PreBoot Provisioning Solutions with UEFI

Similar documents
System Prep Applications A Powerful New Feature in UEFI 2.5

Manufacturing Tools in the UEFI Secure Boot Environment

Implementing Secure Boot: A Refresher on Key & Database Configuration

"Last Mile" Barriers to Removing Legacy BIOS

Firmware Implementation Techniques to Achieve Windows 8 Fast Boot

Tailoring TrustZone as SMM Equivalent

ARM Trusted Firmware ARM UEFI SCT update

UEFI and the Security Development Lifecycle

Creating Advanced Graphics Libraries on top of GOP

ARM Server s Firmware Security

Strengthening the Chain of Trust. Kevin Lane HP Jeff Bobzin Insyde Software

Standardized Firmware for ARMv8 based Volume Servers

Implementing Advanced USB Interrupt Transfers

UEFI Manageability and REST Services

Lessons Learned from Implementing a Wi-Fi and BT Stack

Hardware Prototyping Using a Windows-Hosted UEFI environment

General Firmware Overview of Recommendations for Window OS

Microsoft UEFI Certification Authority

UEFI What is it? Spring 2017 UEFI Seminar and Plugfest March 27-31, 2017 Presented by Dong Wei (ARM) presented by. Updated

Leveraging Windows Update to Distribute Firmware Updates Model Based Servicing (MBS)

UEFI updates, Secure firmware and Secure Services on Arm

Enabling Advanced NVMe Features Through UEFI

UEFI in Arm Platform Architecture

Engineering UEFI Firmware for Windows: Best Practices and Pitfalls to Avoid

UEFI Forum Update. UEFI Spring Plugfest March 29-31, 2016 Presented by Dong Wei (The UEFI Forum)

System Firmware and Device Firmware Updates using Unified Extensible Firmware Interface (UEFI) Capsules

UEFI Plugfest Dupont, WA

Building Better Firmware Experience An OEM Perspective

UEFI ARM Update. UEFI PlugFest March 18-22, 2013 Andrew N. Sloss (ARM, Inc.) presented by

Windows To Go and USB Boot

Debugging under Unified Extensible Firmware Interface (UEFI): Addressing DXE Driver Challenges

Implementing MicroPython as a UEFI Test Framework

An Introduction to Platform Security

Firmware in the datacenter: Goodbye PXE and IPMI. Welcome HTTP Boot and Redfish!

AMD Security and Server innovation

UEFI State of the Union Ecosystem enabling update

Comparison on BIOS between UEFI and Legacy

Using the UEFI Shell. October 2010 UEFI Taipei Plugfest Insyde Software

The Role UEFI Technologies Play in ARM Platform Architecture

QL45xxx UEFI HII BIOS. 5/4/2016 Karl Erickson

Deploying Secure Boot: Key Creation and Management

Intel Transparent Computing

The TPM 2.0 specs are here, now what?

UEFI Plugfest March

UEFI and IoT: Best Practices in Developing IoT Firmware Solutions

Microsoft Sample Code on GitHub and Walkthrough on Firmware Updates to Windows Update (WU)

BIOS. Chapter The McGraw-Hill Companies, Inc. All rights reserved. Mike Meyers CompTIA A+ Guide to Managing and Troubleshooting PCs

TRUSTED SUPPLY CHAIN & REMOTE PROVISIONING WITH THE TRUSTED PLATFORM MODULE

Designing Security & Trust into Connected Devices

DELLEMC. TUESDAY September 19 th 4:00PM (GMT) & 10:00AM (CST) Webinar Series Episode Nine WELCOME TO OUR ONLINE EVENTS ONLINE EVENTS

Format Hard Drive Using Windows 7 Recovery Disk

How to boot Mac OS X 10.5 from RocketRAID esata for Mac

Systems management is a key part of the IT

Provisioning secure Identity for Microcontroller based IoT Devices

UEFI / Bios was denn das?

Open Source Facebook. David Hendricks: Firmware Engineer Andrea Barberio: Production Engineer

Attacking and Defending the Platform

3 November 2009 e09127r1 EDD-4 Hybrid MBR support

Embedded Base Boot Requirements. Dong Wei

Auto-Provision Specification

Backup, File Backup copies of individual files made in order to replace the original file(s) in case it is damaged or lost.

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

BIOS User Guide RACING P1A

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration. Chapter 2 Installing Windows Server 2008

Do A Manual System Restore On Windows 8 From Startup Repair

Integrating RDX QuikStor into Windows Backup with Full System Recovery for Windows Desktop OS

UEFI Test Tools For Linux Developers

UEFI Secure Boot and DRI. Kalyan Kumar N

Additional Resources

Spring 2018 UEFI Plugfest

UEFI Development Anti- Patterns

Acronis Snap Deploy 5 Update 3 USER GUIDE

Trusted Mobile Keyboard Controller Architecture

Past, Present, and Future Justin Johnson Senior Principal Firmware Engineer

IBM Hidden Protected Area Access IBM Predesktop Area

Security in NVMe Enterprise SSDs

Install Virtual Guest Services Greyed Out Vmm 2012

Mohan J. Kumar Intel Fellow Intel Corporation

UEFI ARM Update. Presented by Mitch Ishihara. UEFI Plugfest October presented by

System information update for system board replacement events

Windows 8 Uefi Bios Update Step By Step Guide Msi Usa

GELI Support for UEFI

Firmware Test Suite - Uses, Development, Contribution and GPL

Solutions for the Intel Platform Innovation Framework for EFI July 26, Slide 1

Farstone TotalDeploy User Guide

VMware vsphere 5.5 Professional Bootcamp

PL-I Assignment Broup B-Ass 5 BIOS & UEFI

ARM SERVER STANDARDIZATION

AMD Ryzen Threadripper NVMe RAID Quick Start Guide RC Release Version 1.0

AMD RAID Installation Guide

Once all of the features of Intel Active Management Technology (Intel

Impact of platform firmware on Linux kernel. Megha Dey, Sai Praneeth Prakhya Intel Open Source Technology Center

