Dependable and secure UEFI BIOS embedded firmware
Sponsored content [Monday 18 March 2013]
Phoenix SecureCore Technology (Phoenix SCT) 3.0, the latest UEFI BIOS firmware from Phoenix Technologies, uses a graphical user interface to simplify once obscure BIOS settings. It uses an integrated development environment to accelerate firmware development, debugging, and customization in order to enhance boot performance while providing peripheral and system security support. Phoenix SCT 3.0 is playing a significant pioneering and innovative role in the next generation of BIOS. It is the first firmware in the industry to provide native EDK II support, backward compatibility support for EDK 1117, and cross-border applications for tablet PCs, ultrabooks, embedded systems, and servers.
Phoenix SCT 3.0 - Pioneering and innovative
In the past, BIOS used a text mode interface, with computer engineers having the knowledge to understand an item's meaning. The old model of control interface no longer meets the needs of today's prevailing touch control mobile devices. Terry Chen, VP Development Engineering at Phoenix, said during the recent DTF 2013 Embedded Technology Forum that Phoenix is committed to providing a simpler and more intuitive BIOS interface for end-users. Phoenix SCT 3.0, launched at the end of 2012, is equipped with a brand new graphical user interface BIOS setup.
Chen said that Phoenix SCT 3.0 is based on the latest UEFI specifications and the next generation UEFI BIOS EDK II core build environment. It provides backward compatibility to the previous generation's EDK 1117 specifications, and its unique universal framework system can provide cross-platform support for x86 and ARM architectures, simultaneously supporting different operating systems such as Windows and Linux, and can meet the needs of multi-platform generation system development with a single BIOS core.
Smooth migration to EDK II
Chen said that the packages, building tools, library objects, and configuration settings of EDK II are vastly different than those of EDK 1117. Intel is only scheduled to migrate to the EDK II firmware codes no later than 2015; therefore, a smooth transfer to EDK II is critical. Currently, the existing EDK program codes/library resources have not been fully migrated. If both the EDK 1117 and EDK II systems were used simultaneously to write firmware code, it would cause resource investment duplication and management problems.
Phoenix Technologies has proposed a universal build system that can simultaneously support EDK 1117 and EDK II program codes and drivers. The system's program code foundation is comparable to distinct IHV principles, and remains compatible with the older SCT .def usage, as well as the new EDK II PCD macro language definitions to assist customers with a smooth migration to EDK II.
Support and enhancements for Windows 8
Chen stated that Phoenix SCT 3.0 has added numerous new functions to the Windows 8 platform. For example, Fast POST can decide whether to initialize USB devices to save boot time. Microsoft uses the S4 sleep mode for fast boot-up and may not be able to detect newly installed hardware, but Phoenix SCT 3.0 can fix this situation.
Many automated software tests used on production lines will not work if the Secure Boot option in BIOS is activated. The Auto Signature Enroll Utility designed by Phoenix can configure the BIOS to activate Secure Boot during the last shutdown after all the products have been detected. In addition, Phoenix SCT 3.0 also supports the random number generator (RNG) agreement provided by EFI firmware or hardware during Windows boot-up, as required by Microsoft.
When a tablet PC activates the BitLocker hard disk encoding mechanism, the touch IC driver is integrated into the protective TPM encoding block and cannot be initialized during the boot process. This prohibits the tablet PC's virtual keyboard from being activated during the boot stage and being used to enter passwords. However, Phoenix SCT 3.0 can pre-initialize the touch control mechanism during the boot stage and allow users to perform BitLocker unlock using a virtual keyboard. In addition, for tablet PCs requiring external USB LAN Dongle (USB to LAN adapter) connections, Phoenix SCT 3.0 can support the LanBoot PXE with USB to LAN adapters and provide USB device boot support for Windows To Go (WTG).
Chen indicated that Microsoft has proposed allowing BIOS, TPM, IC readers, and even LAN network firmware to be downloaded and updated automatically through the Windows EFI Firmware Update (WUFU). Phoenix SCT 3.0 already provides full support for the NIST SP 800-147 (Secure BIOS and Secure Flash) security specifications, the Non-volatile Capsule Update mechanism, and reserves future support for WUFU. Phoenix SCT 3.0 also supports S0ix required by Connected Standby and PUIS (Power Up In Standby) modes as defined by Microsoft.
