System Prep Applications A Powerful New Feature in UEFI 2.5

Similar documents
PreBoot Provisioning Solutions with UEFI

Implementing Secure Boot: A Refresher on Key & Database Configuration

Using the UEFI Shell. October 2010 UEFI Taipei Plugfest Insyde Software

Manufacturing Tools in the UEFI Secure Boot Environment

Firmware Implementation Techniques to Achieve Windows 8 Fast Boot

General Firmware Overview of Recommendations for Window OS

Hardware Prototyping Using a Windows-Hosted UEFI environment

Tailoring TrustZone as SMM Equivalent

The TPM 2.0 specs are here, now what?

Engineering UEFI Firmware for Windows: Best Practices and Pitfalls to Avoid

UEFI ARM Update. UEFI PlugFest March 18-22, 2013 Andrew N. Sloss (ARM, Inc.) presented by

Enabling Advanced NVMe Features Through UEFI

Microsoft UEFI Certification Authority

Deploying Secure Boot: Key Creation and Management

Strengthening the Chain of Trust. Kevin Lane HP Jeff Bobzin Insyde Software

Standardized Firmware for ARMv8 based Volume Servers

Windows To Go and USB Boot

Leveraging Windows Update to Distribute Firmware Updates Model Based Servicing (MBS)

UEFI and the Security Development Lifecycle

ARM Trusted Firmware ARM UEFI SCT update

Debugging under Unified Extensible Firmware Interface (UEFI): Addressing DXE Driver Challenges

Implementing Advanced USB Interrupt Transfers

UEFI Manageability and REST Services

UEFI and IoT: Best Practices in Developing IoT Firmware Solutions

"Last Mile" Barriers to Removing Legacy BIOS

Comparison on BIOS between UEFI and Legacy

The Role UEFI Technologies Play in ARM Platform Architecture

UEFI What is it? Spring 2017 UEFI Seminar and Plugfest March 27-31, 2017 Presented by Dong Wei (ARM) presented by. Updated

UEFI in Arm Platform Architecture

AMD Security and Server innovation

System Firmware and Device Firmware Updates using Unified Extensible Firmware Interface (UEFI) Capsules

UEFI Plugfest Dupont, WA

UEFI Forum Update. UEFI Spring Plugfest March 29-31, 2016 Presented by Dong Wei (The UEFI Forum)

Creating Advanced Graphics Libraries on top of GOP

UEFI Development Anti- Patterns

UEFI Plugfest March

An overview of ACPICA Userspace Tools

Lessons Learned from Implementing a Wi-Fi and BT Stack

An Introduction to Platform Security

UEFI, SecureBoot, DeviceGuard, TPM a WHB (un)related technologies

ARM Server s Firmware Security

Firmware Test Suite - Uses, Development, Contribution and GPL

UEFI updates, Secure firmware and Secure Services on Arm

UEFI / Bios was denn das?

Building Better Firmware Experience An OEM Perspective

UEFI ARM Update. Presented by Mitch Ishihara. UEFI Plugfest October presented by

UEFI Security and Networking Advancements

Implementing MicroPython as a UEFI Test Framework

GSE/Belux Enterprise Systems Security Meeting

UEFI 2.1 Features. Added protocols. New member functions or equivalent

Cisco UCS Configuration Utility Quick Start Guide

Spring 2018 UEFI Plugfest

UEFI State of the Union Ecosystem enabling update

Firmware in the datacenter: Goodbye PXE and IPMI. Welcome HTTP Boot and Redfish!

Solutions for the Intel Platform Innovation Framework for EFI July 26, Slide 1

UEFI Security Response Team (USRT)

Microsoft Sample Code on GitHub and Walkthrough on Firmware Updates to Windows Update (WU)

3 November 2009 e09127r1 EDD-4 Hybrid MBR support

Intel Transparent Computing

Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge

UEFI Porting Update for ARM Platforms

Updates on Server Base System Architecture and Boot Requirements. Dong Wei

Windows IoT Security. Jackie Chang Sr. Program Manager

Attacking and Defending the Platform

Table of Contents. Table of Figures. 2 Wave Systems Corp. Client User Guide

EFIS005. Security and Networking Advancements Today s UEFI and Intel UEFI Development Kit 2010 (Intel UDK2010)

Windows Vista. Northwestern University

Designing Interoperability into IA-64 Systems: DIG64 Guidelines

Physical Imaging Standard - Restoring to Hyper-V Virtual Machine

System information update for system board replacement events

Veeam Endpoint Backup

QL45xxx UEFI HII BIOS. 5/4/2016 Karl Erickson

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Steps To Format Laptop Windows Xp And Install Windows 7 Dell

Advanced x86: BIOS and System Management Mode Internals UEFI SecureBoot. Xeno Kovah && Corey Kallenberg LegbaCore, LLC

How to boot Mac OS X 10.5 from RocketRAID esata for Mac

Cisco CIMC Firmware Update Utility User Guide

Backup, File Backup copies of individual files made in order to replace the original file(s) in case it is damaged or lost.

Microsoft Exam OEM Preinstallation Version: 8.3 [ Total Questions: 98 ]

UEFI Secure Boot with Dell PowerEdge 14G with VMware ESXi 6.5

Longhorn Large Sector Size Support. Anuraag Tiwari Program Manager Core File System

TRUSTED SUPPLY CHAIN & REMOTE PROVISIONING WITH THE TRUSTED PLATFORM MODULE

How To Restore Macbook Pro To Factory Settings Snow Leopard No Disk

Past, Present, and Future Justin Johnson Senior Principal Firmware Engineer

CIS 4360 Secure Computer Systems Secured System Boot

ServerReady and Open Standards Accelerating Delivery

Windows 8 BIOS Boot settings

GELI Support for UEFI

CLASS AGENDA. 9:00 9:15 a.m. 9:15 10:00 a.m. 10:00 12:00 p.m. 12:00 1:00 p.m. 1:00 3:00 p.m. 3:00 5:00 p.m.

