Microsoft Surface UEFI: Evolution in boot, security and device management

Brink · Jun 18, 2024

Surface IT Pro Blog:

At Surface, building our own UEFI is central to our goal of making Surface devices the most secure on the market. It's an ongoing journey built on our key investments in services and features. But what does that look like exactly? Read on to learn more about the enabling technologies that support UEFI development.

Built on Project Mu

Our adoption of Project Mu is driven by the goal of providing the best-in-class UEFI implementation on Surface devices and to showcase how to build devices that fully realize the Microsoft vision for what a personal computing device should be. Plus, our UEFI enhancements and goodness born in Surface are available for consumption by Project Mu and the wider open-source ecosystem.

Learn more about Project Mu:

Rise of Rust

Rust is emerging as the programming language of choice for developing performant, type-safe, and maintainable firmware with a strong focus on security. Adopting Rust is a strategic initiative for our UEFI and security firmware. We have transitioned several firmware components from C to Rust, the first step of a broader adoption going forward. To learn more, see Enhancing Firmware Security: Rust & UEFI in Project Mu | Microsoft Tech Community.

Our key investments

Writing our own UEFI stack enables us to fine tune a solution built for Surface devices. This provides a significant advantage over relying on a generic third-party UEFI stack. With rigorous control from requirements analysis to maintenance, our in-house development delivers an uncompromised and secure UEFI solution. This model allows us to respond quickly to new threats as we can seamlessly examine, create and deploy solutions without depending on a UEFI stack provided by an ISV, reducing the time of exposure for both consumer and commercial clients.

Furthermore, updates can quickly be fed back into Windows, Project Mu, and related open-source component ecosystems for consumption by our OEM partners. In the following sections, we will focus on specific areas of investment. This is not exhaustive; future posts will cover these topics in more detail.

Surface focus on security

We live in a world where threats and attacks can target our PCs from applications down to the firmware level. An attack and subsequent manipulation of a constituent component of the UEFI stack could severely compromise the system and grant a high-level of control to the attacker. Surface UEFI continues to develop a suite of technologies to protect devices and users from these threats.

Root of trust

Surface provides a secure foundation for device boot from reset by leveraging a hardware-validated Root of Trust policy. We do this through the cryptographic signature check and controlled execution of multiple firmware primitives before loading and booting to Windows. While there are variants to the Root of Trust and boot flows between SoC vendors, Surface UEFI is tailored for each to ensure optimal security and performance.

Secured Core PC

The Windows Secured Core PC (SCPC) model provides Surface devices with a secure operating environment and protection against sophisticated attacks. It offers increased assurance for devices handling mission-critical data in sensitive industries. Surface UEFI supports SCPC secure launch with two distinct silicon architecture-dependent solutions:

- Dynamic Root of Trust for Measurement (DRTM) for ARM-based Surface devices

- Firmware Attack Surface Reduction (FASR) for Intel-based Surface devices

Dynamic Root of Trust for Measurement

To overcome the inadequacies of the earlier Static Root of Trust for Measurement (SRTM) solution, Surface has enabled an industry-standard enhanced technology called DRTM. DRTM allows devices to boot from untrusted code and launch into a trusted state by taking control of all CPUs, creating a secure enclave that's isolated from the rest of the system with a protected execution state and memory.

DRTM then “measures” the firmware and bootloader components and system state (including things like memory controller configuration) in the enclave. The term “measure” refers to computing the digital signature of a firmware component or the cryptographic signature of sensitive operations (such as reconfiguration of security sensitive parameters or dispatch of an application or driver) and securely storing them in the TPM. These signatures can then be verified against expected states to attest to the security health of the system. On successful verification, the system has confidence that the firmware has not been tampered with and did not execute unexpected operations that might compromise its security.

Firmware Attack Surface Reduction

FASR adopts an equivalent method to DRTM and provides protection to assure that the boot environment is not tampered with, together with a secure attestation of firmware state to the operating system. This approach carefully controls the list of components allowed to execute in the FASR default boot path and reduces the firmware attack surface.

