Part 4: Advanced Topics
Dive deep into firmware internals and security.
What You’ll Learn
| Chapter | Topics |
|---|---|
| 14. PEI Phase | PEIMs, PPIs, HOBs, memory initialization |
| 15. DXE Phase | Dispatcher, architectural protocols, events |
| 16. SMM | System Management Mode, security isolation |
| 17. Security | Secure Boot, TPM, measured boot |
| 18. ACPI | Table installation, ASL basics |
| 19. Capsule Updates | Firmware update mechanism |
| 20. BMC Integration | IPMI, Redfish, BMC-UEFI communication |
| 21. RAS Features | WHEA, APEI, error handling, reliability |
| 22. eSPI Interface | Virtual wires, flash access, EC/BMC communication, eDAF |
| 23. ARM UEFI | Environment setup, TF-A, SystemReady, ARM debugging |
Boot Phase Deep Dive
flowchart TB
subgraph SEC [SEC Phase]
S1[Reset Vector]
S2[CAR Setup]
S3[Trust Init]
end
subgraph PEI [PEI Phase]
P1[PEIM Dispatch]
P2[Memory Init]
P3[HOB Creation]
end
subgraph DXE [DXE Phase]
D1[DXE Core]
D2[Driver Dispatch]
D3[Protocol Install]
end
subgraph BDS [BDS Phase]
B1[Boot Options]
B2[OS Loader]
end
subgraph RT [Runtime]
R1[OS Control]
R2[Runtime Services]
end
SEC --> PEI
PEI --> DXE
DXE --> BDS
BDS --> RT
style SEC fill:#e74c3c,color:#fff
style PEI fill:#e67e22,color:#fff
style DXE fill:#2ecc71,color:#fff
style BDS fill:#3498db,color:#fff
style RT fill:#9b59b6,color:#fff
Security Architecture
flowchart LR
subgraph Trust Chain
PK[Platform Key]
KEK[Key Exchange Key]
DB[Signature DB]
IMG[Signed Image]
end
PK --> |Signs| KEK
KEK --> |Signs| DB
DB --> |Verifies| IMG
style PK fill:#e74c3c,color:#fff
style IMG fill:#2ecc71,color:#fff
BMC Integration Architecture
flowchart TB
subgraph Server Platform
subgraph UEFI Firmware
IPMI_DRV[IPMI Driver]
RF_DRV[Redfish Driver]
UEFI_APP[UEFI Applications]
end
subgraph Communication
KCS[KCS Interface]
BT[BT Interface]
USB[USB Interface]
NET[Network]
end
subgraph BMC
BMC_FW[BMC Firmware]
IPMI_SVC[IPMI Service]
RF_SVC[Redfish Service]
SENSORS[Sensors]
end
end
IPMI_DRV --> KCS
IPMI_DRV --> BT
RF_DRV --> USB
RF_DRV --> NET
KCS --> BMC_FW
BT --> BMC_FW
USB --> BMC_FW
NET --> RF_SVC
BMC_FW --> IPMI_SVC
BMC_FW --> SENSORS
style BMC fill:#e67e22,color:#fff
style UEFI_APP fill:#3498db,color:#fff
RAS Architecture
flowchart TB
subgraph Hardware Errors
MCA[MCA/MCE<br/>CPU Errors]
AER[PCIe AER<br/>Bus Errors]
ECC[Memory ECC<br/>RAM Errors]
end
subgraph UEFI RAS
HEST[HEST Table<br/>Error Sources]
HANDLER[Error Handlers]
BERT[BERT Table<br/>Boot Errors]
ERST[ERST Table<br/>Error Storage]
end
subgraph Logging
WHEA[WHEA Records]
SEL[BMC SEL]
OS[OS Error Log]
end
MCA --> HANDLER
AER --> HANDLER
ECC --> HANDLER
HEST --> HANDLER
HANDLER --> BERT
HANDLER --> ERST
HANDLER --> WHEA
WHEA --> SEL
WHEA --> OS
style HANDLER fill:#e74c3c,color:#fff
style WHEA fill:#3498db,color:#fff
eSPI Architecture
flowchart TB
subgraph Host Platform
subgraph UEFI Firmware
ESPI_DRV[eSPI Driver]
FLASH_DRV[Flash Driver]
EC_DRV[EC Driver]
end
subgraph eSPI Controller
CTRL[eSPI Master]
VW[Virtual Wires]
PERIPH[Peripheral Channel]
FLASH_CH[Flash Channel]
OOB[OOB Channel]
end
end
subgraph eSPI Devices
EC[Embedded Controller]
SIO[Super I/O]
TPM[TPM]
SPI_FLASH[SPI Flash]
BMC[BMC]
end
ESPI_DRV --> CTRL
FLASH_DRV --> FLASH_CH
EC_DRV --> PERIPH
VW --> EC
PERIPH --> EC
PERIPH --> SIO
PERIPH --> TPM
FLASH_CH --> SPI_FLASH
OOB --> BMC
style CTRL fill:#e67e22,color:#fff
style VW fill:#3498db,color:#fff
style EC fill:#2ecc71,color:#fff
ARM Boot Flow
flowchart LR
subgraph ARM Trusted Firmware
BL1[BL1<br/>ROM]
BL2[BL2<br/>Trusted Boot]
BL31[BL31<br/>EL3 Runtime]
BL32[BL32<br/>Secure OS]
BL33[BL33<br/>UEFI]
end
subgraph UEFI
SEC[SEC]
PEI[PEI]
DXE[DXE]
BDS[BDS]
end
subgraph OS
KERNEL[Linux/Windows]
end
BL1 --> BL2
BL2 --> BL31
BL2 --> BL32
BL2 --> BL33
BL33 --> SEC
SEC --> PEI
PEI --> DXE
DXE --> BDS
BDS --> KERNEL
BL31 -.-> |SMC| DXE
style BL31 fill:#e74c3c,color:#fff
style BL33 fill:#2ecc71,color:#fff
style DXE fill:#3498db,color:#fff
ARM Exception Levels
flowchart TB
subgraph Exception Levels
EL3[EL3: Secure Monitor<br/>TF-A BL31, SMC Handler]
EL2[EL2: Hypervisor<br/>Optional, KVM/Xen]
EL1[EL1: OS Kernel<br/>Linux, Windows, UEFI DXE]
EL0[EL0: User Applications<br/>Apps, UEFI Shell]
end
subgraph Security States
SECURE[Secure World<br/>OP-TEE, TrustZone]
NONSEC[Non-Secure World<br/>Rich OS, UEFI]
end
EL3 --> EL2
EL2 --> EL1
EL1 --> EL0
EL3 <--> SECURE
EL3 <--> NONSEC
SECURE -.-> |World Switch| NONSEC
style EL3 fill:#e74c3c,color:#fff
style EL1 fill:#3498db,color:#fff
style SECURE fill:#9b59b6,color:#fff
Advanced Content: This section covers low-level firmware internals. A strong understanding of Parts 1-3 is required.
Skill Level: Advanced / Professional Prerequisites: Parts 1-3 complete, understanding of x86/ARM64 architecture helpful