tag:blogger.com,1999:blog-247449072024-02-06T18:06:34.200-08:00UEFIUEFI News and CommentaryTim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.comBlogger152125tag:blogger.com,1999:blog-24744907.post-34330686237862895122019-06-26T14:16:00.001-07:002019-06-26T14:16:42.572-07:00Insyde is hiring BIOS engineers!My company, Insyde Software is hiring, both for senior firmware engineer and sales engineer positions.
Insyde Software is hiring! We currently have open positions for Senior BIOS Firmware Engineers. If you are interested or know of potential applicants, please refer to the job posting on our website. Insyde Software is hiring! We are looking for qualified applicants for a Field Sales Engineer Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-13782095401138229092018-04-29T15:45:00.000-07:002018-04-29T15:45:02.345-07:0020 Year Anniversary: The CIH Virus and the BIOSAs noted in this article, April 26th marked the anniversary when the CIH (or Chernobyl) virus would deliberately attack the contents of the flash chip containing the BIOS part on certain motherboards, making those systems inoperable. The write-protect line on the flash chip was easily disabled, if you knew the little-known access sequence. As the author correctly concludes, "Don't rely on Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-86533502073955092362018-04-21T14:53:00.002-07:002018-04-21T15:06:43.801-07:00The Oft-Rumored Death of UEFI's CSM Prophesied Again by IntelSometimes I feel like discussions about the death of the CSM (and thus legacy OS support in BIOS) to be somewhat akin to prophesying the return of Christ. This has been the promise of UEFI since it was just a gleam in Intel's Itanium eye. Now Intel has publicly stated that they will not provide the related silicon pieces needed for delivering CSM in BIOS, starting with platforms that ship Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-64915072400284038412018-04-05T08:42:00.000-07:002018-04-05T08:42:32.316-07:00Spring 2018 UEFI Plugfest Presentations Now AvailableHead here to get the latest UEFI plugfest presentations on a variety of topics, although security dominates the topic list, with top notch presentations by Insyde, Intel (and here), ARM, Phoenix and Microsoft. The presentation by Microsoft is a redacted version of what was presented live because it contained details about unreleased versions of the Windows operating systems.
After Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-23179233260339611912018-04-01T16:51:00.001-07:002018-04-01T16:51:44.918-07:00Repository for the Misc. UEFI Code Posted HereJust as a reminder, all of the code that's been posted here over time is checked in over at SourceForge here. No guarantees.Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-66489686594531207942018-04-01T16:46:00.001-07:002018-04-01T18:09:27.781-07:00UEFI Notes: CS2AI, UEFI Plugfest and the Zimmer Anniversary PostAfter some gentle ribbing from colleagues at the UEFI plug-fest in Bellevue, WA, I've decided to try to keep track of recent trends in UEFI here again.
My collaborator on the UEFI shell book, Vincent Zimmer has posted some thoughts on open source and open platforms in his anniversary blog post here. He has a long history within the UEFI community and is currently working to lower the Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-56228257378302209992017-08-04T22:15:00.000-07:002017-08-04T22:15:26.860-07:00So What Does Security In IoT With UEFI Really Look Like?As usual, security continues to dominate the news about UEFI. DEFCON had several presentations related to firmware security. There is a good overview of the hardware and firmware attacks discussed over at Dark Reading. This included one by my friend Vincent Zimmer and his colleagues at Intel analyzing over 90 reported firmware vulnerabilities over the past 3 years. He discusses his experience on&Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-64971710742053643342017-06-07T11:09:00.003-07:002017-06-07T11:09:45.624-07:00UEFI Releases New Specifications and Adds ARM to the BoardFor anyone who has been working on the UEFI specification, for the past few years, it should be no surprise to hear that UEFI has decided to welcome ARM onto the board of directors. This shows the growth of interest in firmware standards by the non-x86 world and also recognizes ARM's outstanding level of effort to improving the specifications. Dong Wei, who was the vice president of UEFI while atTim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com1tag:blogger.com,1999:blog-24744907.post-61525145529944795472017-06-01T13:35:00.001-07:002017-06-01T13:35:45.492-07:00UEFI Security In The News: Craigslist, Zimmer & Cyber-Security Meet UpsUsing a UEFI-based BIOS on a MacBook Pro/Air and forgot your password and live in New York, New Jersey or Connecticut? Craigslist to the rescue! From the ad:
