Hi [[ session.user.profile.firstName ]]

The Impact of Post Quantum Cryptography on UEFI BIOS

In order to resist the threat from quantum computers, National Institute of Standard and Technology (NIST) started the Post-Quantum Cryptography (PQC) project in 2016 and tried to define a set of new standard - quantum-resistant public-key cryptographic algorithms. The industry is evaluating the impact of adoption of these post quantum cryptography algorithms, such as network transport layer security (TLS) protocol. The UEFI BIOS includes a set of security feature that requires the cryptography, such as secured boot, capsule update, secure recovery, HTTPS boot, measured boot, etc.

In this webinar, the speakers will introduce the impact of the PQC to the UEFI BIOS and the prototype work to adopt the PQC in the firmware area.
Recorded Jul 27 2021 51 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jiewen Yao and Vincent Zimmer, Intel
Presentation preview: The Impact of Post Quantum Cryptography on UEFI BIOS

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • The Impact of Post Quantum Cryptography on UEFI BIOS Recorded: Jul 27 2021 51 mins
    Jiewen Yao and Vincent Zimmer, Intel
    In order to resist the threat from quantum computers, National Institute of Standard and Technology (NIST) started the Post-Quantum Cryptography (PQC) project in 2016 and tried to define a set of new standard - quantum-resistant public-key cryptographic algorithms. The industry is evaluating the impact of adoption of these post quantum cryptography algorithms, such as network transport layer security (TLS) protocol. The UEFI BIOS includes a set of security feature that requires the cryptography, such as secured boot, capsule update, secure recovery, HTTPS boot, measured boot, etc.

    In this webinar, the speakers will introduce the impact of the PQC to the UEFI BIOS and the prototype work to adopt the PQC in the firmware area.
  • ACPI-Lite: Exploring a Simplified Mechanism for Abstracting Platforms with ACPI Recorded: Jul 6 2021 43 mins
    Andrei Warkentin (VMware)
    ACPI has been adopted by 64-bit Arm platforms in the server, edge and even client space. While standardization afforded by abstracting the hardware via ACPI and unification with the x86 ecosystem is positive, there are some obstacles with ACPI. Challenges stem from the size of the specification, heft and requirements on the OS supporting code and limitations of the bytecode itself that may preclude ACPI adoption in the embedded, IoT or safety-critical system space.

    This talk explores some strategies and approaches in defining a lighter-weight subset of ACPI. The end goal is to support more variance in hardware using less code, less overhead and less engineering time. The goal of the session is not to push a specific proposal, but to get the conversation started to help chart ACPI's future.
  • Understanding UEFI and PI Architectural Events Recorded: May 18 2021 46 mins
    Felix Polyudov (AMI)
    The presentation is inspired by the two new event groups introduced in UEFI 2.9 specification. It showcases the entire family of the UEFI and PI architectural events highlighting applicability and use cases of each event group. It also discusses best practices, do’s and don’ts and corner cases of event handler construction.
  • Best Practices for UEFI Secure Boot Customization Recorded: Apr 15 2021 42 mins
    Manoj Khandelwal (HPE) and Tim Lewis (Insyde)
    UEFI Secure Boot helps provide an effective defense against boot malware, but following today’s best practices in its implementation, deployment and configurability can help its increase its effectiveness against increasingly sophisticated exploits. This webinar will address how the latest recommendations for UEFI firmware from national security organizations can be leveraged to design secure devices that are able to meet stringent national security standards.
  • Compute Express Link 2.0 Update Recorded: Mar 30 2021 50 mins
    Mahesh Natu (CXL Consortium)
    Compute Express Link (CXL) is an open industry standard interconnect offering high-bandwidth, low latency connectivity between host processor and devices such as accelerators, memory buffers, and smart I/O devices. CXL 1.1 debuted in August 2019. Building on the industry success and acceptance of CXL as evidenced by the 130+ member companies with active participation, CXL Consortium announced the availability of CXL 2.0 in Nov. 2020. CXL 2.0 enables additional usage models while maintaining full backward compatibility with CXL 1.1.

