Part 4: Advanced Topics

Dive deep into firmware internals and security.

What You’ll Learn

Chapter Topics
14. PEI Phase PEIMs, PPIs, HOBs, memory initialization
15. DXE Phase Dispatcher, architectural protocols, events
16. SMM System Management Mode, security isolation
17. Security Secure Boot, TPM, measured boot
18. ACPI Table installation, ASL basics
19. Capsule Updates Firmware update mechanism
20. BMC Integration IPMI, Redfish, BMC-UEFI communication
21. RAS Features WHEA, APEI, error handling, reliability
22. eSPI Interface Virtual wires, flash access, EC/BMC communication, eDAF
23. ARM UEFI Environment setup, TF-A, SystemReady, ARM debugging

Boot Phase Deep Dive 

flowchart TB
    subgraph SEC [SEC Phase]
        S1[Reset Vector]
        S2[CAR Setup]
        S3[Trust Init]
    end

    subgraph PEI [PEI Phase]
        P1[PEIM Dispatch]
        P2[Memory Init]
        P3[HOB Creation]
    end

    subgraph DXE [DXE Phase]
        D1[DXE Core]
        D2[Driver Dispatch]
        D3[Protocol Install]
    end

    subgraph BDS [BDS Phase]
        B1[Boot Options]
        B2[OS Loader]
    end

    subgraph RT [Runtime]
        R1[OS Control]
        R2[Runtime Services]
    end

    SEC --> PEI
    PEI --> DXE
    DXE --> BDS
    BDS --> RT

    style SEC fill:#e74c3c,color:#fff
    style PEI fill:#e67e22,color:#fff
    style DXE fill:#2ecc71,color:#fff
    style BDS fill:#3498db,color:#fff
    style RT fill:#9b59b6,color:#fff

Security Architecture 

flowchart LR
    subgraph Trust Chain
        PK[Platform Key]
        KEK[Key Exchange Key]
        DB[Signature DB]
        IMG[Signed Image]
    end

    PK --> |Signs| KEK
    KEK --> |Signs| DB
    DB --> |Verifies| IMG

    style PK fill:#e74c3c,color:#fff
    style IMG fill:#2ecc71,color:#fff

BMC Integration Architecture 

flowchart TB
    subgraph Server Platform
        subgraph UEFI Firmware
            IPMI_DRV[IPMI Driver]
            RF_DRV[Redfish Driver]
            UEFI_APP[UEFI Applications]
        end

        subgraph Communication
            KCS[KCS Interface]
            BT[BT Interface]
            USB[USB Interface]
            NET[Network]
        end

        subgraph BMC
            BMC_FW[BMC Firmware]
            IPMI_SVC[IPMI Service]
            RF_SVC[Redfish Service]
            SENSORS[Sensors]
        end
    end

    IPMI_DRV --> KCS
    IPMI_DRV --> BT
    RF_DRV --> USB
    RF_DRV --> NET
    KCS --> BMC_FW
    BT --> BMC_FW
    USB --> BMC_FW
    NET --> RF_SVC
    BMC_FW --> IPMI_SVC
    BMC_FW --> SENSORS

    style BMC fill:#e67e22,color:#fff
    style UEFI_APP fill:#3498db,color:#fff

RAS Architecture 

flowchart TB
    subgraph Hardware Errors
        MCA[MCA/MCE<br/>CPU Errors]
        AER[PCIe AER<br/>Bus Errors]
        ECC[Memory ECC<br/>RAM Errors]
    end

    subgraph UEFI RAS
        HEST[HEST Table<br/>Error Sources]
        HANDLER[Error Handlers]
        BERT[BERT Table<br/>Boot Errors]
        ERST[ERST Table<br/>Error Storage]
    end

    subgraph Logging
        WHEA[WHEA Records]
        SEL[BMC SEL]
        OS[OS Error Log]
    end

    MCA --> HANDLER
    AER --> HANDLER
    ECC --> HANDLER
    HEST --> HANDLER
    HANDLER --> BERT
    HANDLER --> ERST
    HANDLER --> WHEA
    WHEA --> SEL
    WHEA --> OS

    style HANDLER fill:#e74c3c,color:#fff
    style WHEA fill:#3498db,color:#fff

eSPI Architecture 

flowchart TB
    subgraph Host Platform
        subgraph UEFI Firmware
            ESPI_DRV[eSPI Driver]
            FLASH_DRV[Flash Driver]
            EC_DRV[EC Driver]
        end

        subgraph eSPI Controller
            CTRL[eSPI Master]
            VW[Virtual Wires]
            PERIPH[Peripheral Channel]
            FLASH_CH[Flash Channel]
            OOB[OOB Channel]
        end
    end

    subgraph eSPI Devices
        EC[Embedded Controller]
        SIO[Super I/O]
        TPM[TPM]
        SPI_FLASH[SPI Flash]
        BMC[BMC]
    end

    ESPI_DRV --> CTRL
    FLASH_DRV --> FLASH_CH
    EC_DRV --> PERIPH
    VW --> EC
    PERIPH --> EC
    PERIPH --> SIO
    PERIPH --> TPM
    FLASH_CH --> SPI_FLASH
    OOB --> BMC

    style CTRL fill:#e67e22,color:#fff
    style VW fill:#3498db,color:#fff
    style EC fill:#2ecc71,color:#fff

ARM Boot Flow 

flowchart LR
    subgraph ARM Trusted Firmware
        BL1[BL1<br/>ROM]
        BL2[BL2<br/>Trusted Boot]
        BL31[BL31<br/>EL3 Runtime]
        BL32[BL32<br/>Secure OS]
        BL33[BL33<br/>UEFI]
    end

    subgraph UEFI
        SEC[SEC]
        PEI[PEI]
        DXE[DXE]
        BDS[BDS]
    end

    subgraph OS
        KERNEL[Linux/Windows]
    end

    BL1 --> BL2
    BL2 --> BL31
    BL2 --> BL32
    BL2 --> BL33
    BL33 --> SEC
    SEC --> PEI
    PEI --> DXE
    DXE --> BDS
    BDS --> KERNEL
    BL31 -.-> |SMC| DXE

    style BL31 fill:#e74c3c,color:#fff
    style BL33 fill:#2ecc71,color:#fff
    style DXE fill:#3498db,color:#fff

ARM Exception Levels 

flowchart TB
    subgraph Exception Levels
        EL3[EL3: Secure Monitor<br/>TF-A BL31, SMC Handler]
        EL2[EL2: Hypervisor<br/>Optional, KVM/Xen]
        EL1[EL1: OS Kernel<br/>Linux, Windows, UEFI DXE]
        EL0[EL0: User Applications<br/>Apps, UEFI Shell]
    end

    subgraph Security States
        SECURE[Secure World<br/>OP-TEE, TrustZone]
        NONSEC[Non-Secure World<br/>Rich OS, UEFI]
    end

    EL3 --> EL2
    EL2 --> EL1
    EL1 --> EL0
    EL3 <--> SECURE
    EL3 <--> NONSEC
    SECURE -.-> |World Switch| NONSEC

    style EL3 fill:#e74c3c,color:#fff
    style EL1 fill:#3498db,color:#fff
    style SECURE fill:#9b59b6,color:#fff

Advanced Content: This section covers low-level firmware internals. A strong understanding of Parts 1-3 is required.

Skill Level: Advanced / Professional Prerequisites: Parts 1-3 complete, understanding of x86/ARM64 architecture helpful

Table of contents

Back to top

UEFI Development Guide is not affiliated with the UEFI Forum. Content is provided for educational purposes.

This site uses Just the Docs, a documentation theme for Jekyll.