References

Understanding the UEFI Secure Boot Chain
1.0.0
Understanding UEFI Secure Boot Chain
Executive Summary
Overview
Secure Boot Chain in UEFI
Additional Secure Boot Chain Implementations
Looking Forward – Platform Firmware Resiliency
References
Books and Papers
[Amoroso] Amoroso, Edward. Fundamentals of Computer Security Technology. Prentice Hall, 1994
[Bell–LaPadula] Looking Back at the Bell-La Padula Model, 2005, https://www.acsac.org/2005/papers/Bell.pdf​
[Biba] Integrity Considerations for Secure Computer Systems, 1975, http://seclab.cs.ucdavis.edu/projects/history/papers/biba75.pdf​
[Bishop] Bishop, Matt. Computer Security: Art and Science. Addison-Wesley Professional, 2018
[Blake] Blake, Sonya Q., “The Clark-Wilson Security Model”, SANS Institute Information, May 17, 2000. https://www.giac.org/paper/gsec/835/clark-wilson-security-model/101747​
[Clark-Wilson] A Comparison of Commercial and Military Computer Security Policies, 1987, http://theory.stanford.edu/~ninghui/courses/Fall03/papers/clark_wilson.pdf​
[CW-Lite] Toward Automated Information-Flow Integrity Verification for Security-Critical Applications, http://www.cse.psu.edu/~trj1/papers/ndss06.pdf, http://www.cse.psu.edu/~trj1/cse544-s10/slides/Info-Flow-NDSS-2006.pdf​
[Lee] Prof. E. Stewart Lee, Director. “Essays about Computer Security.” Centre for Communications Systems Research, Cambridge, 1999. http://www.cl.cam.ac.uk/~mgk25/lee-essays.pdf​
[NIST SP800-147] BIOS Protection Guidelines, 2011, https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-147.pdf​
[NIST SP800-147B] BIOS Protection Guidelines for Servers, 2014, https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-147B.pdf​
[NIST SP800-193] Platform Firmware Resiliency Guidelines, 2018, https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-193.pdf​
[Smith] Ned Smith, A Comparison of the trusted Computing Group Security Model with Clark-Wilson, 2014, https://www.semanticscholar.org/paper/A-Comparison-of-the-trusted-Computing-Group-Model-Smith/fa82426d99b86d1040f80b8bd8e0ac4f785b29a6​
[Welch] Welch, Ian and Stroud, Robert. Supporting Real World Security Models in Java, 7th IEEE Workshop on Future Trends of Distributed Computing Systems, FTDCS'99. Cape Town, South Africa, December 20-22, 1999.
Web
[AndroidVerifiedBoot] Android Verified Boot, https://source.android.com/security/verifiedboot​
[AndroidVerifiedBoot2] Android Verified Boot 2.0, https://android.googlesource.com/platform/external/avb/+/master/README.md​
[AndroidVerifiedBoot3] Android Verified Boot 2.0, https://blog.csdn.net/rikeyone/article/details/80606147​
[BootGuard] Direct from Development – Cyber Resiliency In Chipset and BIOS, https://downloads.dell.com/solutions/servers-solution-resources/Direct%20from%20Development%20-%20Cyber-Resiliency%20In%20Chipset%20and%20BIOS.pdf​
[CapsuleRecovery] Jiewen Yao, Vincent Zimmer, A Tour Beyond BIOS- Capsule Update and Recovery in EDK II, https://github.com/tianocore-docs/Docs/raw/master/White_Papers/A_Tour_Beyond_BIOS_Capsule_Update_and_Recovery_in_EDK_II.pdf​
[Cerberus] Project Cerberus Architecture Overview, etc, https://github.com/opencomputeproject/Project_Olympus/blob/master/Project_Cerberus​
[Cerberus2] Bryan Kelly, Project Cerberus Hardware Security, 2018,
​https://f990335bdbb4aebc3131-b23f11c2c6da826ceb51b46551bfafdc.ssl.cf2.rackcdn.com/images/fbbdd5feceb6e6328373417e1ab7c06a13a2ef2c.pdf​
[CorebootVerifiedBoot] vboot – Verified Boot Support, https://doc.coreboot.org/security/vboot/index.html?highlight=verified%20boot​
[CorebootVerifiedBoot2] Simon Glass, Verified boot in Chrome OS and how to make it work for you, https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/42038.pdf​
[CorebootVerifiedBoot3] Randall Spangler, Verified boot surviving in the internet of insecure things, https://www.coreboot.org/images/c/ce/VerifiedBoot-_Surviving_in_the_Internet_of_Insecure_Things.pdf​
[DICE] TCG DICE, https://trustedcomputinggroup.org/work-groups/dice-architectures/​
[FirmwareSecurity] Dell Firmware Security, https://www.platformsecuritysummit.com/2018/speaker/johnson/PSEC2018-Dell-Firmware-Security-Justin-Johnson.pdf​
[GoogleTitan] Titan in depth security in plaintext, https://cloud.google.com/blog/products/gcp/titan-in-depth-security-in-plaintext​
[GoogleTitan2] Scott Johnson, https://keystone-enclave.org/workshop-website-2018/slides/Scott_Google_Titan.pdf​
[HIRS] Host Integrity at Runtime and Startup https://github.com/nsacyber/hirs​
[Intel Security] security-technologies-4th-gen-core, https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/security-technologies-4th-gen-core-retail-paper.pdf​
[IntelPFR] PFR server blocks solution, https://www.intel.com/content/dam/www/public/us/en/documents/solution-briefs/pfr-server-blocks-solution-brief.pdf​
[IntelPFR2] Intel Platform Firmware Resilience, https://blog.csdn.net/zdx19880830/article/details/84190005​
[LatticePFR] Universal Platform Firmware Resilience solution, http://www.latticesemi.com/zh-CN/Solutions/Solutions/SolutionsDetails02/PFR​
[Linux MOK] Ubuntu Secure Boot, https://wiki.ubuntu.com/UEFI/SecureBoot​
[Linux MOK2] Olaf Kirch, UEFI Secure Boot, https://www.suse.com/media/presentation/uefi_secure_boot_webinar.pdf​
[PCIeAuth] PCIe* Component Authentication
​https://pcisig.com/pcie%C2%AE-component-authentication​
[PCIeSecurity] PCIe* Device Security Enhancements Specification, https://www.intel.com/content/www/us/en/io/pci-express/pcie-device-security-enhancements-spec.html​
[S3Resume] Jiewen Yao, Vincent Zimmer, A Tour Beyond BIOS Implementing S3 Resume with EDK II, https://github.com/tianocore-docs/Docs/raw/master/White_Papers/A_Tour_Beyond_BIOS_Implementing_S3_resume_with_EDKII_V2.pdf​
[SECURE1] Jacobs, Zimmer, "Open Platforms and the impacts of security technologies, initiatives, and deployment practices," Intel/Cisco whitepaper, December 2012, http://uefidk.intel.com/sites/default/files/resources/Platform_Security_Review_Intel_Cisco_White_Paper.pdf​
[SECURE2] Magnus Nystrom, Martin Nicholes, Vincent Zimmer, "UEFI Networking and Pre-OS Security," in Intel Technology Journal - UEFI Today: Boostrapping the Continuum, Volume 15, Issue 1, pp. 80-101, October 2011, ISBN 978-1-934053-43-0, ISSN 1535-864X
​https://www.researchgate.net/publication/235258577_UEFI_Networking_and_Pre-OS_Security/file/9fcfd510b3ff7138f4.pdf​
[SECURE3] Zimmer, Shiva Dasari (IBM), Sean Brogan (IBM), “Trusted Platforms: UEFI, PI, and TCG-based firmware,” Intel/IBM whitepaper, September 2009, http://www.cs.berkeley.edu/~kubitron/courses/cs194-24-S14/hand-outs/SF09_EFIS001_UEFI_PI_TCG_White_Paper.pdf​
[SmmComm] Jiewen Yao, Vincent Zimmer, Star Zeng, A Tour Beyond BIOS Secure SMM Communication, https://github.com/tianocore-docs/Docs/raw/master/White_Papers/A_Tour_Beyond_BIOS_Secure_SMM_Communication.pdf​
[SPDM] Security Protocol and Data Model Specification, https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_0.9.0a.pdf​
[SPDMonMCTP] SPDM over MCTP Binding Specification, https://www.dmtf.org/sites/default/files/standards/documents/DSP0275_0.9.0a.pdf​
[TXT] Intel TXT software development guide, https://www.intel.com/content/dam/www/public/us/en/documents/guides/intel-txt-software-development-guide.pdf​
[UEFI] Unified Extensible Firmware Interface (UEFI) Specification, Version 2.5
​www.uefi.org​
[UEFI Book] Zimmer, et al, “Beyond BIOS: Developing with the Unified Extensible Firmware Interface,” 2nd edition, Intel Press, January 2011
[UEFI Overview] Zimmer, Rothman, Hale, “UEFI: From Reset Vector to Operating System,” Chapter 3 of Hardware-Dependent Software, Springer, February 2009
[UEFI PI Specification] UEFI Platform Initialization (PI) Specifications, volumes 1-5, Version 1.3 www.uefi.org​
[USBAuth] Universal Serial Bus Type-C™ Authentication Specification, https://www.usb.org/document-library/usb-authentication-specification-rev-10-ecn-and-errata-through-january-7-2019​
[Variable] Jiewen Yao, Vincent Zimmer, Star Zeng, A Tour Beyond BIOS Implementing UEFI Authenticated Variables in SMM with EDK II, https://github.com/tianocore-docs/Docs/raw/master/White_Papers/A_Tour_Beyond_BIOS_Implementing_UEFI_Authenticated_Variables_in_SMM_with_EDKII_V2.pdf​
Glossary
Books and Papers
Last modified 2yr ago
Copy link
Outline
Books and Papers
Web