    CXL 2.0 enhances the CXL specification in many areas: CXL Switch, persistent memory, standardized Memory Device interface, Hot-plug and link security. In this presentation, we will go over each of these areas and their implications to ACPI and UEFI interfaces as well as the UEFI Firmware Layer.
  • UEFI Debug with Intel Architectural Event Trace Recorded: Feb 25 2021 45 mins
    Alan Sguigna (ASSET InterTech)
    Architectural Event Trace (AET) is a technology on modern Intel silicon that enables processors to provide real-time event trace information. AET differs from code execution trace, which is concerned with the path a processor takes through code; AET traces interactions between individual processors in a system and other processors, the BIOS, OS, device drivers, and external peripherals. Events such as hardware interrupts, exceptions, MSR reads/writes and many others can easily be traced with modern debuggers. And especially when used in conjunction with code execution trace, AET provides additional insight into the root causes of hardware, firmware and software issues.

    This webinar will provide advanced examples on the utility of AET and other debug and trace logic on Intel platforms.
  • Arm SystemReady and the UEFI Firmware Ecosystem Recorded: Jan 26 2021 42 mins
    Samer El-Haj-Mahmoud (Arm) and Dong Wei (Arm)
    Arm SystemReady is a new program bringing a level of consistency across a broad range of Arm-based devices in the cloud, in the network and in high-performance IoT (HPIoT) endpoints. It includes new set of standards and a compliance certification program, with the goal of ensuring that Arm systems "Just Work" with standard off-the-shelf operating systems and hypervisors. The program is based on a set of minimum hardware and firmware requirements. Firmware standards such as UEFI, ACPI, and SMBIOS are key elements in these requirements. This talk introduces the Arm SystemReady program, the Base Boot Requirements (BBR) and the Base Boot Security Requirements (BBSR) firmware specifications. The session show-cases enablement efforts for devices under this program, using open source firmware projects such as TianoCore and U-Boot. It also highlights open source firmware test suites used in SystemReady certification.
  • Virtual Firmware for Intel Trust Domain Extensions Recorded: Dec 15 2020 57 mins
    Jiewen Yao, Intel
    Intel® Trust Domain Extensions (Intel® TDX) introduce architectural elements to help deploy hardware-isolated, virtual machines (VMs) called trust domains (TDs). Intel TDX is designed to isolate VMs from the virtual-machine manager (VMM)/hypervisor and any other non-TD software on the platform to protect TDs from a broad range of software.

    This presentation introduces the architecture for TDX Virtual Firmware (TDVF), and the firmware reference implementation available in open source. The talk covers how TDVF runs from the TD reset vector, records runtime measurements, manages private memory, interacts with the Intel TDX module in Secure Arbitration Mode (SEAM), and loads the operating system (OS).
  • Firmware Integrity Measurements and Attestation Recorded: Oct 21 2020 43 mins
    Dick Wilkins, Phoenix Technologies
    In 2011, the USG National Institute of Standards and Technology (NIST) published a draft of “BIOS Integrity Measurement Guidelines” (NIST Special Publication 800-155). For various reasons, these guidelines have not been widely accepted or implemented. Last year, NIST entered a collaboration with the Trusted Computing Group (TCG) to develop specifications that could be industry accepted and TCG has started publishing drafts of these specifications. This presentation will update the UEFI Forum membership on the status of this collaboration and how it will likely affect platform firmware.
  • Implementing and Using the UEFI Key Management Service (KMS) Recorded: Sep 17 2020 39 mins
    Zach Bobroff and Alex Podgorsky, AMI
    The UEFI specification has had the Key Management Service (KMS) protocol definition since version 2.3.1 and provides services to generate, store, retrieve, and manage cryptographic keys. As normal, the specification provides just the definition for the service and the underlying implementation can vary. There are several implementation options to implement the KMS protocol. A simple implementation is to build it on top of something already in the system such as a TPM. The most practical implementation requires interfacing with a Key Management Interoperability Protocol (KMIP) Server over a secure network connection. This presentation will cover the high-level interactions between a UEFI firmware and a KMIP server to implement the UEFI KMS protocol and several real use cases of the KMS protocol in modern systems.
  • Driver Development with EDKII Recorded: Sep 15 2020 39 mins
    Tomas Pilar, NUVIA Inc.
    The world of UEFI is unlike OS-based software ecosystems in several aspects and the difference can be daunting to a developer who is starting to write UEFI device drivers. This talk is aimed at junior independent hardware vendor (IHV) driver developers, at BIOS developers and at Integrators.