REMOVAL PROCESS: the password removal process will NOT damage your Macbook or VOID your Apple warranty in any way we do not modify any hardware nor do we use any software to remove the password a professional external Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-89203323475569064322017-05-21T19:08:00.001-07:002017-05-21T19:08:35.194-07:00Using C++ With EDK2, Part 1: new and deleteThis is the first in a series of articles looking at what it takes to compile a UEFI C++ application under EDK2. This isn't an attempt to cover everything. I'm not a compiler library expert, so I'm not trying to port everything in the STL over. Nor am I a regular GCC user, so my efforts have been focused on Visual Studio 2015. Finally, I am focused on UEFI Shell applications, rather than normal Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-85442848275368995152017-04-26T14:45:00.000-07:002017-04-26T14:45:00.353-07:00Maze Game Source CodeFeeling frustrated by the fact that I used bitmaps for all source code in the simple maze game articles I posted? Fret no more, the code has been checked in under BSD license here:https://svn.code.sf.net/p/syslibforuefi/code/trunkLook in Applications\MazeTim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-72513027174328801682017-04-11T14:00:00.001-07:002017-04-11T14:00:33.757-07:00Control Systems, UEFI & Cyber-SecurityA few weeks ago, I had a chance to attend the meeting sponsored by the Control System Cyber Security Association International (CS2AI), They are working with experts like Dr. Jun Dai (professor at Sacramento State) and Martin Noufer (McAfee, Intel) to develop emphasize and develop security expertise.
The session started with an excellent overview of IoT security by Rahner James, who works with Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-14318089961890329532017-03-29T09:40:00.000-07:002017-03-29T09:40:01.361-07:00UEFI Plugfest 2017 in Nanjing
My colleague from Insyde, David Chen, talking about security in UEFI
The UEFI Forum hosted a plug-fest and educational seminar in Nanjing, China this week. I have many fond memories of visiting this historic city over a period of 2-3 years.
For those that don't know, a plug-fest is an occasion where folks who provide the different parts of an industry standard ecosystem get together to make Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-12859015662386704562017-03-29T09:00:00.000-07:002017-03-29T09:00:17.472-07:00Sample Chapter from Harnessing the UEFI Shell
Not to be out-done by the Beyond BIOS book, another UEFI book has made an appearance: Harnessing the UEFI Shell. Two of the likely suspects (Zimmer and Rothman) are involved with both new editions (as they should be!) and I joined them on the latter since I write a lot of shell apps.
You can get a glimpse inside a sample chapter and the table of contents.Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com1tag:blogger.com,1999:blog-24744907.post-58761353694115770132017-03-24T21:16:00.000-07:002017-03-24T21:18:12.939-07:00Sample Chapter From Beyond BIOS
My friends Zimmer and Rothman, co-authors with me on Harnessing the UEFI Shell have also recently released an updated version of their definitive work on UEFI, Beyond BIOS, with Suresh Marisetty. They have been driving forces in the UEFI standardization process from the beginning and their expertise shines through here.
Don't believe me? Well, take a look at a free sample chapter from theTim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-25082084281273032462017-03-21T15:04:00.003-07:002017-03-21T15:39:21.505-07:00Harnessing The UEFI Shell, 3rd Edition Now Available.
The 3rd edition of our book (co-written with Mike Rothman and Vincent Zimmer at Intel) is a substantial update, incorporating the latest from the UEFI Shell specification 2.2. It includes updates on security and how-to sections on UEFI shell applications and scripts. Before the OS starts, the UEFI Shell is small, fast and light-weight manufacturing, provisioning, diagnostics and configuration Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-63304884091552135082017-02-19T20:21:00.000-08:002017-02-19T20:21:08.142-08:00The UEFI Maze Game, Part 4This is the fourth part of our series on a simple maze game built as a UEFI shell application. The first three parts discussed the main application, game loop and maze generation. This time, I will focus on UEFI's Graphics Output Protocol (GOP) and loading and decoding bitmaps from files.
