Training UEFI Firmware Development

New: "Hybrid Training" : Remote or Precense Participation


Fundamentals of UEFI-BIOS

duration: 3 days

dates and prices   UEFI training dates
registration form UEFI training registration
agenda UEFI training agenda
UEFI and Legacy BIOS
UEFI specification
UEFI Shell
Shell Script
Memory Layout (SMRAM and Memory Map)
UEFI GUID Interface
services and protocols
UEFI application development
EDK-II development environment
development with Visual Studio
UEFI Debugging
Resource Management
UEFI PCI resource management
Post-DXE Management
Runtime Driver
SMM Management
SMM Driver
Data Storage
Secure Boot and Key Management
UEFI Driver Signing
UEFI training
UEFI training with Shell-Script  

UEFI Shell

  EDK-II UEFI training with EDK2
UEFI training and requirements   The UEFI training requires founded knowlegde about programming C language
The course is offered as combined training (webinar or classic). SYBERA provides this training also as Inhouse seminar at customer site.


UEFI training room
Training UEFI Firmware Development
This course is a "must to have" for every developer who wants to create UEFI firmware software. This course provides an opportunity to explore the subject UEFI in depth. Besides the basics of UEFI (phases, specification, Shell) the required knowledge are mediated for developing UEFI software. UEFI (Unified Extensible Firmware Interface) is a standard firmware interface for PCs, the Legacy BIOS (Basic Input / Output System) is to be replaced. The interface consists of data tables that contain platform-related information, plus boot and runtime service calls that are available to the operating system and its boot loader. Together, these provide a standard environment for booting an operating system and running pre-boot applications.
This standard was created by more than 140 technology companies within the UEFI consortium, which also Microsoft belongs to. It aims to improve the interoperability of software and overcome the limitations of the BIOS. UEFI firmware provides among others the following advantages: Increased safety by protecting the process before starting against bootkit attacks, faster start and resume from hibernation, support for drives larger than 2TB, support for modern 64-bit firmware device drivers, to address more than 17.2 billion GB of memory at startup and the possibility to use the BIOS with the hardware. The UEFI Shell is an interactive BIOS extension and provides, similar to an operating system, an environment for running programs. It encompasses a scripting interpreter to run script files, from external storage devices (for example, USB) which can be booted and is optionally present as the boot device in the BIOS. The UEFI Shell owns similar to MS DOS or Linux a command line with an instruction set for file manipulation, driver management, device access, information, memory access, BIOS status and scripting control. With the EFI Development Kit (EDK 2) a development environment for the UEFI programming (drivers and applications) was created, which facilitates much, but also challenges new harbors. UEFI Secure Boot was created to enhance security in the pre-boot environment.
Secure Boot is a technology where the system firmware checks that the system boot loader is signed with a cryptographic key authorized by a database contained in the firmware. With adequate signature verification in the next-stage boot loader(s), kernel, and, potentially, user space, it is possible to prevent the execution of unsigned code. Thus, Secure Boot is a form of Verified Booting. Boot path validation is also part of other technologies such as Trusted Boot. The Boot path validation is indepedent of secure storage of cryptographic keys and remote attestation. Windows 8 systems ship with a certificate in the UEFI that analyzes the boot loader to ensure it is both the right one and is signed by Microsoft. If you were to encounter a rootkit , the UEFI wouldn't allow it to boot. In other words, UEFI protects the pre-OS environment. Additionally, as the system boots, Windows 8 detects if any of the OS elements have been tampered with and automatically restores the unmodified versions. As you know from that earlier post, Secure Boot is just one of the three pillars of what is called the Trusted Boot process. Secure Boot enables a related feature: Early-Launch Anti-Malware (ELAM). This provides the ability for an anti-malware driver to register as a trusted Boot Critical Driver. This makes it the first non-Microsoft, non-platform specific code that will run on the computer. The anti-malware driver can then verify other drivers in turn before they are initialized. Secure Boot helps prevent malware from running before the OS, Early Launch AV helps ensure that trusted anti-malware software is the first third-party component run on each startup. Measured Boot is another boot feature in Windows 8 that is also related to anti-malware software. Measured boot gives the anti-malware software a detailed, reliable log of components that loaded prior to the anti-malware driver during startup. This log can be used by anti-malware software or an administrator in a business environment to validate whether there may be malware on the computer, or evidence of tampering with boot components.
The aim of this training is to uncover the background of UEFI BIOS and to realize own DXE driver projects. With practical examples the topics UEFI Shell, Shell script, SMRAM, UEFI Services und Protocols, Open Virtual Machine Firmware (OVMF) development with QEMU and TIANOCORE, UEFI driver development (DXE Driver), SMM and Secure Boot are covered. The training is thus aimed at hardware and software developers to become familiar with the topic UEFI firmware.