Ryan O'Leary

Oreboot = Coreboot without C. Oreboot is a fully open-source power-on-reset and romstage firmware written in Rust. By design, the firmware requires all support packages (such as memory init) to be open-source. Currently, Oreboot can boot an AST2500 ARM BMC to Linux with a u-bmc user-mode.

Oreboot rethinks the firmware driver models. Each driver is distilled to four basic functions: init, pread, pwrite and shutdown. This interface allows us to make convenient higher-level drivers such as a "union driver" which duplicates a single write operation to multiple drivers. This makes consoles which have multiple underlying UART drivers elegant.

By using the Rust programming language, Oreboot has a leg-up in terms of security and reliability compared to contemporary firmware written in C or assembly. Rust's borrow-checker ensures pointers are not used after being freed and proves that coroutines are thread-safe at compile time.

In this talk, we will also present a short overview of the basics of Rust, how our driver model incorporates coroutines and the bootflow of Oreboot.

In this talk we present Fiano, Go-based tools created at Google and Facebook for manipulating UEFI images. Fiano is fast, scriptable, easy to use, and most importantly, does not require you to have UEFI source -- you can modify UEFI ROMs, remove DXEs and, if desired, replace them with a Linux kernel.

Fiano puts you in control of your systems firmware. Even if your BIOS is a blob and outside your control, these tools will help you inspect your firmware (for example, malware analysis) and improve your security.

Fiano can also improve build times, making it possible for individual DXEs to be compiled and inserted into a prebuilt image, avoiding the need to rebuild the entire firmware image.

In the future, we hope to see more systems with a fully open-source firmware stack. Until such time, tools such as Fiano are necessary to give you freedom and act as a stepping stone to bring open-source into your firmware.