Integrating RDX QuikStor into Windows Backup with Full System Recovery for Windows Server OS

BIOS Setup. User s Guide. (For Skylake-W Platform) Rev.1.1

BraindumpsVCE. Best vce braindumps-exam vce pdf free download

Use of Mojo PowerPoint Template. Your name, Title

New Approaches to Connected Device Security

HT801/HT802 Firmware Release Note IMPORTANT UPGRADING NOTE

How do I patch custom OEM images? Are ESXi patches cumulative? VMworld 2017 Do stateless hosts keep SSH & SSL identities after reboot? With Auto Deplo

Release Notes. Dell SonicWALL SRA Release Notes

Transcription:

presented by PreBoot Provisioning Solutions with UEFI UEFI Spring Plugfest May 18-22, 2015 Presented by Zachary Bobroff (AMI) Updated 2011-06-01 UEFI Plugfest May 2015 www.uefi.org 1

Agenda Introduction Building on Top of the UEFI Specification Expanding Further Call to Action UEFI Plugfest May 2015 www.uefi.org 2

PreBoot Provisioning Solutions with UEFI Introduction UEFI Plugfest May 2015 www.uefi.org 3

Current Challenges for Provisioning UEFI systems need to be configured to meet datacenter and corporate policies Systems crash in the field and current recovery mechanisms don t always fit As OS and firmware updates come out, they need to be quickly and effectively deployed globally Provisioning utilities on a disk are susceptible to corruption and malicious software UEFI Plugfest May 2015 www.uefi.org 4

Why cant a feature rich provisioning be developed for use in firmware? UEFI Plugfest May 2015 www.uefi.org 5

Firmware Based Provisioning Firmware based provisioning is already included in the flash part External media provisioning still needs factory provisioning Firmware has access to information and interfaces that is not available to external applications As the root of trust, the firmware is the most secure part of a platform UEFI Plugfest May 2015 www.uefi.org 6

UEFI 2.5 Makes it Easier FMP has been expanded to include support for updating the firmware of any device on a system in a common manner System configuration data has been expanded so configuration data layout can be known outside of the firmware itself HTTP support has been expanded to an entire client stack to allow full network access and even access to the internet UEFI Plugfest May 2015 www.uefi.org 7

PreBoot Provisioning Solutions with UEFI Building on Top of the UEFI Specification UEFI Plugfest May 2015 www.uefi.org 8

Firmware Management Protocol (FMP) Capsules can now be code and data! Saving space and boot time for the firmware FMP allows external devices to manage the security of their own firmware Updating via a capsule is the most secure method available today UEFI Plugfest May 2015 www.uefi.org 9

FMP Update in Action Firmware Capsule Update Updating Complete! FMP Starts Update UEFI Plugfest May 2015 www.uefi.org 10

System Configuration Data X-UEFI language has allowed a common mapping of configuration options to a master list New mappings allows: Migration of current configuration during firmware updates Current configuration can be migrated to other systems more easily Common look and feel for different systems External agents can modify specific settings through OEM proprietary methods OpRom vendors should provide similar mappings UEFI Plugfest May 2015 www.uefi.org 11

System Configuration Data Migration Verified UEFI Plugfest May 2015 www.uefi.org 12

HTTP Support UEFI 2.5 has added a complete client side HTTP stack allowing network access to: Do system firmware updates Check for any needed system configuration changes Download any OS images or updates Server for providing images can be located in a datacenter, corporation or by the ODM Throw away the recovery CD and recovery partition! UEFI Plugfest May 2015 www.uefi.org 13

HTTP Update BIOS/Configuration/OS Check for Updates from Server or Web Server Provides Update UEFI Plugfest May 2015 www.uefi.org 14

Advanced Networking Support For the security conscious, UEFI s HTTP support can be expanded VPNs can be setup through IPSec Services like KMS implemented on top of advanced UEFI network interfaces such as HTTP and TLS will provide an implementation that is free from packet snooping UEFI Plugfest May 2015 www.uefi.org 15

PreBoot Provisioning Solutions with UEFI Building Further UEFI Plugfest May 2015 www.uefi.org 16

System Diagnostics UEFI provides many interfaces to create diagnostics tools IHVs should be providing the EFI_DRIVER_DIAGNOSTICS2_PROTOCOL to automatically extend platform diagnostics support UEFI Plugfest May 2015 www.uefi.org 17

System Auto-Recovery OS can inform firmware of crash to auto-initiate recovery though EFI_OS_INDICATIONS_START_PLATFORM_RECOVERY bit Recovery Image Loaded to Platform UEFI Plugfest May 2015 www.uefi.org 18

System Auto-Provision As systems arrive from factory they can autoprovision at the customer site On Provisioning Server OS Firmware Update Config System Provisioned UEFI Plugfest May 2015 www.uefi.org 19

PreBoot Provisioning Solutions with UEFI Call to Action UEFI Plugfest May 2015 www.uefi.org 20

Call to Action Add-on card vendors and third party HW vendors should provide FMP and diagnostics capabilities All firmware that uses system configuration methods should produce x-uefi mappings OEMs should build industry ready solutions for configuration, provisioning, recovery and diagnostics OEMs need to be solution providers! UEFI Plugfest May 2015 www.uefi.org 21

Thanks for attending the UEFI Spring Plugfest 2015 For more information on the Unified EFI Forum and UEFI Specifications, visit http://www.uefi.org presented by UEFI Plugfest May 2015 www.uefi.org 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback