Books and Papers

[Amoroso] Amoroso, Edward. Fundamentals of Computer Security Technology. Prentice Hall, 1994
[Bell–LaPadula] Looking Back at the Bell-La Padula Model, 2005,
[Biba] Integrity Considerations for Secure Computer Systems, 1975,
[Bishop] Bishop, Matt. Computer Security: Art and Science. Addison-Wesley Professional, 2018
[Blake] Blake, Sonya Q., “The Clark-Wilson Security Model”, SANS Institute Information, May 17, 2000.
[Clark-Wilson] A Comparison of Commercial and Military Computer Security Policies, 1987,
[CW-Lite] Toward Automated Information-Flow Integrity Verification for Security-Critical Applications,,
[Lee] Prof. E. Stewart Lee, Director. “Essays about Computer Security.” Centre for Communications Systems Research, Cambridge, 1999.
[NIST SP800-147] BIOS Protection Guidelines, 2011,
[NIST SP800-147B] BIOS Protection Guidelines for Servers, 2014,
[NIST SP800-193] Platform Firmware Resiliency Guidelines, 2018,
[Smith] Ned Smith, A Comparison of the trusted Computing Group Security Model with Clark-Wilson, 2014,
[Welch] Welch, Ian and Stroud, Robert. Supporting Real World Security Models in Java, 7th IEEE Workshop on Future Trends of Distributed Computing Systems, FTDCS'99. Cape Town, South Africa, December 20-22, 1999.


[AndroidVerifiedBoot] Android Verified Boot,
[AndroidVerifiedBoot2] Android Verified Boot 2.0,
[AndroidVerifiedBoot3] Android Verified Boot 2.0,
[CapsuleRecovery] Jiewen Yao, Vincent Zimmer, A Tour Beyond BIOS- Capsule Update and Recovery in EDK II,
[Cerberus] Project Cerberus Architecture Overview, etc,
[Cerberus2] Bryan Kelly, Project Cerberus Hardware Security, 2018,
[CorebootVerifiedBoot] vboot – Verified Boot Support,
[CorebootVerifiedBoot2] Simon Glass, Verified boot in Chrome OS and how to make it work for you,
[CorebootVerifiedBoot3] Randall Spangler, Verified boot surviving in the internet of insecure things,
[GoogleTitan] Titan in depth security in plaintext,
[HIRS] Host Integrity at Runtime and Startup
[IntelPFR2] Intel Platform Firmware Resilience,
[LatticePFR] Universal Platform Firmware Resilience solution,
[Linux MOK] Ubuntu Secure Boot,
[Linux MOK2] Olaf Kirch, UEFI Secure Boot,
[PCIeAuth] PCIe* Component Authentication
[PCIeSecurity] PCIe* Device Security Enhancements Specification,
[SECURE1] Jacobs, Zimmer, "Open Platforms and the impacts of security technologies, initiatives, and deployment practices," Intel/Cisco whitepaper, December 2012,
[SECURE2] Magnus Nystrom, Martin Nicholes, Vincent Zimmer, "UEFI Networking and Pre-OS Security," in Intel Technology Journal - UEFI Today: Boostrapping the Continuum, Volume 15, Issue 1, pp. 80-101, October 2011, ISBN 978-1-934053-43-0, ISSN 1535-864X
[SECURE3] Zimmer, Shiva Dasari (IBM), Sean Brogan (IBM), “Trusted Platforms: UEFI, PI, and TCG-based firmware,” Intel/IBM whitepaper, September 2009,
[SmmComm] Jiewen Yao, Vincent Zimmer, Star Zeng, A Tour Beyond BIOS Secure SMM Communication,
[SPDM] Security Protocol and Data Model Specification,
[SPDMonMCTP] SPDM over MCTP Binding Specification,
[UEFI] Unified Extensible Firmware Interface (UEFI) Specification, Version 2.5
[UEFI Book] Zimmer, et al, “Beyond BIOS: Developing with the Unified Extensible Firmware Interface,” 2nd edition, Intel Press, January 2011
[UEFI Overview] Zimmer, Rothman, Hale, “UEFI: From Reset Vector to Operating System,” Chapter 3 of Hardware-Dependent Software, Springer, February 2009
[UEFI PI Specification] UEFI Platform Initialization (PI) Specifications, volumes 1-5, Version 1.3
[Variable] Jiewen Yao, Vincent Zimmer, Star Zeng, A Tour Beyond BIOS Implementing UEFI Authenticated Variables in SMM with EDK II,