last mile barriers to removing legacy bios · "last mile" barriers to removing legacy...
TRANSCRIPT
![Page 1: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/1.jpg)
presented by
"Last Mile" Barriers toRemoving Legacy BIOS
Fall 2017 UEFI PlugfestOctober 30 – November 3, 2017
Presented by Brian Richardson (Intel Corporation)
![Page 2: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/2.jpg)
Agenda
• What is the “Last Mile”?
• Wait … we’re still talking about BIOS? Why?
• Advantages using UEFI Class 3
• Areas of Focus
• Call to Action
UEFI Plugfest – October 2017 www.uefi.org 2
![Page 3: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/3.jpg)
What is the “Last Mile”?
"Last Mile" Barriers to Removing Legacy BIOS
UEFI Plugfest – October 2017 www.uefi.org 3
![Page 4: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/4.jpg)
UEFI Plugfest – October 2017 www.uefi.org 4
Last mile: the last step of delivering infrastructure to customers…
![Page 5: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/5.jpg)
Wait … we’re still talking about BIOS? Why?
"Last Mile" Barriers to Removing Legacy BIOS
UEFI Plugfest – October 2017 www.uefi.org 5
![Page 6: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/6.jpg)
Wait … we’re still talking about BIOS? Why?There is still a reliance on 16-bit BIOS via the Compatibility Support Module (CSM)
1. People still use software that depends on 16-bit BIOS runtime
2. Power-users “disable UEFI” to bypass secure boot or setup multi-OS boot
UEFI Plugfest – October 2017 www.uefi.org 6
![Page 7: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/7.jpg)
Reminder: UEFI System Classes
UEFI Class 0
• Legacy BIOS
• No UEFI or UEFI PI interfaces
UEFI Class 1
• Uses UEFI/PI interfaces
• Runtime exposes only legacy BIOS runtime interfaces
UEFI Class 2
• Uses UEFI/PI interfaces
• Runtime exposes UEFI and legacy BIOS interfaces
UEFI Class 3
• Uses UEFI/PI interfaces
• Runtime exposes only UEFI interfaces
UEFI Plugfest – October 2017 www.uefi.org 7
![Page 8: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/8.jpg)
… and there’s one “unspoken class”
UEFI Class 0
• Legacy BIOS
• No UEFI or UEFI PI interfaces
UEFI Class 1
• Uses UEFI/PI interfaces
• Runtime exposes only legacy BIOS runtime interfaces
UEFI Class 2
• Uses UEFI/PI interfaces
• Runtime exposes UEFI and legacy BIOS interfaces
UEFI Class 3+
• Uses UEFI/PI interfaces
• Runtime exposes only UEFI interfaces
• UEFI Secure Boot ON
UEFI Plugfest – October 2017 www.uefi.org 8
Enabling secure boot essentially creates another UEFI Class
![Page 9: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/9.jpg)
Why are BIOS & CSM still a thing?
• One specific tool doesn’t work with UEFI, so users turn on the CSM as a fix(as we say in Georgia, duct tape is cheaper than welding)
• Some users blame UEFI or Secure Boot whenever something doesn’t work(if you don’t believe me, search for “UEFI” on Twitter)
UEFI Plugfest – October 2017 www.uefi.org 9
![Page 10: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/10.jpg)
Issues Relying on 16-bit Legacy
• No standards for secure boot or signed code execution
Security Risks
• Requires two validation paths (CSM ON & CSM OFF)
Complicates Validation
• New technologies may not provide backward compatibility
Supporting Modern Technology
UEFI Plugfest – October 2017 www.uefi.org 10
![Page 11: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/11.jpg)
What is the “last mile km” for UEFI?
