Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Safeguarding UEFI Ecosystem - Firmware Supply Chain is Hardcoded

Black Hat via YouTube

Overview

Explore the complexities of supply chain security in the UEFI ecosystem through this 41-minute Black Hat conference talk. Delve into the challenges posed by multiple parties involved in firmware code development, including Intel/AMD's reference code and core frameworks from AMI, Phoenix, and Insyde. Understand why hardware platform vendors contribute less than 10% to the UEFI system firmware code base and the implications of this reality. Examine how vulnerabilities can be discovered not only in platform vendor codebases but also within reference code, potentially impacting the entire ecosystem. Learn about the varying patch cycles across vendors, the extended periods vulnerabilities can remain unpatched, and the difficulties in verifying fixes due to inconsistent patching methods. Gain insights from experts Alexander Tereshkin, Alexander Matrosov, and Adam Zabrocki on safeguarding the UEFI ecosystem and addressing the hardcoded challenges in firmware supply chain security.

Syllabus

Safeguarding UEFI Ecosystem: Firmware Supply Chain is Hard(coded)

Taught by

Black Hat

Reviews

Start your review of Safeguarding UEFI Ecosystem - Firmware Supply Chain is Hardcoded

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.