E
elwynowen
At Surface, building our own UEFI is central to our goal of making Surface devices the most secure on the market. It's an ongoing journey built on our key investments in services and features. But what does that look like exactly? Read on to learn more about the enabling technologies that support UEFI development.
Our adoption of Project Mu is driven by the goal of providing the best-in-class UEFI implementation on Surface devices and to showcase how to build devices that fully realize the Microsoft vision for what a personal computing device should be. Plus, our UEFI enhancements and goodness born in Surface are available for consumption by Project Mu and the wider open-source ecosystem.
Learn more about Project Mu:
Rust is emerging as the programming language of choice for developing performant, type-safe, and maintainable firmware with a strong focus on security. Adopting Rust is a strategic initiative for our UEFI and security firmware. We have transitioned several firmware components from C to Rust, the first step of a broader adoption going forward. To learn more, see Enhancing Firmware Security: Rust & UEFI in Project Mu | Microsoft Tech Community.
Writing our own UEFI stack enables us to fine tune a solution built for Surface devices. This provides a significant advantage over relying on a generic third-party UEFI stack. With rigorous control from requirements analysis to maintenance, our in-house development delivers an uncompromised and secure UEFI solution. This model allows us to respond quickly to new threats as we can seamlessly examine, create and deploy solutions without depending on a UEFI stack provided by an ISV, reducing the time of exposure for both consumer and commercial clients.
Furthermore, updates can quickly be fed back into Windows, Project Mu, and related open-source component ecosystems for consumption by our OEM partners. In the following sections, we will focus on specific areas of investment. This is not exhaustive; future posts will cover these topics in more detail.
We live in a world where threats and attacks can target our PCs from applications down to the firmware level. An attack and subsequent manipulation of a constituent component of the UEFI stack could severely compromise the system and grant a high-level of control to the attacker. Surface UEFI continues to develop a suite of technologies to protect devices and users from these threats.
Surface provides a secure foundation for device boot from reset by leveraging a hardware-validated Root of Trust policy. We do this through the cryptographic signature check and controlled execution of multiple firmware primitives before loading and booting to Windows. While there are variants to the Root of Trust and boot flows between SoC vendors, Surface UEFI is tailored for each to ensure optimal security and performance.
The Windows Secured Core PC (SCPC) model provides Surface devices with a secure operating environment and protection against sophisticated attacks. It offers increased assurance for devices handling mission-critical data in sensitive industries. Surface UEFI supports SCPC secure launch with two distinct silicon architecture-dependent solutions:
- Dynamic Root of Trust for Measurement (DRTM) for ARM-based Surface devices
- Firmware Attack Surface Reduction (FASR) for Intel-based Surface devices
To overcome the inadequacies of the earlier Static Root of Trust for Measurement (SRTM) solution, Surface has enabled an industry-standard enhanced technology called DRTM. DRTM allows devices to boot from untrusted code and launch into a trusted state by taking control of all CPUs, creating a secure enclave that's isolated from the rest of the system with a protected execution state and memory.
DRTM then “measures” the firmware and bootloader components and system state (including things like memory controller configuration) in the enclave. The term “measure” refers to computing the digital signature of a firmware component or the cryptographic signature of sensitive operations (such as reconfiguration of security sensitive parameters or dispatch of an application or driver) and securely storing them in the TPM. These signatures can then be verified against expected states to attest to the security health of the system. On successful verification, the system has confidence that the firmware has not been tampered with and did not execute unexpected operations that might compromise its security.
FASR adopts an equivalent method to DRTM and provides protection to assure that the boot environment is not tampered with, together with a secure attestation of firmware state to the operating system. This approach carefully controls the list of components allowed to execute in the FASR default boot path and reduces the firmware attack surface.
Surface UEFI includes support for Standalone Management Mode (Standalone MM) through the Management Mode Supervisor (MM Supervisor). The MM Supervisor applies CPU privilege level separation to enforce resource isolation for MSRs, I/O ports, memory regions (including SMM save state), and instruction types. This approach provides the highest level of Secured Core PC SMM isolation.
Learn more about Secured Core PCs, DRTM, and FASR:
As Surface continues to drive and grow its presence in the commercial and enterprise space, we are committed to ensuring our devices support the deployment, management, and control services provided by Microsoft.
Surface UEFI supports DFCI which provides an interface for firmware configuration that enables mobile device management agents like Microsoft Intune to configure UEFI settings. DFCI enables IT admins to remotely disable specific hardware components and prevent end users from changing them. This helps ensure consistent device configuration in a managed environment. Example settings include device boot order, device port enable/disablement, and external peripheral control and authentication. If you need to protect sensitive information in highly secure areas, you can disable the camera and lock down USB ports. If you don't want users booting from USB drives, you can disable that also.
Learn more about DFCI:
SEMM is a close relation to DFCI but is regarded as an on-premises device management tool rather than being controlled from the cloud. While DFCI enables remote deployment of firmware settings, SEMM requires physical or local deployment of a configuration package using the Surface IT Toolkit or System Center Configuration Manager (SCCM).