Introduction to HPE ProLiant Servers HE643S

Introduction to Standards based approach to Server

Windows 8 Uefi Bios Update Step By Step Guide Msi Usa

Intel vpro Technology Virtual Seminar 2010

Mark Tuttle, Lee Rosenbaum, Oleksandr Bazhaniuk, John Loucaides, Vincent Zimmer Intel Corporation. August 10, 2015

benefits for customers with subscriptions in CSP

Tactics, Techniques and Procedures (TTP): BitLocker End-User Guide

Deploying Windows 10

Using Linux as a Secure Boot Loader for OpenPOWER Servers

DELLEMC. TUESDAY September 19 th 4:00PM (GMT) & 10:00AM (CST) Webinar Series Episode Nine WELCOME TO OUR ONLINE EVENTS ONLINE EVENTS

Impact of platform firmware on Linux kernel. Megha Dey, Sai Praneeth Prakhya Intel Open Source Technology Center

Transcription:

presented by System Prep Applications A Powerful New Feature in UEFI 2.5 UEFI Spring Plugfest May 18-22, 2015 Presented by Kevin Davis Insyde Software Updated 2011-06-01 UEFI Plugfest May 2015 www.uefi.org 1

Agenda Introduction Current Methods Current Example Solution Call to action Questions? UEFI Plugfest May 2015 www.uefi.org 2

SysPrep Purpose Some UEFI Drivers and Applications need to run before the OS to Prepare the System Possible examples: Encrypted Storage Unlock User identification and verification System provisioning and maintenance from central management with Network Boot Firmware version check up-to-date Early Disability Accessibility UI provider UEFI Plugfest May 2015 www.uefi.org 3

Current Methods DRIVER# works great! Pros: Very early Cons: Limited devices available Driver Model Start requires driver to be attached to a device No console rights available for user interactions BOOT# works great! Pros: Console available for user interactions Cons: OSs and OEMs modify Boot Order for to be first or value-add Too late in the process Lots of issues trying to understand all of the other items in the BOOT# UEFI Plugfest May 2015 www.uefi.org 4

Example - Disk Encryption Protect data at rest on the desk User enter PIN or uses biometric device Receive unlock permission Unlock the encrypted OS and Data device Perform recovery actions if invalid permission Currently use LOAD_OPTION_CATEGORY_BOOT to manage load of application UEFI Plugfest May 2015 www.uefi.org 5

Example - Disk Encryption (con t) Currently App needs to integrate into BootOrder App Runtime needs to start before the OS loader OS installers tend to change the BootOrder during initial installs or re-installs Can cause app to fail and OS disk to remain encrypted But App Runtime needs to stay before OS Need to review BootOrder on every boot? How? UEFI Plugfest May 2015 www.uefi.org 6

SysPrep#### is the solution Similar handing as Boot#### and Driver#### Loaded after Driver#### Loaded before Boot#### Must be EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION! Attributes sub-field LOAD_OPTION_CATEGORY is ignored! DRIVER# SYSREP# BOOT# UEFI Plugfest May 2015 www.uefi.org 7

Resources Available Same console rights as Boot### target - and can ask for console if not previously started by platform policy Same network rights as Boot### targetand can ask for network if not previously started by platform policy UEFI Plugfest May 2015 www.uefi.org 8

Boot Manager Policy Protocol Protocol published by the UEFI Boot Manager Can be used by Sysprep or other EFI Applications Purpose: Connection requests for any required devices using platform policy. UEFI Plugfest May 2015 www.uefi.org 9

typedef struct _EFI_BOOT_MANAGER_POLICY_PROTOCOL EFI_BOOT_MANAGER_POLICY_PROTOCOL; struct _EFI_BOOT_MANAGER_POLICY_PROTOCOL { UINT64 Revision; EFI_BOOT_MANAGER_POLICY_CONNECT_DEVICE_PATH ConnectDevicePath; EFI_BOOT_MANAGER_POLICY_CONNECT_DEVICE_CLASS ConnectDeviceClass; }; // Classes for ConnectDeviceClass #define EFI_BOOT_MANAGER_POLICY_CONSOLE_GUID \ {0xCAB0E94C,0xE15F,0x11E3,{0x91,0x8D,0xB8,0xE8,0x56,0x2C,0xBA,0xFA } } #define EFI_BOOT_MANAGER_POLICY_NETWORK_GUID \ {0xD04159DC,0xE15F,0x11E3,{0xB2,0x61,0xB8,0xE8,0x56,0x2C,0xBA,0xFA } } #define EFI_BOOT_MANAGER_POLICY_CONNECT_ALL_GUID \ {0x113B2126,0xFC8A,0x11E3,{0xBD,0x6C,0xB8,0xE8,0x56,0x2C,0xBA,0xFA } } UEFI Plugfest May 2015 www.uefi.org 10

Security For systems implementing UEFI SecureBoot, App MUST be signed! Could be UEFI CA Could be OEM / ODM / IBV CA OEM could include ISV s Cert in db UEFI Plugfest May 2015 www.uefi.org 11

Call to action ISVs, IHVs Work with a partner to validate your solution Other BIOS companies Implement! Work with a partner to validate your solution Be ready by the next plugfest UEFI Plugfest May 2015 www.uefi.org 12

Thanks for attending the UEFI Spring Plugfest 2015 For more information on the Unified EFI Forum and UEFI Specifications, visit http://www.uefi.org presented by UEFI Plugfest May 2015 www.uefi.org 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback