<div class="xblock xblock-public_view xblock-public_view-vertical" data-course-id="course-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1" data-init="VerticalStudentView" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="vertical" data-usage-id="block-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1+type@vertical+block@cb9f53ff3e06479380a00e3adfdf305a" data-request-token="2bd972c6edde11eeaa280242ac12000b" data-graded="True" data-has-score="False">
<div class="vert-mod">
<div class="vert vert-0" data-id="block-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1+type@video+block@a4579bcf6a3f4fef80d9dbffb20c4d68">
<div class="xblock xblock-public_view xblock-public_view-video xmodule_display xmodule_VideoBlock" data-course-id="course-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1" data-init="XBlockToXModuleShim" data-runtime-class="LmsRuntime" data-runtime-version="1" data-block-type="video" data-usage-id="block-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1+type@video+block@a4579bcf6a3f4fef80d9dbffb20c4d68" data-request-token="2bd972c6edde11eeaa280242ac12000b" data-graded="True" data-has-score="False">
<script type="json/xblock-args" class="xblock-json-init-args">
{"xmodule-type": "Video"}
</script>
<h3 class="hd hd-2">Video</h3>
<div
id="video_a4579bcf6a3f4fef80d9dbffb20c4d68"
class="video closed"
data-metadata='{"autoAdvance": false, "autohideHtml5": false, "autoplay": false, "captionDataDir": null, "completionEnabled": false, "completionPercentage": 0.95, "duration": 0.0, "end": 0.0, "generalSpeed": 1.0, "lmsRootURL": "https://p.ost2.fyi", "poster": null, "prioritizeHls": false, "publishCompletionUrl": "/courses/course-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1/xblock/block-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1+type@video+block@a4579bcf6a3f4fef80d9dbffb20c4d68/handler/publish_completion", "recordedYoutubeIsAvailable": true, "savedVideoPosition": 0.0, "saveStateEnabled": false, "saveStateUrl": "/courses/course-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1/xblock/block-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1+type@video+block@a4579bcf6a3f4fef80d9dbffb20c4d68/handler/xmodule_handler/save_user_state", "showCaptions": "false", "sources": [], "speed": null, "start": 0.0, "streams": "1.00:RdTCmPqztjI", "transcriptAvailableTranslationsUrl": "/courses/course-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1/xblock/block-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1+type@video+block@a4579bcf6a3f4fef80d9dbffb20c4d68/handler/transcript/available_translations", "transcriptLanguage": "en", "transcriptLanguages": {"en": "English"}, "transcriptTranslationUrl": "/courses/course-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1/xblock/block-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1+type@video+block@a4579bcf6a3f4fef80d9dbffb20c4d68/handler/transcript/translation/__lang__", "ytApiUrl": "https://www.youtube.com/iframe_api", "ytMetadataEndpoint": "", "ytTestTimeout": 1500}'
data-bumper-metadata='null'
data-autoadvance-enabled="False"
data-poster='null'
tabindex="-1"
>
<div class="focus_grabber first"></div>
<div class="tc-wrapper">
<div class="video-wrapper">
<span tabindex="0" class="spinner" aria-hidden="false" aria-label="Loading video player"></span>
<span tabindex="-1" class="btn-play fa fa-youtube-play fa-2x is-hidden" aria-hidden="true" aria-label="Play video"></span>
<div class="video-player-pre"></div>
<div class="video-player">
<div id="a4579bcf6a3f4fef80d9dbffb20c4d68"></div>
<h4 class="hd hd-4 video-error is-hidden">No playable video sources found.</h4>
<h4 class="hd hd-4 video-hls-error is-hidden">
Your browser does not support this video format. Try using a different browser.
