Building Secure Firmware - Yao Jiewen; Zimmer Vincent | Libro Apress 10/2020 -

home libri books ebook dvd e film top ten sconti 0 Carrello

Torna Indietro

yao jiewen; zimmer vincent - building secure firmware

Building Secure Firmware Armoring the Foundation of the Platform


Disponibilità: solo 1 copia disponibile, compra subito!

Se ordini entro 23 ore e 8 minuti, consegna garantita in 48 ore lavorative
scegliendo le spedizioni Express

36,40 €
34,58 €

Questo prodotto usufruisce delle SPEDIZIONI GRATIS
selezionando l'opzione Corriere Veloce in fase di ordine.

Pagabile anche con App18 Bonus Cultura e Carta Docenti

Facebook Twitter Aggiungi commento

Spese Gratis


Lingua: Inglese


Pubblicazione: 10/2020
Edizione: 1st ed.


Part 1: Overview


Chapter 1: Introduction Security

Threat Model




Chapter 2: Introduction Host Firmware

Industry Standard

Boot Flow / Phase hand-off

Minimal Firmware Requirement

Hardware ROT

CPU/silicon init

PCI resource allocation.

prepare platform info (memmap/ACPI)

Jump to OS.

Runtime Interface (SMM, UEFI Runtime, ASL)

General Principle -  Protect / Detect / Recovery


Part 2: Boot Security


Chapter 3: Firmware Resilience - Protection

Flash Lock

Flash Wear out

Capsule Flow (*)

Signed Update


Chapter 4: Firmware Resilience - Detection

Boot Flow (*)

Intel Boot Guard

OBB Verification

UEFI Secure Boot






Chapter 5: Firmware Resilience – Recovery

Recovery Flow (*)

Signed Recovery

Top Swap

Rollback, SVNs


Chapter 6: OS/Loader Resilience

Platform Recovery

OS Recovery

(Android Verified Boot)


Chapter 7: Trusted Boot

Measured Boot Flow (*)

SRTM (Boot Guard)



Physical Presence

MOR / Secure MOR


Chapter 8: Authentication

User Authentication

HDD Password

OPAL Password


Chapter 9: S3 resume

S3 resume flow (*)



Chapter 10: Device Security

PCI Bus (*)

DMA protection

Device Measurement

Device Authentication

Device firmware update


Chapter 11: Silicon Security Configuration

Flash SPI lock

SMM Lock

BAR Lock

Chapter: Supply Chain (Vincent)


Open source


Manufacturing flow to shipment


Part 3: Data Security


Chapter 12: UEFI Kernel

DXE/PEI Core (*)

Heap Guard

Stack Guard

NX protection



Chapter 13: Management Mode

SMM Core (*)

SMM Communication (*)

StandaloneMM (*)

MMIO Protection

Secure SMM Communication

Intel Runtime Resilience

STM (SMI Transfer Monitor)

Chapter: UEFI Variable (Vincent)


Variable Lock

Variable Check

Variable Quota Management


Integrity and Rollback

TPM Binding




Part 4: Miscellaneous


Chapter 14: General Coding Practice

Buffer Overflow

Banned API

Integer Overflow

SafeInt lib

Chapter: Cryptograph (Vincent)

Hash usage in firmware

Encryption usage in firmware

Signing & verification usage in firmware


Chapter 15: Compiler Defensive Technology

Stack Cookie


Address Space Randomization

Control Flow Integrity (CFI) / Control Flow Enforcement (CET)

Runtime Check (stack/un-initialized data/integer overflow)

Chapter: Race Condition (Vincent)

BSP/AP handling in UEFI

BSP/AP handling in SMM



Chapter 16: Information Leak

Side Channel




Chapter 17: Programming Language

C Language

Rust Language

Part: Security Test


Chapter 18: HBFA

Hardware Emulation

Security Unit Test

Fuzzing (AFL)

Static analysis


Chapter 19: chipsec

Configuration Check

SMI Fuzzing

Variable fuzzing



Part 5: Other


Chapter 20: Conclusion


Part 6: Appendices


Secure coding checklist

Secure review checklist

API summary


Part 7: References


Use this book to build secure firmware.

As operating systems and hypervisors have become successively more hardened, malware has moved further down the stack and into firmware. Firmware represents the boundary between hardware and software, and given its persistence, mutability, and opaqueness to today’s antivirus scanning technology, it represents an interesting target for attackers.

As platforms are universally network-connected and can contain multiple devices with firmware, and a global supply chain feeds into platform firmware, assurance is critical for consumers, IT enterprises, and governments. This importance is highlighted by emergent requirements such as NIST SP800-193 for firmware resilience and NIST SP800-155 for firmware measurement.

This book covers the secure implementation of various aspects of firmware, including standards-based firmware—such as support of the Trusted Computing Group (TCG), Desktop Management Task Force (DMTF), and Unified Extensible Firmware Interface (UEFI) specifications—and also provides code samples and use cases. Beyond the standards, alternate firmware implementations such as ARM Trusted Firmware and other device firmware implementations (such as platform roots of trust), are covered.

What You Will Learn

  • Get an overview of proactive security development for firmware, including firmware threat modeling
  • Understand the details of architecture, including protection, detection, recovery, integrity measurement, and access control
  • Be familiar with best practices for secure firmware development, including trusted execution environments, cryptography, and language-based defenses
  • Know the techniques used for security validation and maintenance

Who This Book Is For

Given the complexity of modern platform boot requirements and the threat landscape, this book is relevant for readers spanning from IT decision makers to developers building firmware


Jiewen Yao is a principal engineer in the Intel Architecture, Graphics, and Software Group. He has been engaged as a firmware developer for over 15 years. He is a member of the UEFI Security sub team, and the TCG PC Client sub working group. He has presented at industry events such as the Intel Developer Forum, UEFI Plugfest, and RSA conference. He worked with co-author Vincent Zimmer to publish 30 “A Tour Beyond BIOS” technical papers for and He holds 40 US patents.

Vincent Zimmer is a senior principal engineer in the Intel Architecture, Graphics, and Software Group. He has been engaged as a firmware developer for over 25 years and leads the UEFI Security sub team. He has presented at industry events such as the Open Source Firmware Conference, Linux Fest Northwest, Intel Developer Forum, UEFI Plugfest, Open Compute Project Summit, BlackHat Las Vegas, BSides Seattle, Toorcon, and Cansecwest. In addition to collaborating with Jiewen Yao on many white papers, he has co-authored several books on firmware, papers, and over 400 issued US patents.

Altre Informazioni



Condizione: Nuovo
Dimensioni: 254 x 178 mm Ø 1790 gr
Formato: Brossura
Illustration Notes:423 Illustrations, black and white
Pagine Arabe: 930
Pagine Romane: xxx

Utilizziamo i cookie di profilazione, anche di terze parti, per migliorare la navigazione, per fornire servizi e proporti pubblicità in linea con le tue preferenze. Se vuoi saperne di più o negare il consenso a tutti o ad alcuni cookie clicca qui. Chiudendo questo banner o proseguendo nella navigazione acconsenti all’uso dei cookie.