Signed UEFI Firmware Updates in EDK II

Intel has recently contributed a full implementation for UEFI Capsule update, including support for the EFI System Resource Table (ESRT) and Firmware Management Protocol (FMP), under EDK II. The SignedCapsulePkg has been ported to two open platforms, MinnowBoard Max/Turbot and Intel® Galileo, for further development and validation. This open implementation simplifies deployment of secure firmware updates, even when using designs based on open hardware.

The firmware driver package contains a firmware update payload, which is passed to UEFI firmware via the Update Capsule function. By processing the capsule after reset, the system firmware is responsible for authenticating the capsule and performing the update. If the capsule payload has been compromised or doesn’t apply to this system, the firmware can reject the update and avoid corruption. Firmware is essential to the platform’s root-of-trust, so it’s in the best position to securely update itself.
-- "
Better Firmware Updates in Linux* Using UEFI Capsules"

Using signed images with UEFI Capsule allows an OS-agnostic process to provide verified firmware updates, utilizing root-of-trust established by the firmware. This scenario assumes the factory-provisioned firmware and subsequent updates are signed with the same public/private keypair, which the SignedCapsulePkg solution implements using OpenSSL. 

References

For more complete information about compiler optimizations, see our Optimization Notice.