EDK II Security White Papers

Jump to bottom

Rebecca Cran edited this page Apr 21, 2023 · 19 revisions

A list of White Papers and information for EDK II Security from multiple sources

https://uefi.org
https://software.intel.com/en-us/firmware/
https://tianocore.org
Industry standard:
- NIST: https://csrc.nist.gov/publications/sp800
- TCG: http://trusted.computinggroup.com/
SideChannel: Intel Software Developer Zone -firmware speculative execution
MDS: Intel Software Developer Zone - microarchitectural data sampling

General:

Book - building secure firmware (October 2020)
uefi.org - An Introduction to Platform Security (Spring 2018)
uefi.org - Threat Modeling for Modern System FW.pdf (July 2013)

EDK II Code:

A Tour Beyond BIOS - Security Design Guide in_EDK_II.pdf (Sept 2016)
EDK II Secure Coding Guide (June 2019)
EDK II Secure Code Review Guide (June 2019)
OCP - Secure Firmware Development Best Practices (May 2020)
Universal Scalable Firmware - Security (October 2021)

Memory Protection:

A Tour Beyond BIOS – Memory Protection in UEFI BIOS - gitbook (March 2017)
A Tour Beyond BIOS - Mitigate Buffer Overflow in UEFI (April 2018)

SMM Protection:

A Tour Beyond BIOS Secure SMM Communication (April 2016)
uefi.org - SMM Protection in EDK II (Spring 2017)

SecureBoot/AuthVariable:

Understanding the UEFI Secure Boot Chain (June 2019)
A Tour Beyond BIOS - Implementing UEFI Authenticated Variables in SMM with EDK II (Oct 2015)

TrustedBoot/TPM2:

Understanding the Trusted Boot Chain Implementation (Nov 2020)
A Tour Beyond BIOS - with the UEFI TPM2 Support in EDK II (Sept 2014)
FSP2 Measurement and Attestation (July 2021)
uefi.org - Traceable Firmware Bill of Materials Overview

DMA: A Tour Beyond BIOS - Using IOMMU for DMA Protection in UEFI firmware (Oct 2017)

Capsule/Recovery: A Tour Beyond BIOS - Capsule Update and Recovery in EDK II (Dec 2016)

S3: A Tour Beyond BIOS - Implementing S3 Resume with EDK II (Oct 2015)

Profile: A Tour Beyond BIOS - Implementing Profiling in EDK_II (July 2016)

STM/VMM:

A Tour Beyond BIOS - Launching STM to Monitor SMM in EDK II (Aug 2015)
A Tour Beyond BIOS - Launching a VMM in EDK II (Oct 2015)
A Tour Beyond BIOS - Supporting SMM Resource Monitor using EDK II (June 2015)

StandaloneMM: A Tour Beyond BIOS - Launching Standalone SMM Drivers in the PEI Phase using EDK II (May 2015)

Home | Getting Started with EDK II | Reporting Issues | Community Information | Community Support | Inclusive Language | Tasks | BSD+Patent

Wiki Navigation:

Home
Getting Started with EDK II
Build Instructions
EDK II Platforms
EDK II Documents
EDK II Release Planning
Reporting Issues
Reporting Security Issues
Community Information
Inclusive Language
Additional Projects & Tasks
Training
Community Support
Community Virtual Meetings
GHSA GitHub Security Advisories Proceess (Draft)

Clone this wiki locally