</h4>
</div>
<div class="video-player-post"></div>
<div class="closed-captions"></div>
<div class="video-controls is-hidden">
<div>
<div class="vcr"><div class="vidtime">0:00 / 0:00</div></div>
<div class="secondary-controls"></div>
</div>
</div>
</div>
</div>
<div class="focus_grabber last"></div>
</div>
</div>
</div>
<div class="vert vert-1" data-id="block-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1+type@markdown+block@9ecd729dd2394daab0f89fbe1284ab02">
<div class="xblock xblock-public_view xblock-public_view-markdown" data-course-id="course-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1" data-block-type="markdown" data-usage-id="block-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1+type@markdown+block@9ecd729dd2394daab0f89fbe1284ab02" data-request-token="2bd972c6edde11eeaa280242ac12000b" data-graded="True" data-has-score="False">
<div class="markdown_xblock"><h2>Common SEC related misconception</h2>
<p>Among people familiar to some extent with UEFI, it is common to hear that "SEC is named after security, but it does not do anything to do with it". This is presumably due to EDK2 having no code to do integrity checks in SEC.</p>
<p>It depends on whether we are talking about theory (specification) or practice (implementation). We cannot say much about what happens in practice (due to closed-source implementations). We can primarily talk about things related to the open source EDKII code, which does not implement any authentication of PEI modules from the SecCore code. But we can imagine some implementations from Independent BIOS Vendors which implement authentication in SEC.</p>
<p>If we rely on theory, the PI spec says in section 13.2.3:</p>
<p>"Finally, the Security (SEC) phase represents the root of trust in the system. Any inductive security design in which the integrity of the subsequent module to gain control is corroborated by the caller must have a root, or "first," component. For any PI Architecture deployment, the SEC phase represents the initial code that takes control of the system. As such, a platform or technology deployment may choose to authenticate the PEI Foundation from the SEC phase before invoking the PEI Foundation."</p>
<p>From that point, SEC should contain a chain of trust continuation even though the UEFI reference implementation EDKII does not implement it.</p>
<p>Not implementing PEI authentication in the SEC phase may be because one of the most popular protection mechanisms, Intel Boot Guard, covers both SEC and PEI Foundation.</p>
</div>
</div>
</div>
<div class="vert vert-2" data-id="block-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1+type@markdown+block@1573f4ccd3f34bfabca1a36b9667a4af">
<div class="xblock xblock-public_view xblock-public_view-markdown" data-course-id="course-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1" data-block-type="markdown" data-usage-id="block-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1+type@markdown+block@1573f4ccd3f34bfabca1a36b9667a4af" data-request-token="2bd972c6edde11eeaa280242ac12000b" data-graded="True" data-has-score="False">
<div class="markdown_xblock"><h2>AMD features naming</h2>
<p>On slides, we mention AMD Hardware Validated Boot, equivalent to Intel Boot Guard on older AMD hardware. Modern AMD platforms use AMD Platform Secure Boot (PSB).</p>
</div>
</div>
</div>
<div class="vert vert-3" data-id="block-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1+type@markdown+block@67665ad9185a415dbbd161523dde6b46">
<div class="xblock xblock-public_view xblock-public_view-markdown" data-course-id="course-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1" data-block-type="markdown" data-usage-id="block-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1+type@markdown+block@67665ad9185a415dbbd161523dde6b46" data-request-token="2bd972c6edde11eeaa280242ac12000b" data-graded="True" data-has-score="False">
<div class="markdown_xblock"><h2>Links</h2>
<ul>
<li>UEFI for Allwinner A13: <a href="https://blog.3mdeb.com/2022/2022-01-18-porting_edk2_to_a13_tablet/">https://blog.3mdeb.com/2022/2022-01-18-porting_edk2_to_a13_tablet/</a></li>
</ul>
</div>
</div>
</div>
<div class="vert vert-4" data-id="block-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1+type@done+block@e8486293171d48b694389b5085b637b9">
<div class="xblock xblock-public_view xblock-public_view-done" data-course-id="course-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1" data-block-type="done" data-usage-id="block-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1+type@done+block@e8486293171d48b694389b5085b637b9" data-request-token="2bd972c6edde11eeaa280242ac12000b" data-graded="True" data-has-score="True">
<div class="page-banner"><div class="alert alert-warning"><span class="icon icon-alert fa fa fa-warning" aria-hidden="true"></span><div class="message-content">Completion is only accessible to enrolled learners. Sign in or register, and enroll in this course to view it.</div></div></div>
</div>
</div>
<div class="vert vert-5" data-id="block-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1+type@discussion+block@d1c9ba35c32048d9b3b9efb4d6c67d23">
<div class="xblock xblock-public_view xblock-public_view-discussion" data-course-id="course-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1" data-block-type="discussion" data-usage-id="block-v1:OpenSecurityTraining2+Arch4021_intro_UEFI+2023_v1+type@discussion+block@d1c9ba35c32048d9b3b9efb4d6c67d23" data-request-token="2bd972c6edde11eeaa280242ac12000b" data-graded="True" data-has-score="False">
<div class="page-banner"><div class="alert alert-warning"><span class="icon icon-alert fa fa fa-warning" aria-hidden="true"></span><div class="message-content">Discussion is only accessible to enrolled learners. Sign in or register, and enroll in this course to view it.</div></div></div>
</div>
</div>
</div>
<script type="text/javascript">
(function (require) {
require(['/static/js/dateutil_factory.be68acdff619.js?raw'], function () {
require(['js/dateutil_factory'], function (DateUtilFactory) {
DateUtilFactory.transform('.localized-datetime');
});
});
}).call(this, require || RequireJS.require);
</script>
<script>
function emit_event(message) {
parent.postMessage(message, '*');
}
</script>
</div>