Tony Mangefeste Senior Program Manager SYS-005T Why UEFI? UX value prop from Day one: Fast Boot, OEM Certification, smooth transitions, etc. Secure Boot.

Slides:

Advertisements

Similar presentations

Working with Disks and Devices

Advertisements

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.

Improving the boot experience POST OS Initialization Service & App Initialization Service & App Init.

Preparing for security in Windows 8

Windows Deployment Services WDS for Large Scale Enterprises and Small IT Shops Presented By: Ryan Drown Systems Administrator for Krannert.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Windows 8: Windows To Go Overview Zvezdan PavkovicTanya Koval Senior ConsultantArchitect WCL333.

Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.

Automatic Installation System on USB Memory Instructor: Hai Vortman Students: Leeor Langer Eyal Koren.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Deployment Deep Dive on Windows 7 Rodney Buike – Technology Evangelist Microsoft Canada

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 2 Installing Windows Server 2008.

Implementering af Windows 8 in real life Windows 8 OS Deployment Windows 8 OS Deployment features of ConfigMgr 2012 SP1 Take a look at what’s coming.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.

Michael Niehaus OS DeploymentApp Deployment Infrastructure Deployment.

Troubleshooting Hardware Issues Lesson 5. Objectives 2.

Joe Chen Sr. Manager, Insyde Software

®® Microsoft Windows 7 for Power Users Tutorial 8 Troubleshooting Windows 7.

Hands-On Microsoft Windows Server 2008

© 2015 by McGraw-Hill Education. This proprietary material solely for authorized instructor use. Not authorized for sale or distribution in any manner.

IT Essentials 1 v4.0 Chapters 4 & 5 JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

ITE 1 Chapter 5. Chapter 5 is a Large Chapter It has a great deal of useful information about operating systems. You will find this VERY helpful when.

Session Agenda Designed to address BIOS Limitations Needed for the larger server platforms (Intel-HP Itanium) First called Intel Boot Initiative.

Week #7 Objectives: Secure Windows 7 Desktop

Tony Mangefeste Senior Program Manager Microsoft Corporation SYS-004T.

The Basic Input/Output System Unit objectives: Access the BIOS setup utility, change hardware configuration values, and research BIOS updates Explain the.

A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 14 Managing and Troubleshooting Windows 2000.

Tony Mangefeste Senior Program Manager Microsoft Corporation SYS-003T.

BIOS. Accessing System BIOS You can use the System Setup utility to change variable BIOS information, such as the type of hard drive you have installed.

CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Guide to Linux Installation and Administration, 2e1 Chapter 2 Planning Your System.

WCL302. OS DeploymentApp Deployment Infrastructure Deployment.

Firmware Storage : Technical Overview Copyright © Intel Corporation Intel Corporation Software and Services Group.

Power onPlatform initialization Operating system (OS) boot Shutdown Run Time (RT) OS-Present Application Final OS Environment Final OS Boot Loader.

Scott Drucker, Systems Engineer Migrating to Microsoft Vista with WinINSTALL.

Tony Mangefeste Senior Program Manager Microsoft Corporation SYS-006T.

11 INSTALLING AND MANAGING HARDWARE Chapter 6. Chapter 6: Installing and Managing Hardware2 INSTALLING AND MANAGING HARDWARE  Install hardware in a Microsoft.

Xeno Kovah && Corey Kallenberg LegbaCore, LLC

Lesson 2: Installing Windows 8.1

© 2008 Cisco Systems, Inc. All rights reserved.CIPT1 v6.0—1-1 Getting Started with Cisco Unified Communications Manager Installing and Upgrading Cisco.

RAID Mode With 2.2TB HDD on AMD with EFI

Page 1 of 38 Lenovo Confidential Lenovo Confidential Lenovo Confidential Lenovo Confidential Lenovo Confidential Please Note: Information contained in.

Adding a Hard Drive. BIOS / UEFI The Unified Extensible Firmware Interface (UEFI) defines a software interface between an operating system and platform.

Tony Mangefeste Senior Program Manager Microsoft Corporation SYS-457T.

MDB Motorola Internal Use Only 1 21-August-2006 DM/FOTA Component Overview Elliot Stewart.

ITMT Windows 7 Configuration Chapter 4 – Working with Disks and Devices ITMT 1371 – Windows 7 Configuration 1.

Advance startup options Shift Restart. Restart options.

A+ Guide to IT Technical Support, 9th Edition

Chapter Seven Installing and Configuring, Operating Systems.

What’s New in the Windows Deployment Tools Rhonda Layfield Sr. Deployment Architect

Installing Windows 7 Lesson 2. Objectives Select the appropriate installation option Perform a clean installation of Windows 7 Migrate user files and.

