Skip to main content

Introducing new learning courses and educational videos from Apress. Start watching

  • Book
  • © 2020

Building Secure Firmware

Armoring the Foundation of the Platform

Apress
  • Provides insights from the inventors of many of the defenses

  • Shows you how to apply the best-known methods from the authors' years of platform deployment and standards work

  • Teaches you how to integrate real code mapping to theory

Buying options

eBook USD 29.99
Price excludes VAT (USA)
  • ISBN: 978-1-4842-6106-4
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book USD 39.99
Price excludes VAT (USA)

This is a preview of subscription content, access via your institution.

Table of contents (23 chapters)

  1. Front Matter

    Pages i-xxx
  2. Overview

    1. Front Matter

      Pages 1-1
    2. Introduction to Firmware

      • Jiewen Yao, Vincent Zimmer
      Pages 3-16
    3. Proactive Firmware Security Development

      • Jiewen Yao, Vincent Zimmer
      Pages 17-63
  3. Security Architecture

    1. Front Matter

      Pages 65-65
    2. Firmware Resiliency: Protection

      • Jiewen Yao, Vincent Zimmer
      Pages 67-114
    3. Firmware Resiliency: Detection

      • Jiewen Yao, Vincent Zimmer
      Pages 115-162
    4. Firmware Resiliency: Recovery

      • Jiewen Yao, Vincent Zimmer
      Pages 163-184
    5. OS Resiliency

      • Jiewen Yao, Vincent Zimmer
      Pages 185-196
    6. Trusted Boot

      • Jiewen Yao, Vincent Zimmer
      Pages 197-255
    7. Device Security

      • Jiewen Yao, Vincent Zimmer
      Pages 257-312
    8. S3 Resume

      • Jiewen Yao, Vincent Zimmer
      Pages 313-333
    9. Access Control

      • Jiewen Yao, Vincent Zimmer
      Pages 335-382
    10. Configuration

      • Jiewen Yao, Vincent Zimmer
      Pages 383-431
    11. Security Model

      • Jiewen Yao, Vincent Zimmer
      Pages 433-458
    12. Virtual Firmware

      • Jiewen Yao, Vincent Zimmer
      Pages 459-491
  4. Security Development

    1. Front Matter

      Pages 493-493
    2. Firmware Secure Coding Practice

      • Jiewen Yao, Vincent Zimmer
      Pages 495-569
    3. Compiler Defensive Technology

      • Jiewen Yao, Vincent Zimmer
      Pages 571-623
    4. The Kernel

      • Jiewen Yao, Vincent Zimmer
      Pages 625-679

About this book

Use this book to build secure firmware.

As operating systems and hypervisors have become successively more hardened, malware has moved further down the stack and into firmware. Firmware represents the boundary between hardware and software, and given its persistence, mutability, and opaqueness to today’s antivirus scanning technology, it represents an interesting target for attackers.

As platforms are universally network-connected and can contain multiple devices with firmware, and a global supply chain feeds into platform firmware, assurance is critical for consumers, IT enterprises, and governments. This importance is highlighted by emergent requirements such as NIST SP800-193 for firmware resilience and NIST SP800-155 for firmware measurement.

This book covers the secure implementation of various aspects of firmware, including standards-based firmware—such as support of the Trusted Computing Group (TCG), Desktop Management Task Force (DMTF), and Unified Extensible Firmware Interface (UEFI) specifications—and also provides code samples and use cases. Beyond the standards, alternate firmware implementations such as ARM Trusted Firmware and other device firmware implementations (such as platform roots of trust), are covered.

You will:

  • Get an overview of proactive security development for firmware, including firmware threat modeling
  • Understand the details of architecture, including protection, detection, recovery, integrity measurement, and access control
  • Be familiar with best practices for secure firmware development, including trusted execution environments, cryptography, and language-based defenses
  • Know the techniques used for security validation and maintenance

Keywords

  • Firmware
  • Security
  • Root of trust (ROT)
  • Secure Boot
  • UEFI Secure boot
  • Trusted Platform Module (TPM)
  • Integrity
  • Recovery
  • SMM
  • Malware
  • Secure host firmware
  • Operating system
  • Software
  • Hardware

Authors and Affiliations

  • Shanghai, China

    Jiewen Yao

  • Issaquah, USA

    Vincent Zimmer

About the authors

Jiewen Yao is a principal engineer in the Intel Architecture, Graphics, and Software Group. He has been engaged as a firmware developer for over 15 years. He is a member of the UEFI Security sub team, and the TCG PC Client sub working group. He has presented at industry events such as the Intel Developer Forum, UEFI Plugfest, and RSA conference. He worked with co-author Vincent Zimmer to publish 30 “A Tour Beyond BIOS” technical papers for tianocore.org and firmware.intel.com. He holds 40 US patents.

Vincent Zimmer is a senior principal engineer in the Intel Architecture, Graphics, and Software Group. He has been engaged as a firmware developer for over 25 years and leads the UEFI Security sub team. He has presented at industry events such as the Open Source Firmware Conference, Linux Fest Northwest, Intel Developer Forum, UEFI Plugfest, Open Compute Project Summit, BlackHat Las Vegas, BSides Seattle, Toorcon, and Cansecwest. In addition to collaborating with Jiewen Yao on many white papers, he has co-authored several books on firmware, papers, and over 400 issued US patents.

Bibliographic Information

Buying options

eBook USD 29.99
Price excludes VAT (USA)
  • ISBN: 978-1-4842-6106-4
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book USD 39.99
Price excludes VAT (USA)