Modern screen settings and excellent user experiences
Chen emphasized that Phoenix SCT 3.0 can hide some sensitive/critical setting options required by the customers which can be displayed through special hotkeys. In some cases, File Explorer can also be embedded in the BIOS setup screen to provide functions that are similar to Windows Explorer. This allows users to organize files and directories, download files online, or delete files for drivers on the hard disk prior to reaching the OS stage.
Phoenix SCT 3.0 can directly initialize and provide support for touch ICs during the boot stage and provide BIOS touch hot-zones. Even without a keyboard, users can trigger various functions by touching the various parts of a touchscreen. For example, users can enter BIOS setup by touching the upper-right corner of the screen, or enter the Boot Menu by touching the lower-right corner of the screen, or even activate the Windows Key by touching the lower-left corner of the screen. Chen also mentioned that since the default text size is 19 points for the Intel UEFI firmware codes, text is hard to see on a 7.5 inch tablet PC and cannot be accurately controlled by the touchscreen. To solve this problem, Phoenix SCT 3.0 provides an adjustable font size browsing mode.
The biggest change for Phoenix SCT 3.0 is the latest Windows 8 style GUI BIOS Setup that utilizes finger touch control through a floating keyboard. Even gesture control is planned in the future.
OEM/ODM system developers can use the Phoenix Desktop Manager (PDM) customizable graphical user interface core engine to easily design exclusive graphical interfaces with WYSIWYG real-time text/color adjustment control methods that are similar to Windows.
Using BIOS applications to create added-value for embedded systems
Another feature of the PDM is that before an OEM device is registered by Windows during boot, it can pre-load the extension platforms that run the UEFI app programs, creating critical vendor differentiation in the embedded systems market. For example, the calculator, or QR Code programs can be directly executed during the BIOS stage without having to wait until Windows is booted.
In the past, BIOS firmware usually had to be fully rebuilt because some preloaded EFI drivers had to be removed in order to accommodate production line automated testing. Through the universal customized system (UCS) under the Phoenix SCT 3.0 development environment, several drivers and functional combinations can be selected and written into the BIOS firmware, and be defined by the runtime feature control jumper bits. When the system boots, the BIOS firmware enables Phoenix SCT 3.0 to perform the corresponding driver initiation/function combinations based on the jumper settings on the motherboard. This prevents production lines from having to wait for BIOS engineers to modify firmware before tests can be performed.
Improve system integrity and security
Phoenix SCT 3.0 provides additional system integrity improvements: (1) Sure Boot provides BIOS Auto Fail-Over that enables the system to select the most conservative factory-default settings during boot; (2) Safe Recover BIOS2 provides dual firmware backup/repair mechanisms to reduce the probability of RMA repairs due to BIOS damage; (3) Debug support capabilities that record the error register and flag states, memory addresses, and possible debugging information into the non-volatile memory via UEFI BIOS Capsule Update when the blue screen of death appears under the Windows 8 environment; and (4) a Non-Volatile Capsule that directly records the parameter setting values into the protected GPT Partition and reboot to replace the sleep wakeup boot mode.
Regarding security enhancements similar to the Secure Boot stage defined by Tiano (UEFI), Phoenix SCT 3.0 ensures that only reliable software and firmware can be executed and adds BIOS system parameter write protection as well as UEFI RAID OPROM password support.
Chen indicated that as a solution for the embedded market, Phoenix SCT 3.0 can help embedded system developers to smoothly migrate from existing Legacy/EDK 1117 firmware to EDK II to create a universal system platform and provide synchronized support for Windows 8 Embedded. Phoenix SCT 3.0 can provide a scalable text setting screen as well as touch and graphical configuration interfaces that can apply to embedded mobile devices and tablet PCs, and provide BIOS damage auto-repair mechanisms and proposed WUFU support to enhance system reliability that meets the present and future security needs of Windows 8.
Developed under the EDK II architecture, Phoenix SCT 3.0 UEFI BIOS can smoothly migrate from the software code resources of EDK 1117, taking into account future cross-platform portability of the ARM architecture while providing a better user experience and connectivity, support for embedded servers and embedded applications, and create differentiated product value for customers.
Terry Chen, VP Development Engineering at Phoenix