Configuration Manager Deploying Surface Pro 3 with Configuration Manager Niall Brady ECM MVP

CIS 221 Lesson 2. What is the first phase of the of the Installation of Windows XP? MS-DOS phase Why is the MS-DOS phase needed? the computer required.

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

Tech Level Cyber Security

Installing and Upgrading Windows

Integrating ArcSight with Enterprise Ticketing Systems

Integrating ArcSight with Enterprise Ticketing Systems

CS101 Booting A Computer.

Imaging Windows 10 Tablets

Building hardware-based security with a Trusted Platform Module (TPM)

Booting Up 15-Nov-18 boot.ppt.

Delivering a secure and fast boot experience with UEFI

Option ROM Designs for UEFI

BIOS Chapter 6.

Deployment Solution Training WinPE 4.0

TPM, UEFI, Trusted Boot, Secure Boot

Presentation transcript:

Tony Mangefeste Senior Program Manager SYS-005T

Why UEFI? UX value prop from Day one: Fast Boot, OEM Certification, smooth transitions, etc. Secure Boot eDrive support for BitLocker SOC support WDS Multicast Boot Next support Seamless Boot Network unlock support for BitLocker Support for > 2.2 TB system disks 3

Windows 8 Boot Flow Windows 8 installs UEFI OS Loader if UEFI is detected Most PCs today boot through CSM path For compatibility the CSM boot path available 4

Optimizing for UEFI Redesign legacy Option ROMs into UEFI Option ROMs IHVs – deploy UEFI option ROM support, manufacturing tools and device drivers with UEFI support ODMs – provide service with updated toolsets, 64-bit environments, native factory tools with UEFI OEMs – secure your firmware, optimize for speed Consumer – look for newer UEFI based platform firmware 5

Norl Wu Senior Engineer

Agenda UEFI Firmware Debugging solution Secure Firmware solution Key provisioning & signing server UEFI Manufacturing processes

AMI has the remedy for these debugging problems …

13

UEFI defined Capsule format: NIST SP compliant Capsule (“Capsule-in-Memory”) Capsule is put in memory by an application in the OS Mailbox event is set to inform BIOS of pending update System reboots, verifies the image and update is preformed securely by the BIOS Recovery (“Capsule-on-Disk”) Capsule is stored on a predefined disk Mailbox event is set to inform BIOS of pending update System reboots, loads the image from disk, verifies the image and update is preformed securely by the BIOS

Flash App IssuesReboot FW verifies Capsule Image Flash App queries FW API Flash App sends preferred Flash update method to FW API Abort flash process if new image fails verification checks FW Sets mailbox event

PowerOn/Reset Launch PEI Locate New Flash Image Verify New Flash Image Abort flash process if image fails authentication Flash New Image Reset With New Image DONE! Launch DXE From Trusted New Image

Factory Reset – BIOS Initiated Reverts Firmware to Initial Default State PK KEK – MS KEKpub + OEM KEK(optional) “db” – at least 1 certificate: MS CA “dbx” – empty The scenario above also applies to Catastrophic firmware reset

BIOS Firmware will hold the KEK and UEFI signatures for authenticated FW images UEFI signatures originate from a Certificate Authority (CA) Who acts as a CA for Windows 8 boot manager image and all other UEFI images? Who signs other OS’ (e.g. Linux) boot loaders?

Full testing without installing an OS! Full testing without installing an OS!

Run AMIDiag from a PXE server (network boot) or USB drive (local storage) Set up batch script for burn-in cycle (24-48 hours) or integration test ( min) Automate batch scripts using the UEFI shell Log “all errors” to create a full testing report Run AMIDiag from a PXE server (network boot) or USB drive (local storage) Set up batch script for burn-in cycle (24-48 hours) or integration test ( min) Automate batch scripts using the UEFI shell Log “all errors” to create a full testing report Embed AMIDiag into the BIOS ROM, or run from a system service partition Run using local VGA display or console redirection (for embedded/server systems) Users select pre-defined batch scripts or specific system tests from the menu Log “errors only” to quickly identify system faults Embed AMIDiag into the BIOS ROM, or run from a system service partition Run using local VGA display or console redirection (for embedded/server systems) Users select pre-defined batch scripts or specific system tests from the menu Log “errors only” to quickly identify system faults Manufacturing Line Field Diagnostics

AMIDiag for UEFI is designed to run in the “UEFI Boot Services” environment – the same environment used by the EFI Shell AMIDiag for UEFI is designed to run in the “UEFI Boot Services” environment – the same environment used by the EFI Shell

Closing Remarks

Blank board Provisioned Field serviced