Traceable Firmware Bill of Materials Overview

Presented by

Amy Nelson, Jiewen Yao and Vincent Zimmer

About this talk

Today, firmware attacks are on the rise. A platform may have different firmware coming from multiple vendors. It is important to know the original source of these firmware components. Trusted Computer Group (TCG) published a set of specifications on reference integrity manifest (RIM) information models and firmware integrity measurement (FIM) to enable compliance with NIST SP 800-155 BIOS Integrity Measurements. In this presentation, the speakers will introduce the work to measure firmware at the component level and later use that as evidence for a traceable firmware Bill of Materials (BOM) for verification. This webinar will introduce two examples. The first example is how we provide Intel firmware support package (FSP) component measurement to help trace the Intel Firmware Support Package (FSP) binary. The second example is how we use Secure Protocol and Data Model (SPDM) protocol to communicate and record the device firmware measurement to trace the device firmware.

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (21)
Subscribers (2270)
Through a collaborative approach with world-class companies, institutions and experts, the UEFI Forum advances innovation in firmware technology standards. These extensible, globally-adopted UEFI specifications bring new functionality and enhanced security to the evolution of devices, firmware and operating systems.