The first part searches for the instances of the Graphics Output protocol in the system, chooses the one Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-69536823285749027012017-01-12T10:18:00.000-08:002017-01-12T10:23:14.895-08:00Firmware Bugs and Firmware UpdatesMy co-author and partner in various things UEFI, Vincent Zimmer, has penned some wise words about how firmware bugs are perceived on his blog (here). He quotes the first chapter of Embedded Firmware Solutions wherein an anonymous manager states, "If you can fix a hardware bug in firmware, it’s not a bug but a documentation issue."
What Vincent said about hardware used to be the same for Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com3tag:blogger.com,1999:blog-24744907.post-47210755071476973092016-12-03T18:30:00.000-08:002016-12-03T18:31:29.907-08:00The UEFI Maze Game, Part 3This is the third part in a series of posts about a simple game written as a UEFI Shell application. It consists of generating a random graphical maze and navigating a little man through that maze from entrance to exit.
This post gets to the actual maze generation, which is actually a recursive function. Pick a random position. Then pick a random direction and, if that cell is completely Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-69987117560212175202016-11-22T20:14:00.000-08:002016-12-03T18:31:17.054-08:00The UEFI Maze Game, Part 2This is the second article in a series describing a simple UEFI Shell game that generates a random maze and lets you navigate a character through that maze to the exit. The goal is to show how to use graphics and the UEFI Shell together, line by line.
The next step is to initialize the grid and the maze. The maze uses two-by-two sections of the grid. These sections can have one of the following Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-13425766921848721042016-11-13T19:33:00.002-08:002016-12-03T18:31:46.259-08:00The UEFI Maze Game, Part 1This UEFI Shell application features a very simple maze game that uses UEFI’s Graphics Output protocol to draw a random maze and direct a character from entrance to exit using a keyboard. It will be added to the SVN repository after the last article in this series is published.
This application features a few nifty touches, including converting bitmap (.bmp) files to HII, merging bitmaps Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-45305157647886963722016-10-26T09:58:00.000-07:002016-10-26T09:58:20.516-07:00Intel and Insyde Embedded White PaperStephen Gentile, my colleague at Insyde Software, and I wrote a white paper with several Intel IoTG folks that describes how our UEFI-based embedded solution, BlinkBoot®, solves real-world business and technical challenges. You can find the paper here. BlinkBoot includes a unique add-on technology model, called Lenses, and a dedicated suite of tools: BlinkDebug, BlinkFlash and BlinkShell.
Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-12516533510547510392016-10-20T17:28:00.003-07:002016-10-20T17:29:22.853-07:00PI 1.5 ReleasedThis is late news, but you should head on over to the UEFI web site and pick up the PI 1.5 specification (here). Here are the highlights:
Change the term System Management Mode (SMM) to Management Mode (MM)
Provide a Management Mode infrastructure on ARM systems by using TrustZone.
Allow initialization of Management Mode, as early as SEC or PEI. Also introduced a new class of MM drivers that Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-48036803997019272442014-10-03T09:36:00.001-07:002014-10-03T09:36:30.759-07:00Security to Eclipse User Features as Top 2015 Firmware StoryI stepped out on a limb this year and made a prediction. Predictions are notoriously fraught with peril and I am usually off-base or overly optimistic in mine. Nonetheless, as CTO of Insyde Software, I guess its also an unenviable part of my job. So here it goes:
'security' will eclipse 'lost my password', 'can't flash my BIOS' and 'overclocking' as the top firmware story in 2015.
For each of Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com0tag:blogger.com,1999:blog-24744907.post-25953329093466100622014-09-03T16:46:00.002-07:002014-09-03T16:46:58.007-07:00New BIOS-Related Blogs The first one is by my former colleague at Phoenix, Count Chu. He has already put together a number of interesting articles on parsing PDB files and the Design Pattern of the Report Status Code infrastructure.
The second is by William Leara, a BIOS developer at Dell, who writes on various topics of interest to BIOS developers (as the URL http://www.basicinputoutput.com/ might indicate), Tim Lewishttp://www.blogger.com/profile/13740223047141525668noreply@blogger.com1