The process of addressing a firmware security issue can be long and complex. This webinar will provide recommendations for moving security updates into the field fast and addresses in detail the release process of typical firmware security fixes, starting from the initial disclosure from third parties to the processes of addressing the issues with the affected firmware and impacted ODM & OEM teams, all the way to public disclosure. Also addressed is the firmware supply chain’s impact on firmware patch cycles and how different approaches to these cycles can leave devices vulnerable.
UEFI Secure Boot helps provide an effective defense against boot malware, but following today’s best practices in its implementation, deployment and configurability can help its increase its effectiveness against increasingly sophisticated exploits. This webinar will address how the latest recommendations for UEFI firmware from national security organizations can be leveraged to design secure devices that are able to meet stringent national security standards.
Today firmware is ever-present, and although we understand the importance of updating firmware, there still isn't widespread adoption of best practices for updating firmware in the enterprise. Updating is critical to keeping systems safe and understandably why a firmware update plan is necessary, from both a system and device side. In this presentation, Insyde Software and Eclypsium address the topic of firmware updates and provide some best practices to add to an overall security strategy.
See what System Prep Applications are in UEFI 2.5. You may also view the presentation on the UEFI Forum's YouTube Channel.
Learn about building a UEFI Test Strategy from the Fall 2014 UEFI Plugfest. You may also view the presentation on the UEFI Forum's YouTube Channel.
In addition to our blog series on the UEFI 2.4 specification, learn more about how the latest UEFI 2.4 specification helps facilitate the secure update feature on new computing platforms.
Get an introduction to the advantages of using a UEFI BIOS for embedded systems, and see why Insyde Software is the best partner to help get your new embedded design to market.
Do you have an upcoming Intel® Atom™ design where achieving optimal RTOS (real-time OS) performance is critical? View this presentation to learn more about how SMIs (system management interrupts) are handled and why Insyde's SMI-optimized BIOS for Intel Atom platforms provides the best combination for optimal RTOS performance.
Fast boot times and fast operating system load times are in high demand from customers and operating system providers. View this presentation to see how InsydeH2O® technology on Intel® Atom™ processors answers this demand by offering a new level of fast boot time performance for new platforms.
White Papers & Case Studies
In this paper, we look at a few ways you can use Insyde Software’s UEFI firmware and the Intel® System Resource Defense feature of the Intel Runtime BIOS Protection found in the 11th Gen Intel® Core™ Processor (codename Tiger Lake) when the firmware has been compromised. Either an attacker’s unauthorized code is executing in the firmware or authorized code in the firmware is executing badly under the attacker’s control. How can the user or IT administrator limit the damage and respond?
Get our new security whitepaper for 11th Gen Intel® Core™ Processors!
UEFI Secure Boot helps provide an effective defense against boot malware, but to increase its effectiveness against today’s increasingly sophisticated exploits, it is important to follow today’s best practices in its implementation, deployment and configurability. This whitepaper addresses how the latest recommendations for UEFI firmware from the United States NSA (National Security Agency) can be followed to design more secure devices that are able to meet some of the most stringent national security standards in the world.
The NSA’s guidelines help IT administrators and end users correctly configure the UEFI Secure Boot and related settings in their BIOS by listing six recommendations. It is not enough to have Secure Boot, it must be enabled correctly. This whitepaper describes these in more detail and how InsydeH2O® from Insyde Software supports them.
Get our new security whitepaper on Best Practices for NSA's UEFI Secure Boot Guidelines
Our latest case study explores how Matrox Imaging leveraged Insyde's UEFI firmware solutions and expertise along with Intel's powerful and efficient Intel Core processors to deliver their latest machine vision controller to market. Learn how Matrox was able to take advantage of InsydeH2O to create a secure, full featured-platform while reducing their overall development time. Sponsored by the Intel IoT Solutions Alliance.
Deploy Fast & Secure IoT Solutions with Insyde® Software’s BlinkBoot® and Intel® Firmware Support Package (Intel® FSP)
Insyde® Software BlinkBoot® is a UEFI-based boot loader that leverages Intel® Firmware Support Package (Intel® FSP) to deliver simple, fast and scalable firmware solutions for Internet of Things (IoT) platforms.
Protecting signing keys used in the secure boot infrastructure is a new challenge for OEMs and ODMs designing and building UEFI based computing platforms. Protection of these keys is critical. If signing keys are compromised, control of critical pieces of a company’s product line can be lost. A company that does not have security experts and a large security budget may think protection of signing keys is not feasible. This paper provides some practical advice on how to address this issue with limited resources.
Embedded system designers want to control what software runs on their system. This enhances security of a system, and makes it much more difficult for unauthorized software to run during the boot of a system. However, to ship a system with the secure boot feature enabled, fundamental changes need to be made to the way the system is designed, manufactured, deployed, and maintained. Many companies have used signing services for operating system drivers, but supporting the secure boot infrastructure on a product line is a much more difficult proposition. This paper discusses aspects of this problem and reviews resources that can help solve it. The focus is on embedded systems, but the principles are applicable to any computer system.