Speaker Unknown
Time 2012-01-20 09:00
Conference LCA2012

Replacement for legacy BIOS; BSD licensed core. BIOS had been around for 20 years. People decided to replace it with something different. Everyone bases there code from the standard Intel limitation. This time last year, I was a lot happier with life.

EFI drivers. Standard BIOS in x86 assembler language. Now written in C. Standard C library has been ported.

EFI application

EFI bootcode

No need to embed boot code into MBRs, etc. EFI understands FAT filesystem, and can boot directly.

EFI uses a lot of memory, but you get most of it back when the system boots.

Non volatile variable storage. Tell bootloader where to load from. Not standardised.

Ooops - can put kernel oops message into a variable.

Real time clock must be put in local time, but does have timezone and DST updated flag. Specification written by Intel, not Microsoft.

GPT GUID partition table. No practical restrictions on partition sizes or number of partitions. Provides more metadata information about partition type.

Not utf16, ucs2. Some utf16 characters not supported.

Good, right? There may be some things I have not told you yet.

TianoCore. Intel reference UEFI implementation. Used as the basis of the development kit. 7061 files. 100MB of code. 10% size of Linux code. Doesn’t contain many drivers. If we ignore drivers, the result is larger then the Linux kernel.

Files contain code. Code contains bugs. Therefore UEFI contains bugs. Quite a lot of bugs.

ExitBootServes() SetVirtualAddressMap() must be called after. Therefore this should not call boot services, right? Some bad hacks to work around this. Bug fixed by Intel, but will not get fixed on existing systems.

Virtual memory. Apple. Broken.

So many bugs in variable code. In violation of specifications.

Rebooting is broken on some implementations.

Kerrnel only has to worry about bugs in the run time services. Grub also needs to deal with boot time services.

UEFI poorly testing in the real world. Some bugs prevent installation of Windows. UEFI contains a lot of code, and contains a lot of bugs.

UEFI secure boot.

PK is owned by owner, hardware vendor KEK is own by OS that can add to the whilte list. DB contains the whitelisted keys.

OS knows it has been securely booted by reuesting SecureBoot variable be read, by calling firmware. Therefore the firmware must be trusted. All kernel code, including modules, must be trusted. So all modules must be signed, or risk having kernel black listed as it could be a glorified malware loader.

Out of tree driver vendors? Can no longer build drivers on machines, this would require signing key. Can no longer recompile modules for your specific kernel compilation.

You have been a wonderful audience. As me things while I’m still lucid.

64 bit windows requires signed drivers, this may be extended to 32 bit signed drivers. Windows driver signing is exactly the same as EFI signing. All members start with the prefix win.

Microsoft changed certification requirements: x86 systems must be possible to disable EFI secure boot or add new keys. Doesn’t say how this is to be done, or what formats the key must be entered in. Computer novices may not be comfortable doing this. Computer experts may find it different typing in long keys into bios. May be a lot harded then just distributing a CD to novices.

Trying to get a solution that works for everybody; nothing I can tell you yet.

Secure EFI is not a DRM or TPM mechanism. Never. Firmware must be trusted. Is possible to change Firmware to lie and say OS is being booted securely when it isn’t. Must not allow anyone to argue that we are messing around with DRM protection measures.

Development is done in secret, must not publicise developments early.

Windows has become more secure lately. In Windows 8 there is additional validation stuff. Boot loader can check kernel and drivers to ensure nothing has been tampered with. Boot loader can be attacked. Boot loader can modify kernel in memory after loading. Any virus scanner checking gets told that no melware exists.

All BIOS updates must be signed. BIOS updates will be easier then previously.

What is microsoft’s black listing policy? We have no idea, Microsoft won’t tell us.