Books and Papers

[Amoroso] Amoroso, Edward. Fundamentals of Computer Security Technology. Prentice Hall, 1994

[Bell–LaPadula] Looking Back at the Bell-La Padula Model, 2005,

[Biba] Integrity Considerations for Secure Computer Systems, 1975,

[Bishop] Bishop, Matt. Computer Security: Art and Science. Addison-Wesley Professional, 2018

[Blake] Blake, Sonya Q., “The Clark-Wilson Security Model”, SANS Institute Information, May 17, 2000.

[Clark-Wilson] A Comparison of Commercial and Military Computer Security Policies, 1987,

[CW-Lite] Toward Automated Information-Flow Integrity Verification for Security-Critical Applications,,

[Lee] Prof. E. Stewart Lee, Director. “Essays about Computer Security.” Centre for Communications Systems Research, Cambridge, 1999.

[NIST SP800-147] BIOS Protection Guidelines, 2011,

[NIST SP800-147B] BIOS Protection Guidelines for Servers, 2014,

[NIST SP800-193] Platform Firmware Resiliency Guidelines, 2018,

[Smith] Ned Smith, A Comparison of the trusted Computing Group Security Model with Clark-Wilson, 2014,

[Welch] Welch, Ian and Stroud, Robert. Supporting Real World Security Models in Java, 7th IEEE Workshop on Future Trends of Distributed Computing Systems, FTDCS'99. Cape Town, South Africa, December 20-22, 1999.


[AndroidVerifiedBoot] Android Verified Boot,

[AndroidVerifiedBoot2] Android Verified Boot 2.0,

[AndroidVerifiedBoot3] Android Verified Boot 2.0,

[BootGuard] Direct from Development – Cyber Resiliency In Chipset and BIOS,

[CapsuleRecovery] Jiewen Yao, Vincent Zimmer, A Tour Beyond BIOS- Capsule Update and Recovery in EDK II,

[Cerberus] Project Cerberus Architecture Overview, etc,

[Cerberus2] Bryan Kelly, Project Cerberus Hardware Security, 2018,

[CorebootVerifiedBoot] vboot – Verified Boot Support,

[CorebootVerifiedBoot2] Simon Glass, Verified boot in Chrome OS and how to make it work for you,

[CorebootVerifiedBoot3] Randall Spangler, Verified boot surviving in the internet of insecure things,


[FirmwareSecurity] Dell Firmware Security,

[GoogleTitan] Titan in depth security in plaintext,

[GoogleTitan2] Scott Johnson,

[HIRS] Host Integrity at Runtime and Startup

[Intel Security] security-technologies-4th-gen-core,

[IntelPFR] PFR server blocks solution,

[IntelPFR2] Intel Platform Firmware Resilience,

[LatticePFR] Universal Platform Firmware Resilience solution,

[Linux MOK] Ubuntu Secure Boot,

[Linux MOK2] Olaf Kirch, UEFI Secure Boot,

[PCIeAuth] PCIe* Component Authentication

[PCIeSecurity] PCIe* Device Security Enhancements Specification,

[S3Resume] Jiewen Yao, Vincent Zimmer, A Tour Beyond BIOS Implementing S3 Resume with EDK II,

[SECURE1] Jacobs, Zimmer, "Open Platforms and the impacts of security technologies, initiatives, and deployment practices," Intel/Cisco whitepaper, December 2012,

[SECURE2] Magnus Nystrom, Martin Nicholes, Vincent Zimmer, "UEFI Networking and Pre-OS Security," in Intel Technology Journal - UEFI Today: Boostrapping the Continuum, Volume 15, Issue 1, pp. 80-101, October 2011, ISBN 978-1-934053-43-0, ISSN 1535-864X

[SECURE3] Zimmer, Shiva Dasari (IBM), Sean Brogan (IBM), “Trusted Platforms: UEFI, PI, and TCG-based firmware,” Intel/IBM whitepaper, September 2009,

[SmmComm] Jiewen Yao, Vincent Zimmer, Star Zeng, A Tour Beyond BIOS Secure SMM Communication,

[SPDM] Security Protocol and Data Model Specification,

[SPDMonMCTP] SPDM over MCTP Binding Specification,

[TXT] Intel TXT software development guide,

[UEFI] Unified Extensible Firmware Interface (UEFI) Specification, Version 2.5

[UEFI Book] Zimmer, et al, “Beyond BIOS: Developing with the Unified Extensible Firmware Interface,” 2nd edition, Intel Press, January 2011

[UEFI Overview] Zimmer, Rothman, Hale, “UEFI: From Reset Vector to Operating System,” Chapter 3 of Hardware-Dependent Software, Springer, February 2009

[UEFI PI Specification] UEFI Platform Initialization (PI) Specifications, volumes 1-5, Version 1.3

[USBAuth] Universal Serial Bus Type-C™ Authentication Specification,

[Variable] Jiewen Yao, Vincent Zimmer, Star Zeng, A Tour Beyond BIOS Implementing UEFI Authenticated Variables in SMM with EDK II,