Recientemente Microsoft has introduced a new open project, the "Project Mu", which is developing a framework for creating UEFI environments that initialize hardware and provide a set of services to load the operating system.
Project Mu-based firmware is already being used in Microsoft products like Surface and Hyper-V.
The project builds on the work of the TianoCore EDK2 open UEFI stack, but it is not a fork, it is placed as a complement (module «MU»), compiled on the basis of new stable versions of TianoCore and returning specific TianoCore fixes and changes to the main project.
The developments of the project are distributed under the BSD license.
Una key feature of the Mu project is the development of the idea of firmware as a service (FaaS, Firmware as a Service), whose essence is to provide mechanisms to keep the firmware and the UEFI environment up to date.
FaaS allows you to view firmware as a product that requires constant updates to quickly provide bug and vulnerability fixes to users, as well as to add new features.
The developers of the Mu project tried to solve the problems that arise in the development of UEFI firmware, caused by the involvement of various vendors and the use of various proprietary components, which are subject to strict licensing restrictions.
Until now, due to the complexity of organizing the interaction between trading partners, manufacturers have practiced creating a fork of a typical code base when creating firmware with the introduction of product-specific modifications.
Maintaining the firmware in such conditions is too complicated and the cost of modifications and the risks associated with changes allow you to generate updates only in exceptional situations.
About the Mu project
Mu provides a set of modules, build tools and repositories focused on code reuse, a distributed collaborative development process with repository sharing, and strict quality control.
The generated firmware can combine open source components with proprietary modules, which are developed separately and the module itself is attached to the final product without violating the license requirements of the copyright holder.
Unlike TianoCore, Project Mu includes additional features to improve compatibility with Microsoft products, increase scalability (in the context of firmware maintenance for many different products that have multiple companies involved), simplify firmware maintenance, and organize planned updates.
The Project components include a user interface, an on-screen keyboard, tools to securely manage UEFI settings, a high-performance bootloader and a set of BIOS menu examples.
To increase the security of the project, the TianoCore code base was cleaned of obsolete components and changes were made to reduce possible attack vectors.
Besides the code, the project also iIncludes a set of specifications for organizing the firmware development process, in accordance with the FaaS paradigm, as well as a collection of tests and tools to analyze and optimize the quality of the firmware.
The main characteristics of Mu
- Interface to configure firmware (DFCI, device firmware configuration interface) and tools for mobile device management (MDM, Mobile Device Management);
- The BIOS password protection system that PBKDF2 uses for password hashing.
- Support for component verification using digital signatures based on EKU (Extended Key Usage).
- Using Microsoft's framework for unit testing.
- Means to audit, verify functionality and evaluate the performance of all capabilities of the platform.
- Scalable compilation system written in Python.
- Plug-ins to track information rewriting and parsing of the flash descriptor (Flash Descriptor, SPI Flash programming framework).
- Binary package management system based on the NuGet package manager.
- The possibility of certification by digital signatures of transmitted components using the UEFI capsule mechanism (means of transferring binary data sets to EFI firmware)
- Visual Studio compiler support.
- Base64 encoding support for binary objects.
- Package with XML support.