If the Option ROM format is set to UEFI Compatible, it will use the newer EFI ROM if one is present and the legacy ROM if one is not. Note that when Secure Boot is enabled, execution of the Compatibility Support Module and legacy ROMs is prohibited because legacy firmware drivers do not support authentication.If the Option ROM format in the BIOS configuration is set to legacy ROM, it will always use the legacy ROM on the device. UEFI BIOS can load and execute legacy firmware drivers when a Compatibility Support Module (CSM) is enabled. Legacy ROM + UEFI 圆4 + UEFI IA32 + UEFI EBC OpROM Many manufacturers create devices that include option ROMs and firmware for many types of PCs. Supporting both UEFI BIOS and Legacy BIOS This document talks about why you need to validate option ROMs and shows some techniques of doing it. When the option ROM carries the driver, the IHV can leverage that driver, and keep the driver and device in one place. Option ROMs can be used when it's not be possible to embed a device's firmware in the PC firmware.
For the purposes of this discussion, only PCI-based UEFI-compatible option ROMs will be considered. The Unified Extensible Firmware Interface (UEFI) has support for Legacy mode option ROMs.Īs per latest UEFI specification (currently at 2.3.1 Errata C – section 2.5.1.2), ISA (legacy) option ROMs are not a part of the UEFI Specification. These devices typically have Option ROMs that provide firmware drivers. Examples of firmware drivers include Video BIOS on video cards, PXE boot drivers for Ethernet adapters, and storage drivers on RAID controllers. They include a variety of types of firmware drivers, including legacy PC-AT, Open Firmware, and EFI option ROMs. These option ROMs also typically provide firmware drivers to the PC.
They are usually stored on a plug-in card, though they can reside on the system board.ĭevices that typically require option ROMs are video cards, network adapters, and storage drivers for RAID modules. Option ROMs (or OpROMs) are firmware run by the PC BIOS during platform initialization. This guide assumes you know the fundamentals of UEFI, basic understanding of Secure Boot (Chapters 1, 2, 13, 20 and 27 of the UEFI specification), and PKI security model.Īppendix A: Alternate approach to testing using unsigned option ROM driversĪppendix B: Scripts for enabling Secure Boot with NULL db This document helps OEMs and ODMs validate that their firmware checks the signatures of its option ROM as part of the Secure Boot chain of trust. SDET, Windows Security & Identity Team, Lin, Engineering Service Engineer, TW-WIN Plan Ecosystem, 1.3 Vishal Manan, Architect, OEM Consulting, Cox, Sr.
0 kommentar(er)
