Morning Session

UEFI Secure Boot: Advanced Concepts

• Detailed exploration of UEFI Secure Boot mechanisms
• Managing and utilizing UEFI Variables and Authenticated Variables
• Hands-On Lab: Advanced configuration and management of UEFI Secure Boot

Hardware Implementation of UEFI Secure Boot

• Practical implementation on actual hardware (Odroid H4+)
• Hands-On Lab: Implementing UEFI Secure Boot on provided hardware

Analysis of Popular Attacks on UEFI Secure Boot

• Overview of attack surfaces and vulnerabilities
• Case studies: Black Lotus, LogoFAIL, Boot Hole, and other notable CVEs
• Hands-On Exercise: Simulating and analyzing attacks in a controlled environment



Day 3 - Root of Trust Assessment, Integration, and Provisioning

Root of Trust and Chain of Trust Technologies

• Detailed exploration of Root of Trust concepts
• Overview of Intel Boot Guard and its significance
• Hands-On Exercise: Implementing Root of Trust in an emulated environmen



Assessing Root of Trust Implementations

• Techniques for assessing Root of Trust mechanisms
• Tools and methodologies for evaluating Root of Trust effectiveness
• Hands-On Lab: Assessing and validating Root of Trust in provided hardware



Integrating Root of Trust with UEFI Secure Boot

• Steps for integrating Root of Trust technologies into existing UEFI Secure Boot implementations
• Hands-On Exercise: Integrating Root of Trust with UEFI Secure Boot on provided hardware



Provisioning Root of Trust in Modern Hardware

• Processes and procedures for provisioning Root of Trust in modern hardware platforms
• Case study: Intel Alder Lake N security features and provisioning
• Hands-On Lab: Provisioning Root of Trust and configuring security settings



Who Should Attend? | Target Audience:

The following job roles are expected to benefit the most from this training:

• Embedded Developers: Professionals developing embedded systems who need to implement secure boot mechanisms and understand the root of trust technologies
• Firmware Developers: Developers working on firmware who need to secure the boot process and manage UEFI Variables effectively.
• Platform and System Architects: Architects responsible for designing secure systems, ensuring that security principles are integrated into the boot process and system architecture.
• Medical and Defense Product Owners: Product owners in the medical and defense sectors who need to ensure the highest level of security in their products, particularly in securing the boot process.
• Hardware Hackers: Enthusiasts and professionals who explore hardware systems, aiming to understand and protect against security vulnerabilities in firmware.
• Pen Testers: Penetration testers focusing on low-level security who assess the security of hardware and firmware components, including UEFI Secure Boot.
• Operating Systems Security Researchers, Developers, and Maintainers



What to Bring? | Software and Hardware Requirements:

Attendees should bring the following for the training:




Own Laptop:

• Running Windows, Linux, or macOS
• Minimum 16GB RAM
• At least 20GB of free disk space
• At least one free USB port



Software:

• VirtualBox (latest version)
• OVA Image with Ubuntu (provided before the training)



Provided by Trainer:

• Any additional hardware required for the training, including the Odroid H4+



**Note:**

• Detailed installation instructions for VirtualBox and other required software will be provided before the training
• The OVA image will be pre-configured with the necessary tools and software
• Ensure all software is installed and tested prior to the training to avoid delays
• Support will be available on the first day for troubleshooting setup issues
• The trainer is familiar only with the Linux environment and cannot support debugging issues on Windows or macOS systems



What to Bring? | Prerequisite Knowledge and Skills:

• The default operating system for training will be Ubuntu 24.04 LTS running in VM
• Fluency in the Linux command line and basic command-line tools
• Familiarity with basic text editors like vim or nano
• Basic understanding of C
• Basic understanding of cryptography
• Familiarity with embedded hardware (UART, SPI)



Resources Provided at the Training | Deliverables:

Before the Course

• Lab Manual: A comprehensive lab manual detailing the course agenda, step-by-step instructions for all practical exercises, and troubleshooting tips.
• OVA Image with Ubuntu: A pre-configured OVA image with Ubuntu 24.04 LTS, pre-installed with all necessary tools and software required for the training.
• Preparation Checklist: This checklist helps participants ensure they have completed all necessary preparations before the course starts, including software installations and basic configurations.



During the Course




Training Kit:

The training kit consists of:

**NOTE**

• Odroid H4+ Hardware: Provided by the trainer for the purpose of the course hands-on exercises.
• USB Pen Drive: Pre-loaded with necessary files and tools for the training exercises.



ABOUT THE TRAINERS

Piotr Król is an open-source firmware enthusiast who founded 3mdeb in March 2015. His expertise is rooted in the hacker ethos of collaborative innovation and transparency, guiding 3mdeb's focus on projects like Zarhus OS, a Yocto-based Embedded Linux distribution, and Dasharo, a coreboot downstream project. These projects are dedicated to open development, embedded firmware resilience, platform security, transparency, the right to repair, and digital sovereignty.

Piotr Król is an open-source firmware enthusiast who founded 3mdeb in March 2015. His expertise is rooted in the hacker ethos of collaborative innovation and transparency, guiding 3mdeb's focus on projects like Zarhus OS, a Yocto-based Embedded Linux distribution, and Dasharo, a coreboot downstream project. These projects are dedicated to open development, embedded firmware resilience, platform security, transparency, the right to repair, and digital sovereignty.