Learn more about SEMM:
Dynamic USB-C disablement allows administrators to manage USB-C ports based on specific scenarios or user needs, preventing unauthorized devices from being connected. When paired with the Surface Thunderbolt 4 Dock, IT admins can lock down USB-C ports whenever eligible Surface devices are undocked or connected to an unauthorized dock.
Learn more about USB-C disablement:
Boot Time Reduction ~ or why we don’t want you to wait
Surface has a continuous focus on boot time reduction and “wake-on” scenario optimization to get users productive quickly. This initiative aligns with the evolution of Windows and Project Mu, including engagement with silicon partners.
Surface enables in-field device upgrades and repairs, reducing maintenance costs, downtime, and mean time to repair. During the development of each Surface model, considerable investment, care and attention is paid to ensure all hardware modules are tuned for optimal performance to provide a premium experience. This applies to everything from screen color accuracy to SSD read/write performance. Our goal in Surface is to ensure that any hardware module replaced with a Field Replacement Unit (FRU) maintains an optimal device experience.
The Surface UEFI Front Page allows users to view and modify UEFI settings on their Surface device. It is invoked from cold-boot by the user holding down the volume-up key and pressing the power key. Once the user lands on the page, there are a number of tabs and fields that the user can navigate through to modify UEFI settings. If devices are locked down via DFCI or SEMM, these settings will be greyed out, preventing users from making any changes.
In this post, we introduced Surface UEFI from the perspective of our key investments in services and features. However, this is just the baseline for configuring, securing, and updating many other system components. With a focus on both commercial and consumer segments, Surface UEFI will continue to develop solutions to lead and protect Windows by leveraging Project Mu, adopting Rust, participating in UEFI-related industry organizations, and co-engineering with silicon partners.
Continue reading...
Built on Project Mu
Our adoption of Project Mu is driven by the goal of providing the best-in-class UEFI implementation on Surface devices and to showcase how to build devices that fully realize the Microsoft vision for what a personal computing device should be. Plus, our UEFI enhancements and goodness born in Surface are available for consumption by Project Mu and the wider open-source ecosystem.
Learn more about Project Mu:
- Project Mu
- microsoft/mu_plus
- GitHub - microsoft/mu_rust_hid: A Rust crate for parsing HID Report Descriptors.
Rise of Rust
Rust is emerging as the programming language of choice for developing performant, type-safe, and maintainable firmware with a strong focus on security. Adopting Rust is a strategic initiative for our UEFI and security firmware. We have transitioned several firmware components from C to Rust, the first step of a broader adoption going forward. To learn more, see Enhancing Firmware Security: Rust & UEFI in Project Mu | Microsoft Tech Community.
Our key investments
Writing our own UEFI stack enables us to fine tune a solution built for Surface devices. This provides a significant advantage over relying on a generic third-party UEFI stack. With rigorous control from requirements analysis to maintenance, our in-house development delivers an uncompromised and secure UEFI solution. This model allows us to respond quickly to new threats as we can seamlessly examine, create and deploy solutions without depending on a UEFI stack provided by an ISV, reducing the time of exposure for both consumer and commercial clients.
Furthermore, updates can quickly be fed back into Windows, Project Mu, and related open-source component ecosystems for consumption by our OEM partners. In the following sections, we will focus on specific areas of investment. This is not exhaustive; future posts will cover these topics in more detail.
Surface focus on security
We live in a world where threats and attacks can target our PCs from applications down to the firmware level. An attack and subsequent manipulation of a constituent component of the UEFI stack could severely compromise the system and grant a high-level of control to the attacker. Surface UEFI continues to develop a suite of technologies to protect devices and users from these threats.
Root of trust
Surface provides a secure foundation for device boot from reset by leveraging a hardware-validated Root of Trust policy. We do this through the cryptographic signature check and controlled execution of multiple firmware primitives before loading and booting to Windows. While there are variants to the Root of Trust and boot flows between SoC vendors, Surface UEFI is tailored for each to ensure optimal security and performance.
Secured Core PC
The Windows Secured Core PC (SCPC) model provides Surface devices with a secure operating environment and protection against sophisticated attacks. It offers increased assurance for devices handling mission-critical data in sensitive industries. Surface UEFI supports SCPC secure launch with two distinct silicon architecture-dependent solutions:
- Dynamic Root of Trust for Measurement (DRTM) for ARM-based Surface devices
- Firmware Attack Surface Reduction (FASR) for Intel-based Surface devices
Dynamic Root of Trust for Measurement
To overcome the inadequacies of the earlier Static Root of Trust for Measurement (SRTM) solution, Surface has enabled an industry-standard enhanced technology called DRTM. DRTM allows devices to boot from untrusted code and launch into a trusted state by taking control of all CPUs, creating a secure enclave that's isolated from the rest of the system with a protected execution state and memory.
DRTM then “measures” the firmware and bootloader components and system state (including things like memory controller configuration) in the enclave. The term “measure” refers to computing the digital signature of a firmware component or the cryptographic signature of sensitive operations (such as reconfiguration of security sensitive parameters or dispatch of an application or driver) and securely storing them in the TPM. These signatures can then be verified against expected states to attest to the security health of the system. On successful verification, the system has confidence that the firmware has not been tampered with and did not execute unexpected operations that might compromise its security.
Firmware Attack Surface Reduction
FASR adopts an equivalent method to DRTM and provides protection to assure that the boot environment is not tampered with, together with a secure attestation of firmware state to the operating system. This approach carefully controls the list of components allowed to execute in the FASR default boot path and reduces the firmware attack surface.
Standalone Management Mode
Surface UEFI includes support for Standalone Management Mode (Standalone MM) through the Management Mode Supervisor (MM Supervisor). The MM Supervisor applies CPU privilege level separation to enforce resource isolation for MSRs, I/O ports, memory regions (including SMM save state), and instruction types. This approach provides the highest level of Secured Core PC SMM isolation.
Learn more about Secured Core PCs, DRTM, and FASR:
- Windows 11 Secured-core PCs | Microsoft Learn
- How System Guard helps protect Windows - Windows Security | Microsoft Learn
- Firmware Attack Surface Reduction (FASR) - Windows drivers | Microsoft Learn
Supporting the needs of our commercial & enterprise clients
As Surface continues to drive and grow its presence in the commercial and enterprise space, we are committed to ensuring our devices support the deployment, management, and control services provided by Microsoft.
Device Firmware Configuration Interface (DFCI)
Surface UEFI supports DFCI which provides an interface for firmware configuration that enables mobile device management agents like Microsoft Intune to configure UEFI settings. DFCI enables IT admins to remotely disable specific hardware components and prevent end users from changing them. This helps ensure consistent device configuration in a managed environment. Example settings include device boot order, device port enable/disablement, and external peripheral control and authentication. If you need to protect sensitive information in highly secure areas, you can disable the camera and lock down USB ports. If you don't want users booting from USB drives, you can disable that also.
Learn more about DFCI:
Surface Enterprise Management Mode (SEMM)
SEMM is a close relation to DFCI but is regarded as an on-premises device management tool rather than being controlled from the cloud. While DFCI enables remote deployment of firmware settings, SEMM requires physical or local deployment of a configuration package using the Surface IT Toolkit or System Center Configuration Manager (SCCM).
Learn more about SEMM:
Dynamic USB-C disablement
Dynamic USB-C disablement allows administrators to manage USB-C ports based on specific scenarios or user needs, preventing unauthorized devices from being connected. When paired with the Surface Thunderbolt 4 Dock, IT admins can lock down USB-C ports whenever eligible Surface devices are undocked or connected to an unauthorized dock.
Learn more about USB-C disablement:
A continuous focus on device performance and monitoring
Boot Time Reduction ~ or why we don’t want you to wait
Surface has a continuous focus on boot time reduction and “wake-on” scenario optimization to get users productive quickly. This initiative aligns with the evolution of Windows and Project Mu, including engagement with silicon partners.
Serviceability
Surface enables in-field device upgrades and repairs, reducing maintenance costs, downtime, and mean time to repair. During the development of each Surface model, considerable investment, care and attention is paid to ensure all hardware modules are tuned for optimal performance to provide a premium experience. This applies to everything from screen color accuracy to SSD read/write performance. Our goal in Surface is to ensure that any hardware module replaced with a Field Replacement Unit (FRU) maintains an optimal device experience.
UEFI Front Page
The Surface UEFI Front Page allows users to view and modify UEFI settings on their Surface device. It is invoked from cold-boot by the user holding down the volume-up key and pressing the power key. Once the user lands on the page, there are a number of tabs and fields that the user can navigate through to modify UEFI settings. If devices are locked down via DFCI or SEMM, these settings will be greyed out, preventing users from making any changes.
Looking ahead
In this post, we introduced Surface UEFI from the perspective of our key investments in services and features. However, this is just the baseline for configuring, securing, and updating many other system components. With a focus on both commercial and consumer segments, Surface UEFI will continue to develop solutions to lead and protect Windows by leveraging Project Mu, adopting Rust, participating in UEFI-related industry organizations, and co-engineering with silicon partners.
Learn more
- Project Mu
- microsoft/mu_plus
- GitHub - microsoft/mu_rust_hid: A Rust crate for parsing HID Report Descriptors.
- Enhancing Firmware Security: Rust & UEFI in Project Mu | Microsoft Tech Community
- Windows 11 Secured-core PCs | Microsoft Learn
- How System Guard helps protect Windows - Windows Security | Microsoft Learn
- Firmware Attack Surface Reduction (FASR) - Windows drivers | Microsoft Learn
- DFCI Management | Microsoft Learn
- Manage DFCI on Surface devices - Surface | Microsoft Learn
- Get started with Surface Enterprise Management Mode (SEMM) - Surface | Microsoft Learn
- Manage USB ports on Surface devices - Surface | Microsoft Learn
Continue reading...