    The topics covered will include:
    • Common issues encountered and how to overcome them
    • Resources that proved valuable in development and maintenance:
    • Continuous Integration
    • Comprehensive Debugging Information
    • Documentation (EDKII and Yours)
    • Examples of interesting bugs encountered in the wild

    The goal of this webinar is to illustrate some areas for improvement within our community and help junior driver developers overcome early difficulties.
  • Enabling Rust for UEFI Firmware Recorded: Aug 20 2020 58 mins
    Jiewen Yao and Vincent Zimmer, Intel
    This webinar will introduce work in progress to enable Rust, a modern language designed for memory safe operations, in EDK II. The session will also include use cases for Rust in EDK II, advantages of Rust when applied to firmware components, limitations in firmware environments and the types of issues that can be avoided by using a memory safe language in EDK II. Memory safety issues contributed to approximately 70% of recent security issues in software. In firmware, over 50% of reported issues in EDK II open source are related to memory safety.
  • Best Practices for Secure Firmware Patching Recorded: Aug 19 2020 39 mins
    Alex Bazhaniuk, Eclypsium and Tim Lewis, Insyde Software
    Today firmware is ever-present, and although we understand the importance of updating firmware, there still isn't widespread adoption of best practices for updating firmware in the enterprise. Updating is critical to keeping systems safe and understandably why a firmware update plan is necessary, from both a system and device side. In this presentation, Insyde Software and Eclypsium address the topic of firmware updates and provide some best practices to add to an overall security strategy.
  • Microsoft’s Continued Investments in the UEFI Ecosystem Recorded: Jul 15 2020 53 mins
    Bret Barkelew, Matthew Carlson, Jeremiah Cox
    The webinar will include a summary of Microsoft’s continued investments into the business-critical UEFI ecosystem. This will include open source tools to improve developer efficiency (allowing more time for testing), open source continuous integration and unit testing in TianoCore, and an exploration of the “Code First” model including several case studies of new Windows features built upon open source Project Mu’s EDK2-based code, tests, & documentation.
  • JTAG-Based UEFI Debug and Trace Recorded: Jul 14 2020 45 mins
    Alan Sguigna, ASSET InterTech
    The IEEE Joint Test Action Group (JTAG) standards define debug, test and hardware validation technologies that are ingrained within much of today’s commercial silicon. In particular, platform debug is enabled by JTAG-based run-control (for example: halt, go, set breakpoint, single-step) and trace (for example: instruction trace, real-time UEFI “tool-hosted printf” message trace). On many systems, JTAG-based debugging is typically available from the very first instruction after CPU reset, allowing it to assist with development of early boot software that runs before any device or bus is initialized.

    This presentation will provide examples on the utility of JTAG-based UEFI debug and trace on x86 platforms.
  • LinuxBoot Integration with UEFI Host Firmware Recorded: Jun 17 2020 44 mins
    Isaac Oram, Intel and Jonathan Zhang, Facebook
    This webinar introduces LinuxBoot, its integration into host firmware solutions, provides current status and makes a proposal on how the UEFI firmware industry could embrace the challenges and opportunities that alternative firmware approaches introduce.

    Different from traditional enterprise, hyperscaler and cloud service providers have different requirements for host firmware. These differences prompted formation of the OCP (Open Compute Foundation) OSF (Open System Firmware) project.

