Brian Richardson

Researchers from Intel's Platform Armoring and Resiliency team will walk through the evolution of various firmware threat models as a result of the low-level skill advancement of software and hardware adversaries. In response, TianoCore added new in the UEFI Development Kit 2018 (UDK2018) release, along with enhancing existing security features.

This session provides real-world examples of several attack classes along with effective mitigation techniques against them. Topics include an introduction to platform security, an update on changes to the UEFI threat model, and a walkthrough of a critical Unified Extensible Firmware Interface (UEFI) security features (ex: HTTPS boot, pre-boot DMA protection using VT-d, guard page protection for potential stack/heap overflows).

This workshop demonstrates how to compile and build UEFI platform firmware based on the open source EDK II framework at tianocore.org. Examples are based on the Open Virtual Machine Firmware (OVMF) project, which generates a firmware for the Quick Emulator (QEMU) environment under Linux*. Further examples show the benefits of using OVMF to understand UEFI and EDK II architecture.

Participants will set up an EDK II development environment for Linux, build the OVMF platform, use their custom firmware to boot a QEMU environment, boot to the UEFI Shell, and explore common UEFI Shell commands used for firmware debugging.

Installing Docker instructions, please click on workshop material:
https://github.com/tianocore/tianocore.github.io/wiki/Container-for-OSFC-Workshops

Python* is a popular high-level interpreted language, common in automated testing environments. TianoCore includes an open source CPython implementation for UEFI, but it has limited functionality and isn’t compliant with current Python standards.

This session describes the process of porting MicroPython to UEFI. MicroPython is a Python 3 variant designed for microcontrollers. Memory and size optimizations make MicroPython ideal for pre-OS applications. This presentation describes implementation details, performance metrics, and an open source test framework based on the MicroPython engine for UEFI.

This workshop demonstrates how to use the Intel® UEFI Development Kit (Intel® UDK) Debugger with GNU Debugger (GDB) to debug UEFI drivers and platform firmware in a Linux environment. Exercises are based on EFI Development Kit II (EDK II) firmware for the Open Virtual Machine Firmware (OVMF) project.
Participants will set up an EDK II development environment for Linux, build a UEFI driver, and debug firmware issues using Linux and QEMU. The workshop demonstrates debug capabilities built into EDK II and how they work with UEFI drivers and platform firmware:

• Use the Platform Configuration Database (PCD) to configure debug features
• How to debug the various phases of UEFI firmware
• Build a UEFI Driver with Debug Symbols
• Build a UEFI Driver with Heap Guard Enabled

Installing Docker instructions, please click on workshop material
https://github.com/tianocore/tianocore.github.io/wiki/Container-for-OSFC-Workshops

CHIPSEC is a security research and validation tool implemented in Python that allows for low-level access to hardware. The powerful scripting capabilities can be used for some tasks, including verification of security mitigations as well future security research. This workshop will provide an overview of the existing tool architecture and how to write modules and tools. Modules will focus on using CHIPSEC for verification of firmware mitigations. Tools will focus on using CHIPSEC to stress the system and perform tasks such as fuzzing interfaces.

CHIPSEC is one tool used to help verify that systems meet basic security best practices. In general, this tool works with the threat model used by Unified Extensible Firmware Interface (UEFI) based firmware. However, other firmware may have different threat models that will cause failures in different CHIPSEC modules. This session is a brief overview of the different types of failures that may be seen and the limitations of the tool.