Standalone Management Mode

Surface UEFI includes support for Standalone Management Mode (Standalone MM) through the Management Mode Supervisor (MM Supervisor). The MM Supervisor applies CPU privilege level separation to enforce resource isolation for MSRs, I/O ports, memory regions (including SMM save state), and instruction types. This approach provides the highest level of Secured Core PC SMM isolation.

Learn more about Secured Core PCs, DRTM, and FASR:

Supporting the needs of our commercial & enterprise clients

As Surface continues to drive and grow its presence in the commercial and enterprise space, we are committed to ensuring our devices support the deployment, management, and control services provided by Microsoft.

Device Firmware Configuration Interface (DFCI)

Surface UEFI supports DFCI which provides an interface for firmware configuration that enables mobile device management agents like Microsoft Intune to configure UEFI settings. DFCI enables IT admins to remotely disable specific hardware components and prevent end users from changing them. This helps ensure consistent device configuration in a managed environment. Example settings include device boot order, device port enable/disablement, and external peripheral control and authentication. If you need to protect sensitive information in highly secure areas, you can disable the camera and lock down USB ports. If you don't want users booting from USB drives, you can disable that also.

Learn more about DFCI:

Surface Enterprise Management Mode (SEMM)

SEMM is a close relation to DFCI but is regarded as an on-premises device management tool rather than being controlled from the cloud. While DFCI enables remote deployment of firmware settings, SEMM requires physical or local deployment of a configuration package using the Surface IT Toolkit or System Center Configuration Manager (SCCM).

Learn more about SEMM:

Get started with Surface Enterprise Management Mode (SEMM) - Surface | Microsoft Learn

Dynamic USB-C disablement

Dynamic USB-C disablement allows administrators to manage USB-C ports based on specific scenarios or user needs, preventing unauthorized devices from being connected. When paired with the Surface Thunderbolt 4 Dock, IT admins can lock down USB-C ports whenever eligible Surface devices are undocked or connected to an unauthorized dock.

Learn more about USB-C disablement:

Manage USB ports on Surface devices - Surface | Microsoft Learn

A continuous focus on device performance and monitoring

Boot Time Reduction ~ or why we don’t want you to wait

Surface has a continuous focus on boot time reduction and “wake-on” scenario optimization to get users productive quickly. This initiative aligns with the evolution of Windows and Project Mu, including engagement with silicon partners.

Serviceability

Surface enables in-field device upgrades and repairs, reducing maintenance costs, downtime, and mean time to repair. During the development of each Surface model, considerable investment, care and attention is paid to ensure all hardware modules are tuned for optimal performance to provide a premium experience. This applies to everything from screen color accuracy to SSD read/write performance. Our goal in Surface is to ensure that any hardware module replaced with a Field Replacement Unit (FRU) maintains an optimal device experience.

UEFI Front Page

The Surface UEFI Front Page allows users to view and modify UEFI settings on their Surface device. It is invoked from cold-boot by the user holding down the volume-up key and pressing the power key. Once the user lands on the page, there are a number of tabs and fields that the user can navigate through to modify UEFI settings. If devices are locked down via DFCI or SEMM, these settings will be greyed out, preventing users from making any changes.

Looking ahead

In this post, we introduced Surface UEFI from the perspective of our key investments in services and features. However, this is just the baseline for configuring, securing, and updating many other system components. With a focus on both commercial and consumer segments, Surface UEFI will continue to develop solutions to lead and protect Windows by leveraging Project Mu, adopting Rust, participating in UEFI-related industry organizations, and co-engineering with silicon partners.

Learn more

Source:

Surface UEFI: Evolution in boot, security & device management to build an industry leading secure PC

Take a deep dive into the enabling technologies supporting UEFI development

techcommunity.microsoft.com

Microsoft Surface UEFI: Evolution in boot, security and device management

Built on Project Mu

Rise of Rust

Our key investments