Intel
ModernFW aims to provide minimalistic firmware suitable for use on vertically integrated platforms such as servers for cloud systems. On such systems, there is no need to maintain in the firmware the backward compatibility code and components for universal use that are inherent in traditional UEFI firmware. Getting rid of redundant code reduces the number of possible vectors for attacks and errors, which has a positive effect on security and efficiency. In particular, work is underway to remove support for obsolete device types and functionality from the firmware that can be performed in the context of the operating system.
Only the necessary device drivers are left and minimal support for emulated and virtual devices is provided. Whenever possible, tasks that can be performed at the OS level are moved to the operating system level. Part of the code is shared between the firmware and the OS kernel. A modular and custom configuration is provided. Architecture support is currently limited to x86-64 systems, and only Linux is supported from the bootable OS (if necessary, support for other OSes can be implemented).
At the same time, Intel
joint project
Emulation support is minimized (the emphasis is on paravirtualization). Currently only x86_64 systems are supported, but AArch64 support is on the way. To get rid of unnecessary code and simplify the configuration of the CPU, memory, PCI and NVDIMM is done at the assembly stage. It is possible to migrate virtual machines between servers. Of the key tasks mentioned: high responsiveness, low memory consumption, high performance and reduction of possible vectors for attacks.
Source: opennet.ru