Cart
Free US shipping over $10
Proud to be B-Corp

Building Secure Firmware Jiewen Yao

Building Secure Firmware By Jiewen Yao

Building Secure Firmware by Jiewen Yao


$28.10
Condition - Good
Only 1 left

Summary

Beginning-Intermediate user level

Faster Shipping

Get this product faster from our US warehouse

Building Secure Firmware Summary

Building Secure Firmware: Armoring the Foundation of the Platform by Jiewen Yao

Use this book to build secure firmware.
As operating systems and hypervisors have become successively more hardened, malware has moved further down the stack and into firmware. Firmware represents the boundary between hardware and software, and given its persistence, mutability, and opaqueness to today's antivirus scanning technology, it represents an interesting target for attackers.

As platforms are universally network-connected and can contain multiple devices with firmware, and a global supply chain feeds into platform firmware, assurance is critical for consumers, IT enterprises, and governments. This importance is highlighted by emergent requirements such as NIST SP800-193 for firmware resilience and NIST SP800-155 for firmware measurement.

This book covers the secure implementation of various aspects of firmware, including standards-based firmware-such as support of the Trusted Computing Group (TCG), Desktop Management Task Force (DMTF), and Unified Extensible Firmware Interface (UEFI) specifications-and also provides code samples and use cases. Beyond the standards, alternate firmware implementations such as ARM Trusted Firmware and other device firmware implementations (such as platform roots of trust), are covered.


What You Will Learn

  • Get an overview of proactive security development for firmware, including firmware threat modeling
  • Understand the details of architecture, including protection, detection, recovery, integrity measurement, and access control
  • Be familiar with best practices for secure firmware development, including trusted execution environments, cryptography, and language-based defenses
  • Know the techniques used for security validation and maintenance

Who This Book Is For
Given the complexity of modern platform boot requirements and the threat landscape, this book is relevant for readers spanning from IT decision makers to developers building firmware

About Jiewen Yao

Jiewen Yao is a principal engineer in the Intel Architecture, Graphics, and Software Group. He has been engaged as a firmware developer for over 15 years. He is a member of the UEFI Security sub team, and the TCG PC Client sub working group. He has presented at industry events such as the Intel Developer Forum, UEFI Plugfest, and RSA conference. He worked with co-author Vincent Zimmer to publish 30 A Tour Beyond BIOS technical papers for tianocore.org and firmware.intel.com. He holds 40 US patents.

Vincent Zimmer is a senior principal engineer in the Intel Architecture, Graphics, and Software Group. He has been engaged as a firmware developer for over 25 years and leads the UEFI Security sub team. He has presented at industry events such as the Open Source Firmware Conference, Linux Fest Northwest, Intel Developer Forum, UEFI Plugfest, Open Compute Project Summit, BlackHat Las Vegas, BSides Seattle, Toorcon, and Cansecwest. In addition to collaborating with Jiewen Yao on many white papers, he has co-authored several books on firmware, papers, and over 400 issued US patents.

Table of Contents

Part 1: Overview

Chapter 1: Introduction Security

Threat Model

Design

Validation

Chapter 2: Introduction Host Firmware

Industry Standard

Boot Flow / Phase hand-off

Minimal Firmware Requirement

Hardware ROT

CPU/silicon init

PCI resource allocation.

prepare platform info (memmap/ACPI)

Jump to OS.

Runtime Interface (SMM, UEFI Runtime, ASL)

General Principle - Protect / Detect / Recovery

Part 2: Boot Security

Chapter 3: Firmware Resilience - Protection

Flash Lock

Flash Wear out

Capsule Flow (*)

Signed Update

Chapter 4: Firmware Resilience - Detection

Boot Flow (*)

Intel Boot Guard

OBB Verification

UEFI Secure Boot

Local

Remote

TXT- SX

(coreboot)

Chapter 5: Firmware Resilience - Recovery

Recovery Flow (*)

Signed Recovery

Top Swap

Rollback, SVNs

Chapter 6: OS/Loader Resilience

Platform Recovery

OS Recovery

(Android Verified Boot)

Chapter 7: Trusted Boot

Measured Boot Flow (*)

SRTM (Boot Guard)

DRTM (TXT)

TPM1.2/2.0

Physical Presence

MOR / Secure MOR

Chapter 8: Authentication

User Authentication

HDD Password

OPAL Password

Chapter 9: S3 resume

S3 resume flow (*)

LockBox

Chapter 10: Device Security

PCI Bus (*)

DMA protection

Device Measurement

Device Authentication

Device firmware update

Chapter 11: Silicon Security Configuration

Flash SPI lock

SMM Lock

BAR Lock

Chapter: Supply Chain (Vincent)

OEM/ODM/BIOS vendor/IHV

Open source

Fingerprinting

Manufacturing flow to shipment

Part 3: Data Security

Chapter 12: UEFI Kernel

DXE/PEI Core (*)

Heap Guard

Stack Guard

NX protection

Enclave

Chapter 13: Management Mode

SMM Core (*)

SMM Communication (*)

StandaloneMM (*)

MMIO Protection

Secure SMM Communication

Intel Runtime Resilience

STM (SMI Transfer Monitor)

Chapter: UEFI Variable (Vincent)

Authentication

Variable Lock

Variable Check

Variable Quota Management

Confidentiality

Integrity and Rollback

TPM Binding

RPMB

RPMC

Part 4: Miscellaneous

Chapter 14: General Coding Practice

Buffer Overflow

Banned API

Integer Overflow

SafeInt lib

Chapter: Cryptograph (Vincent)

Hash usage in firmware

Encryption usage in firmware

Signing & verification usage in firmware

Chapter 15: Compiler Defensive Technology

Stack Cookie

Non-Executable

Address Space Randomization

Control Flow Integrity (CFI) / Control Flow Enforcement (CET)

Runtime Check (stack/un-initialized data/integer overflow)

Chapter: Race Condition (Vincent)

BSP/AP handling in UEFI

BSP/AP handling in SMM

TOC/TOU

Chapter 16: Information Leak

Side Channel

MDS

SMM

Chapter 17: Programming Language

C Language

Rust Language

Part: Security Test

Chapter 18: HBFA

Hardware Emulation

Security Unit Test

Fuzzing (AFL)

Static analysis

Chapter 19: chipsec

Configuration Check

SMI Fuzzing

Variable fuzzing

Whitelisting/Blacklisting

Part 5: Other

Chapter 20: Conclusion

Part 6: Appendices

Secure coding checklist

Secure review checklist

API summary

Part 7: References

Additional information

CIN1484261054G
9781484261057
1484261054
Building Secure Firmware: Armoring the Foundation of the Platform by Jiewen Yao
Used - Good
Paperback
APress
2020-10-28
930
N/A
Book picture is for illustrative purposes only, actual binding, cover or edition may vary.
This is a used book - there is no escaping the fact it has been read by someone else and it will show signs of wear and previous use. Overall we expect it to be in good condition, but if you are not entirely satisfied please get in touch with us

Customer Reviews - Building Secure Firmware