI Class 3 Areas of Focus Call to Action UEFI Plugfest October 2017 www.uefi.org 2

"Last Mile" Barriers to Removing Legacy BIOS What is the Last Mile? UEFI Plugfest October 2017 www.uefi.org 3

Last mile: the last step of delivering infrastructure to customers UEFI Plugfest October 2017 www.uefi.org 4

"Last Mile" Barriers to Removing Legacy BIOS Wait we re still talking about BIOS? Why? UEFI Plugfest October 2017 www.uefi.org 5

Wait we re still talking about BIOS? Why? There is still a reliance on 16-bit BIOS via the Compatibility Support Module (CSM) 1. People still use software that depends on 16-bit BIOS runtime 2. Power-users disable UEFI to bypass secure boot or setup multi-os boot UEFI Plugfest October 2017 www.uefi.org 6

Reminder: UEFI System Classes UEFI Class 0 Legacy BIOS No UEFI or UEFI PI interfaces UEFI Class 2 Uses UEFI/PI interfaces Runtime exposes UEFI and legacy BIOS interfaces UEFI Class 1 Uses UEFI/PI interfaces Runtime exposes only legacy BIOS runtime interfaces UEFI Class 3 Uses UEFI/PI interfaces Runtime exposes only UEFI interfaces UEFI Plugfest October 2017 www.uefi.org 7

and there s one unspoken class UEFI Class 0 Legacy BIOS No UEFI or UEFI PI interfaces UEFI Class 2 Enabling secure boot Uses UEFI/PI interfaces Runtime exposes UEFI and legacy BIOS interfaces essentially creates another UEFI Class UEFI Class 1 Uses UEFI/PI interfaces Runtime exposes only legacy BIOS runtime interfaces UEFI Class 3+ Uses UEFI/PI interfaces Runtime exposes only UEFI interfaces UEFI Secure Boot ON UEFI Plugfest October 2017 www.uefi.org 8

Why are BIOS & CSM still a thing? One specific tool doesn t work with UEFI, so users turn on the CSM as a fix (as we say in Georgia, duct tape is cheaper than welding) Some users blame UEFI or Secure Boot whenever something doesn t work (if you don t believe me, search for UEFI on Twitter) UEFI Plugfest October 2017 www.uefi.org 9

Issues Relying on 16-bit Legacy Security Risks No standards for secure boot or signed code execution Complicates Validation Requires two validation paths (CSM ON & CSM OFF) Supporting Modern Technology New technologies may not provide backward compatibility UEFI Plugfest October 2017 www.uefi.org 10

What is the last mile km for UEFI? Retiring legacy code and related processes Tools (disk duplication, testing, update) Network Boot (PXE) to legacy images Remove user motivations to stick with BIOS Improve experience with UEFI Secure Boot Promote enhanced UEFI features (HTTPS Boot, OS Recovery, Signed Capsule, ) UEFI Plugfest October 2017 www.uefi.org 11

"Last Mile" Barriers to Removing Legacy BIOS Advantages using UEFI Class 3 UEFI Plugfest October 2017 www.uefi.org 12

Advantages using UEFI Class 3 Smaller code size (ROM & OpROM) Smaller validation/support footprint Encourage use of new technologies UEFI Plugfest October 2017 www.uefi.org 13

Industry is moving away from CSM Many Intel Architecture platforms are UEFI Class 3/3+ out of the box Many platforms with CSM (UEFI Class 2) have it disabled by default (required when UEFI Secure Boot is enabled) Now mandated for specific platforms See Security requirements on UEFI requirements for Windows editions on SoC platforms @ microsoft.com UEFI Plugfest October 2017 www.uefi.org 14

Intel is deprecating legacy support Intel is removing legacy BIOS support from client & data center platforms by 2020 Platforms will be strictly UEFI Class 3 No 16-bit OpROM (VGA, LAN, Storage) This will break any customer process that depends on disabling UEFI ( CSM ON ) UEFI Plugfest October 2017 www.uefi.org 15

"Last Mile" Barriers to Removing Legacy BIOS Areas of Focus UEFI Plugfest October 2017 www.uefi.org 16

Areas of Focus Improve user experience with UEFI Secure Boot (OS install, tools, recovery) Eliminate components with no UEFI support Remove DOS/BIOS dependencies from manufacturing/maintenance tools Educate customers on migrating network boot to UEFI (PXE & HTTPS) UEFI Plugfest October 2017 www.uefi.org 17

Areas of Focus Improve user experience with UEFI Secure Boot (OS install, tools, recovery) Eliminate components with no UEFI support Remove DOS/BIOS dependencies from This is the typical consumer scenario, and the most manufacturing/maintenance tools restrictive from a validation standpoint. So Educate Validate your customers tools with secure on migrating boot on network boot Customers to UEFI shouldn t (PXE have & HTTPS) to disable secure boot or enable CSM to solve common recovery problems UEFI Plugfest October 2017 www.uefi.org 18

Areas of Focus Improve user experience with UEFI Secure Boot (OS install, tools, recovery) Eliminate components with no UEFI support Remove DOS/BIOS dependencies from manufacturing/maintenance tools It s a supply chain problem wait, we re the supply chain! Educate Drivers, peripherals, customers and on utilities migrating work without network CSM boot No DOS to UEFI requirements (PXE & for HTTPS) pre-os validation/tools (try UEFI Shell or Python) UEFI Plugfest October 2017 www.uefi.org 19

Areas of Focus Improve No DOS requirements user experience for pre-os with validation UEFI Secure or Boot maintenance (OS install, tools tools, (try UEFI recovery) Shell or Python) Eliminate components with no UEFI support Remove DOS/BIOS dependencies from manufacturing/maintenance tools Educate customers on migrating network boot to UEFI (PXE & HTTPS) Can you run manufacturing tests with UEFI Secure Boot enabled (UEFI Class 3+)? UEFI Plugfest October 2017 www.uefi.org 20

Areas of Focus Promote improved functionality powered by UEFI Improve user experience with UEFI Secure (i.e. why are HTTPS & OS Recovery awesome?) Boot (OS install, tools, recovery) Remove our customer s incentives to stick with Eliminate outdated components tools that require with DOS no & BIOS UEFI support Remove DOS/BIOS dependencies from manufacturing/maintenance tools Educate customers on migrating network boot to UEFI (PXE & HTTPS) UEFI Plugfest October 2017 www.uefi.org 21

"Last Mile" Barriers to Removing Legacy BIOS Call to Action UEFI Plugfest October 2017 www.uefi.org 22

Call to Action Many UEFI platforms still enable legacy BIOS compatibility using CSM CSM expose security issues and delays 100% migration to UEFI Many modern features have no equivalent legacy functionality and require booting in UEFI mode Intel is planning to deprecate legacy compatibility by 2020, and is working with partners on a smooth industry transition UEFI Plugfest October 2017 www.uefi.org 23

Thanks for attending the Fall 2017 UEFI Plugfest For more information on the UEFI Forum and UEFI Specifications, visit http://www.uefi.org presented by UEFI Plugfest October 2017 www.uefi.org 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback