Intel is developing a new firmware architecture, Universal Scalable Firmware (USF), aimed at simplifying the development of all components of the software stack of firmware for various categories of devices, from servers to systems on a chip (SoC). USF provides abstraction layers to separate low-level hardware initialization logic from platform components responsible for configuration, firmware updates, security, and operating system boot. A draft specification and implementation of typical USF architecture elements is hosted on GitHub.
USF has a modular structure that is not tied to specific solutions and allows you to use various existing projects that implement the hardware initialization and boot stages, such as the TianoCore EDK2 UEFI stack, the minimalistic Slim Bootloader firmware, the U-Boot bootloader, and the CoreBoot platform. As payload environments used to find the bootloader and transfer control to the operating system, the UEFI interface, the LinuxBoot layer (for direct loading of the Linux kernel), VaultBoot (verified boot) and the ACRN hypervisor can be used. Generic interfaces are provided for operating systems such as ACPI, UEFI, Kexec, and Multi-boot.
USF allocates a separate layer for hardware support (FSP, Firmware Support Package), which interacts with a universal and customizable platform orchestration layer (POL, Platform Orchestration Layer) through a common API. FSP abstracts operations such as CPU reset, hardware initialization, work with SMM (System Management Mode), authentication and verification at the SoC level. The orchestration layer simplifies the creation of ACPI interfaces, supports generic loader libraries, allows you to use the Rust language to create secure firmware components, and allows you to define configuration using the YAML markup language. The POL also handles attestation (authentication), authentication, and securing updates.
The new architecture is expected to:
- Reduce the complexity and cost of developing firmware for new devices by reusing the code of ready-made standard components, modular architecture that is not tied to specific bootloaders, and the ability to use a universal API to configure modules.
- Improve firmware quality and security through the use of verifiable hardware interface modules and a more secure infrastructure for firmware authentication and verification.
- Use various loaders and payload components, depending on the tasks being solved.
- Accelerate the advancement of new technologies and shorten the development cycle - developers can focus only on adding specific functionality, otherwise using ready-made proven components.
- Scale the development of firmware for various mixed computing architectures (XPU), for example, including, in addition to the CPU, a built-in discrete graphics accelerator (dPGU) and programmable network devices to accelerate network operations in data centers that provide cloud systems (IPU, Infrastructure Processing Unit).
Source: opennet.ru