

- INTEL BIOS UPDATE CAPSULE HEADER INVALID HOW TO
- INTEL BIOS UPDATE CAPSULE HEADER INVALID FOR WINDOWS 10
Windows UEFI Firmware Update Platform Microsoft provides “Windows UEFI Firmware Update Platform ” to define how to perform firmware updates initiated by Windows. The requirement is aligned with the NIST standard, such as including a signed bios update and rollback protection.
INTEL BIOS UPDATE CAPSULE HEADER INVALID FOR WINDOWS 10
Hardware Compatibility Specification for Systems for Windows 10 In order to maintain the integrity of the platform firmware, Microsoft describes a “Secure firmware update process” in. It does not define in detail either the firmware update capsule format or the details of the update process. This document defined the general security requirement for firmware update. – Microcontrollers on the system shall not be capable of directly modifying the firmware. – Non-Bypassability – Bus mastering that bypasses the main processor (e.g., Direct Memory Access to the system flash) shall not be capable of directly modifying the firmware. – Secure Local Update (optional) – The local update mechanism be used only to load the first BIOS image or to recover from a corruption of a system BIOS – Integrity Protection – The RTU and the system BIOS shall be protected from unintended modification. – Rollbacks of the BIOS to an earlier version are permitted only if the update or rollback has been authorized by the organization. The summary is below: – BIOS Update Authentication – Key storage in Root of Trust for Update (RTU) – Recovery mechanisms shall also use the authenticated update mechanism unless the recovery process meets the guidelines for a secure local update. NIST Standard To begin, the National Institute of Standards and Technology (NIST) provides the security guidelines on BIOS update, such as 800-147: BIOS Protection Guidelines and 800-147B: BIOS Protection Guidelines for Servers. There are some industry standards providing the guideline or the definition for the firmware update listed below. 42įirmware Update A system may need to update the firmware image. 25 EDKII System FMP Capsule Update Driver. 24 EDKII System Firmware Binary Update Image Format. 14 Capsule Coalesce for IA32 PEI and X64 DXE. 11 Capsule image not for firmware update. 6 Hardware Compatibility Specification for Systems for Windows 10. In this paper, we will provides more detail on how we implement capsule update and recovery in EDKII. In, we described general security design guidelines for firmware update and firmware recovery. The firmware recovery is also a feature to support firmware boot in recovery mode in cases where the main flash image is errant or corrupt. Zimmer Intel CorporationĮxecutive Summary Introduction The firmware update capability represents an important feature for the system firmware on the mother board and the various device firmware instances, such as a host bus adapter-attached PCI option ROM, embedded controller (EC), baseboard management controller (BMC), etc. White Paper A Tour Beyond BIOS – Capsule Update and Recovery in EDKII
