We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.SE

Change to browse by:

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: Securing the EDK II Image Loader

Abstract: The Unified Extensible Firmware Interface (UEFI) is a standardised interface between the firmware and the operating system used in all x86-based platforms over the past ten years, which continues to spread to other architectures such as ARM and RISC-V. The UEFI incorporates a modular design based on images containing a driver or an application in a Common Object File Format (COFF) either as a Portable Executable (PE) or as a Terse Executable (TE). The de-facto standard generic UEFI services implementation, including the image loading functionality, is TianoCore EDK II. Its track of security issues shows numerous design and implementation flaws some of which are yet to be addressed. In this paper we outline both the requirements for a secure UEFI Image Loader and the issues of the existing implementation. As an alternative we propose a formally verified Image Loader supporting both PE and TE images with fine-grained hardening enabling a seamless integration with EDK II and subsequently with the other firmwares.
Comments: 10 pages, 2 tables
Subjects: Cryptography and Security (cs.CR); Software Engineering (cs.SE)
Journal reference: 2020 Ivannikov Ispras Open Conference (ISPRAS), 2020, pp. 16-25
DOI: 10.1109/ISPRAS51486.2020.00010
Cite as: arXiv:2012.05471 [cs.CR]
  (or arXiv:2012.05471v2 [cs.CR] for this version)

Submission history

From: Vitaly Cheptsov [view email]
[v1] Thu, 10 Dec 2020 06:21:44 GMT (22kb,D)
[v2] Thu, 3 Jun 2021 10:57:49 GMT (23kb,D)

Link back to: arXiv, form interface, contact.