Firmware Security: UEFI Class 3 Improves Protection
Firmware has had to evolve in congruence with Moore’s Law and is evolving to protect us.
February 13th, 2019
By Lynnette Reese, Editor-in-Chief, Embedded Intel® Solutions
Many Intel processors now only support UEFI class 3 BIOS, and all of them will do so by 2020. (The UEFI specification is based on the EFI 1.10 specification previously published by Intel®). UEFI stands for “Unified Extensible Firmware Interface,” and the UEFI specification defines a new model for the interface between operating systems (OS) and platform firmware.
The UEFI Class 3 BIOS improves security. However, there is no 16-bit legacy BIOS via a Compatibility Support Module (CSM). It is not possible to natively boot a legacy OS including Windows 7 or any 32-bit OS (e.g., VxWorks 6.x, 32-bit Linux, etc.)
There are some challenges with firmware security. For instance, the firmware is responsible for initializing the hardware at the beginning of boot up. Your hardware may not have a lot of space for code, or the hardware might not be ready for enabling security activities from the firmware, as well. Firmware is intrinsic in the hardware of a system, so much so that it’s almost a part of the hardware itself. Firmware must know how to communicate with the hardware to perform the platform initialization, which means that it has to have a very intimate knowledge of a specific platform to get everything set up and ready for the operating system to take over.
Companies like Intel have to convince non-technical end-users to update their firmware, which is a great challenge at a high level. On the other hand, the firmware has the potential to be a low-cost process versus upgrading hardware. For example, Tecata automotive airbags have generated a physical recall for repairing 37 million cars (www.airbagrecall.com). The Takata airbags are physically dangerous because they can spew sharp metal fragments at drivers and passengers at a high velocity, even with a minor collision. (Please check the website for whether your car is one of the 37 million and get a free airbag repair.)
Technology has significantly improved our lives, enriching our standard of living, increased productivity, and splendid entertainment. However, we are now paying the price for vast from every angle and throughout software and hardware. For more information, check out https://firmware.intel.com/
Lynnette Reese is Editor-in-Chief, Embedded Intel® Solutions and Embedded Systems Engineering, and has been working in various roles as an electrical engineer for over two decades. She is interested in open source software and hardware, the maker movement, and in increasing the number of women working in STEM so she has a greater chance of talking about something other than football at the water cooler.