Retiring legacy code and related processes
• Tools (disk duplication, testing, update)
• Network Boot (PXE) to legacy images
Remove user motivations to stick with BIOS
• Improve experience with UEFI Secure Boot
• Promote enhanced UEFI features (HTTPS Boot, OS Recovery, Signed Capsule, …)
UEFI Plugfest – October 2017 www.uefi.org 11
![Page 12: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/12.jpg)
Advantages using UEFI Class 3
"Last Mile" Barriers to Removing Legacy BIOS
UEFI Plugfest – October 2017 www.uefi.org 12
![Page 13: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/13.jpg)
Advantages using UEFI Class 3
Smaller code size (ROM & OpROM)
Smaller validation/support footprint
Encourage use of new technologies
UEFI Plugfest – October 2017 www.uefi.org 13
![Page 14: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/14.jpg)
Industry is moving away from CSM
Many Intel Architecture platforms are UEFI Class 3/3+ out of the box• Many platforms with CSM (UEFI Class 2)
have it disabled by default (required when UEFI Secure Boot is enabled)
• Now mandated for specific platforms
• See ‘Security requirements’ on “UEFI requirements for Windows editions on SoC platforms” @ microsoft.com
UEFI Plugfest – October 2017 www.uefi.org 14
![Page 15: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/15.jpg)
Intel is deprecating legacy support
Intel is removing legacy BIOS support from client & data center platforms by 2020
• Platforms will be strictly UEFI Class 3
• No 16-bit OpROM (VGA, LAN, Storage)
This will break any customer process that depends on “disabling UEFI” (“CSM ON”)
UEFI Plugfest – October 2017 www.uefi.org 15
![Page 16: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/16.jpg)
Areas of Focus
"Last Mile" Barriers to Removing Legacy BIOS
UEFI Plugfest – October 2017 www.uefi.org 16
![Page 17: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/17.jpg)
Areas of Focus
• Improve user experience with UEFI Secure Boot (OS install, tools, recovery)
• Eliminate components with no UEFI support
• Remove DOS/BIOS dependencies from manufacturing/maintenance tools
• Educate customers on migrating network boot to UEFI (PXE & HTTPS)
UEFI Plugfest – October 2017 www.uefi.org 17
![Page 18: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/18.jpg)
Areas of Focus
• Improve user experience with UEFI Secure Boot (OS install, tools, recovery)
• Eliminate components with no UEFI support
• Remove DOS/BIOS dependencies from manufacturing/maintenance tools
• Educate customers on migrating network boot to UEFI (PXE & HTTPS)
UEFI Plugfest – October 2017 www.uefi.org 18
This is the typical consumer scenario, and the most restrictive from a validation standpoint. So…• Validate your tools with secure boot on• Customers shouldn’t have to disable secure boot or
enable CSM to solve common recovery problems
![Page 19: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/19.jpg)
Areas of Focus
• Improve user experience with UEFI Secure Boot (OS install, tools, recovery)
• Eliminate components with no UEFI support
• Remove DOS/BIOS dependencies from manufacturing/maintenance tools
• Educate customers on migrating network boot to UEFI (PXE & HTTPS)
UEFI Plugfest – October 2017 www.uefi.org 19
It’s a supply chain problem… wait, we’re the supply chain!• Drivers, peripherals, and utilities work without CSM• No DOS requirements for pre-OS validation/tools
(try UEFI Shell or Python)
![Page 20: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/20.jpg)
Areas of Focus
• Improve user experience with UEFI Secure Boot (OS install, tools, recovery)
• Eliminate components with no UEFI support
• Remove DOS/BIOS dependencies from manufacturing/maintenance tools
• Educate customers on migrating network boot to UEFI (PXE & HTTPS)
UEFI Plugfest – October 2017 www.uefi.org 20
No DOS requirements for pre-OS validation or maintenance tools (try UEFI Shell or Python)
Can you run manufacturing tests with UEFI Secure Boot enabled (UEFI Class 3+)?
![Page 21: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/21.jpg)
Areas of Focus
• Improve user experience with UEFI Secure Boot (OS install, tools, recovery)
• Eliminate components with no UEFI support
• Remove DOS/BIOS dependencies from manufacturing/maintenance tools
• Educate customers on migrating network boot to UEFI (PXE & HTTPS)
UEFI Plugfest – October 2017 www.uefi.org 21
• Promote improved functionality powered by UEFI (i.e. why are HTTPS & OS Recovery awesome?)
• Remove our customer’s incentives to stick with outdated tools that require DOS & BIOS
![Page 22: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/22.jpg)
Call to Action
"Last Mile" Barriers to Removing Legacy BIOS
UEFI Plugfest – October 2017 www.uefi.org 22
![Page 23: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/23.jpg)
Call to Action
• Many UEFI platforms still enable legacy BIOS compatibility using CSM
• CSM expose security issues and delays 100% migration to UEFI
• Many modern features have no equivalent legacy functionality and require booting in “UEFI mode”
• Intel is planning to deprecate legacy compatibility by 2020, and is working with partners on a smooth industry transition
UEFI Plugfest – October 2017 www.uefi.org 23
![Page 24: Last Mile Barriers to Removing Legacy BIOS · "Last Mile" Barriers to Removing Legacy BIOS Fall 2017 UEFI Plugfest October 30 –November 3, 2017 ... •One specific tool doesnt work](https://reader030.vdocuments.us/reader030/viewer/2022041022/5ed3182e444dc013b77eeada/html5/thumbnails/24.jpg)
Thanks for attending the Fall 2017 UEFI Plugfest
For more information on the UEFI Forum and UEFI Specifications, visit http://www.uefi.org
presented by
UEFI Plugfest – October 2017 www.uefi.org 24