    Facebook and its partners have been working together on LinuxBoot to enable Intel(R) Xeon Scalable Processor. As a starting point, we have completed proof of concept on Skylake generation and OCP Tioga Pass platform.

    Hyperscaler unique requirements are an opportunity for the multiple firmware communities to work together to streamline UEFI requirements, increase firmware accessibility, and explore additional ecosystem opportunities as OCP adoption increases
  • TrenchBoot and GRUB - A Quick Introduction Recorded: Jun 16 2020 46 mins
    Daniel Kiper, Oracle
    TrenchBoot is a cross-community OSS integration project for hardware-rooted, late launch integrity of open and proprietary systems. It reduces the attack surface exposed by the platform firmware. The presentation will introduce the TrenchBoot itself and later discuss how it compares to a UEFI secure boot and where it complements the secure boot. The webinar will also explore various challenges created by the UEFI environment for TrenchBoot but also for DRTM in general. Then the presentation will highlight some solutions to the discovered deficiencies discussed in the OSS community.
  • Building a System That “Just Works” – Arm Firmware Ecosystem Recorded: May 20 2020 40 mins
    Samer El-Haj-Mahmoud (Arm) and Dong Wei (Arm)
    This webinar will provide an overview of the market reality of the boot system firmware on Arm systems, from servers to edge devices. It covers the range of firmware standards available for those systems, including Arm Trusted Firmware, SBBR (UEFI/ACPI), EBBR (UEFI on top of uboot), as well as LinuxBoot. The session also covers the evolution of the Arm firmware standards and the ServerReady program around UEFI and ACPI to design systems that “just work”, regardless of the segment.
  • Compute Express Link: Proposed Enhancements to UEFI and ACPI Specifications Recorded: May 19 2020 39 mins
    Mahesh Natu (Intel) and Thanu Rangarajan (Arm)
    Compute Express Link (CXL) is a new high-speed CPU-to-Device and CPU-to-Memory interconnect designed to accelerate next-generation data center performance. CXL is designed to be an industry open standard interface for high-speed communications, as accelerators and memory expanders are increasingly used to complement CPUs in support of emerging applications. The CXL 1.1 specification is already available, with work on future versions underway. CXL reinforces the need for standardization, with focus on technologies such as UEFI, ACPI and PCIe to provide the necessary interfaces between the firmware and the operating systems to support CXL new use cases of accelerators and memory expansion across different implementations. This presentation will first briefly introduce CXL 1.1 standard. It will then delve into the technical details of the proposed enhancements to the UEFI and ACPI specifications required for operating systems to manage CXL devices and ports in a system.
  • Is your Pi “ServerReady”? Embracing UEFI and ACPI at the Edge Recorded: Apr 29 2020 46 mins
    Andrei Warkentin, VMware and Samer El-Haj-Mahmoud, Arm
    Firmware standards such as UEFI and ACPI are one of the foundational pillars for Arm servers, and a major reason for the continued growth of this horizontally-integrated ecosystem. Non-server "Edge" systems, however, are still an embedded-style vertically-integrated market, which is preventing at-scale adoption and proliferation of Arm-based Edge/IoT Compute.

    Thus, let's make "Arm Edge" as boring as "Arm Servers" and start with the iconic Raspberry Pi.

    This is a presentation and demo of VMware's and Arm's joint open effort to bring Arm ServerReady experiences to the Raspberry Pi 4 via community-developed SBBR (UEFI + ACPI) firmware. The session covers the history of the Pi UEFI port, current status and technical challenges that remain to be solved.
Webinars for the Firmware Community
Through a collaborative approach with world-class companies, institutions and experts, the UEFI Forum advances innovation in firmware technology standards. These extensible, globally-adopted UEFI specifications bring new functionality and enhanced security to the evolution of devices, firmware and operating systems.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Impact of Post Quantum Cryptography on UEFI BIOS
  • Live at: Jul 27 2021 3:00 pm
  • Presented by: Jiewen Yao and Vincent Zimmer, Intel
  • From:
Your email has been sent.
or close