yabits: Yet Another UEFI coreboot Payload September 13, 2018 OSFC 2018: Open Source Firmware Coference Tokyo University of Science Akira Moroo Abstract
• UEFI is a de-facto standard BIOS • There are two types of UEFI implementations, • TianoCore and closed firmware • Closed firmware has problems • The users can not fix the bugs • The code shipped without enough verifications • TianoCore is an open source UEFI • The code base is too big in the view of booting OS • It is not suitable for embedded systems or bare metal clouds • =>yabits, a new UEFI implementation. • It is small footprint and boots fast.
1 Bio
• Akira Moroo • A graduate student at Tokyo University of Science. • Majors electrical engineering. • Researches in the field of software engineering.
• Interested in • Firmware/coreboot/UEFI/boot process of operating systems • Has ported mruby to UEFI shell in 2015. • Started yabits project in 2017. • As one of IPA Mitou project
2 BIOSes for x86-based PCs
• Legacy BIOS and UEFI
• Legacy BIOS • The origin is the BIOS of IBM PC in 1981. • Runs in 16-bit real mode for backward compatibility. • Does not standardized. • There are many incompatible extensions. • It is not suitable for modern x64-based machines.
• => UEFI is proposed in 2005.
3 Recap: UEFI
• Unified Extensible Firmware Interface (UEFI) • Based on EFI, developed for IA-64 by Intel. • Standardized by UEFI Forum[1]. • You can find the specification online[2]. • Supporting many Architectures. • IA-32, x64, ARM, ARM64, RISC-V etc • A lot of features compared with Legacy BIOS.
• => Almost all x86-based PCs are shipped with UEFI.
4 UEFI Implementations
• TianoCore and other closed firmware
• TianoCore • An open source UEFI reference implementation. • Developed by Intel and its community.
• Closed firmware • Developed by BIOS vendors. • Based on TianoCore, special features are added.
5 UEFI Ecosystem[3]
6 Problems in Current UEFIs
• Closed firmware • Remain bugs fixed in TianoCore if vendors do not update. • Shipped features without enough verifications. • Users can not fix bugs unless reverse engineering it. • As they uses same code base, they have same vulnerabilities even shipped from different vendors[4]. • Example: ThunderStrike2: Apple and ASUS
• => There are problems when using closed firmware.
7 Solution: coreboot
• An Open source BIOS • supports various mainboards. • Machine dependent part and Payload • Payload • “Machine independent” part • Freestanding ELF • SeaBIOS, TianoCore, FILO, GRUB2, Linux Kernel etc.
• => So, TianoCore on coreboot is the answer?
8 TianoCore is the Giant
• TianoCore is too big from the view of booting OSes. • Unused device drivers and protocols. • Large footprint, long boot time.
• Requirements of the new UEFI implementation. • Open source • Another code base from TianoCore • Small footprint • Booting fast • => yabits, yet another UEFI implementation.
9 yabits: Design
• Focus on booting OSes • A coreboot Payload. • Minimal features. • Only BootServices and RuntimeServices • Same Inferfaces as UEFI specification. (Yes, of course) • Class 3 UEFI, pure UEFI and no CSM mode. • Features • BootServices • RuntimeServices • EFI System Table support • GUID Partition Table Disk Layout support
10 yabits: Design (cont’d)
DriverDriver Hardware Driver Boot Driver Init Loader
Boot Services OS Manager
PEI DXE BDS TSL RT
11 yabits: Design (cont’d)
Driver Hardware Driver Boot Init Loader
Boot Services OS Manager
PEI DXE BDS TSL RT
12 yabits: Implementation
• Minoca OS • Unix-like OS written from scratch. • Small footprint, suitable for embedded systems. • It includes bootloader and UEFI for booting Minoca OS. • uefi of Minoca OS in x86 • TianoCore DuetPkg like x86 support. • Booting from Legacy BIOS and launching UEFI • yabits is based on uefi of Minoca OS. • Porting to coreboot Payload. • Natively runs on a machine.
13 yabits: Implementation (cont’d)
• Currently support IA-32 and x64(WIP). • Deeply Dependented on Libpayload. • Libpayload is a library for coreboot. • Ported Libpayload to x64 to reuse the code. • Add translation to 64-bit long mode. • Device drivers • Only IDE and AHCI. • The source code is available on: • https://github.com/yabits/uefi
14 Demo
Booting OpenBSD on QEMU https://youtu.be/2jjS4zQgUxQ
15 Demo
Boot Time Comparison with TianoCore https://youtu.be/1OTUr2_W5r4
16 Evaluation: Boot Time
Default yabits Boot Time (sec) 7.15 3.15
• Tested on Lenovo ThinkPad X230. • The boot time of yabits is 2x faster than that of default.
17 Evaluation: Boot Time (cont’d)
OVMF yabits Boot Time (sec) 7.48 0.81
• Tested on QEMU. • The boot time of yabits is 9x faster than that of OVMF. • Note that I failed to boot TianoCore on coreboot.
18 Evaluation: Footprint
TianoCore OVMF yabits Footprint 4.0 2.0 0.4 (MiB)
• Binaries for QEMU. • TianoCore is TianoCore + coreboot • The footprint of yabits is 10x smaller than that of TianoCore.
19 Future work
• ARM/ARM64 support • Setting menu • Secure boot support • Graphic Output Protocol (GOP) support • Windows boot support • This may be hard task. • There is just one developer. (only me) • Please pull requests and contribute! • https://github.com/yabits/uefi
20 Summary
• UEFI replaced Legacy BIOS in x86-based PCs. • There are two types of UEFI. • TianoCore • Other closed firmware • TianoCore is too large in the view of booting OSes. • yabits • Fast and lightweight yet another UEFI implementation. • For embedded systems and bare metal clouds. • https://yabits.github.io/
21 Acknowledgement
• This project (yabits) was supported by IPA Mitou Project 2017. I thank project managers and colleagues from IPA Mitou Project 2017 who provided insight and expertise that greatly assisted the project.
22 References
• [1] https://uefi.org/ • [2] https://uefi.org/specifications • [3] https://github.com/rrbranco/BlackHat2017/blob/m aster/BlackHat2017-BlackBIOS-v0.13-Published.pdf • [4] https://trmm.net/Thunderstrike2_details
23