Brian Richardson
Brian Richardson is Technical Evangelist & Senior Technical Marketing Engineer at Intel.
He has spent most of his career as a “BIOS guy,” working on the firmware that quietly boots billions of computers. He has focused on the industry transition to the Unified Extensible Firmware Interface (UEFI) and supporting the TianoCore open source community. Brian has presented at various conferences and seminars, including LinuxCon and Embedded Systems Conference. When he’s not talking about firmware at conferences, Brian takes photos of his travels and procrastinates on various video projects.
UDK2018 Security Feature Roundup
Researchers from Intel's Platform Armoring and Resiliency team will walk through the evolution of various firmware threat models as a result of the low-level skill advancement of software and hardware adversaries. In response, TianoCore added new in the UEFI Development Kit 2018 (UDK2018) release, along with enhancing existing security features.
This session provides real-world examples of several attack classes along with effective mitigation techniques against them. Topics include an introduction to platform security, an update on changes to the UEFI threat model, and a walkthrough of a critical Unified Extensible Firmware Interface (UEFI) security features (ex: HTTPS boot, pre-boot DMA protection using VT-d, guard page protection for potential stack/heap overflows).
Building Open Source Unified Extensible Firmware Interface (UEFI) Firmware with EFI Development Kit II (EDK II)
This workshop demonstrates how to compile and build UEFI platform firmware based on the open source EDK II framework at tianocore.org. Examples are based on the Open Virtual Machine Firmware (OVMF) project, which generates a firmware for the Quick Emulator (QEMU) environment under Linux*. Further examples show the benefits of using OVMF to understand UEFI and EDK II architecture.
Participants will set up an EDK II development environment for Linux, build the OVMF platform, use their custom firmware to boot a QEMU environment, boot to the UEFI Shell, and explore common UEFI Shell commands used for firmware debugging.
Installing Docker instructions, please click on workshop material:
https://github.com/tianocore/tianocore.github.io/wiki/Container-for-OSFC-Workshops
Implementing MicroPython as an Unified Extensible Firmware Interface (UEFI) Test Framework
Python* is a popular high-level interpreted language, common in automated testing environments. TianoCore includes an open source CPython implementation for UEFI, but it has limited functionality and isn’t compliant with current Python standards.
This session describes the process of porting MicroPython to UEFI. MicroPython is a Python 3 variant designed for microcontrollers. Memory and size optimizations make MicroPython ideal for pre-OS applications. This presentation describes implementation details, performance metrics, and an open source test framework based on the MicroPython engine for UEFI.
Debugging Unified Extensible Firmware Interface (UEFI) Firmware under Linux
This workshop demonstrates how to use the Intel® UEFI Development Kit (Intel® UDK) Debugger with GNU Debugger (GDB) to debug UEFI drivers and platform firmware in a Linux environment. Exercises are based on EFI Development Kit II (EDK II) firmware for the Open Virtual Machine Firmware (OVMF) project.
Participants will set up an EDK II development environment for Linux, build a UEFI driver, and debug firmware issues using Linux and QEMU. The workshop demonstrates debug capabilities built into EDK II and how they work with UEFI drivers and platform firmware:
• Use the Platform Configuration Database (PCD) to configure debug features
• How to debug the various phases of UEFI firmware
• Build a UEFI Driver with Debug Symbols
• Build a UEFI Driver with Heap Guard Enabled
Installing Docker instructions, please click on workshop material
https://github.com/tianocore/tianocore.github.io/wiki/Container-for-OSFC-Workshops
Writing CHIPSEC Modules & Tools
CHIPSEC is a security research and validation tool implemented in Python that allows for low-level access to hardware. The powerful scripting capabilities can be used for some tasks, including verification of security mitigations as well future security research. This workshop will provide an overview of the existing tool architecture and how to write modules and tools. Modules will focus on using CHIPSEC for verification of firmware mitigations. Tools will focus on using CHIPSEC to stress the system and perform tasks such as fuzzing interfaces.
CHIPSEC on non-UEFI Platforms
CHIPSEC is one tool used to help verify that systems meet basic security best practices. In general, this tool works with the threat model used by Unified Extensible Firmware Interface (UEFI) based firmware. However, other firmware may have different threat models that will cause failures in different CHIPSEC modules. This session is a brief overview of the different types of failures that may be seen and the limitations of the tool.