μEFI - A Microkernel-Style UEFI with Isolation and Transparency

Learn about μEFI, a groundbreaking microkernel-style UEFI isolation framework presented at USENIX ATC '25 that addresses critical security vulnerabilities in modern firmware systems. Discover how researchers from Shanghai Jiao Tong University developed the first isolation framework for UEFI firmware that transparently runs UEFI modules in sandboxes, drawing inspiration from microkernel design principles. Explore the technical implementation of deprivileging UEFI modules to user mode and isolating them in different address spaces, while maintaining transparent execution through innovative trampoline injection and protocol analysis techniques. Understand how this 15-minute conference talk covers the growing security concerns with UEFI Secure Boot, including the increasing number of UEFI-related CVEs and attacks that bypass traditional security measures. Examine the enhanced security mechanisms incorporated into μEFI, including a seccomp-like capability restriction system and automated input validation for detecting and preventing invalid inputs. Review the evaluation results demonstrating successful execution of complex UEFI modules without modifications, achieving minimal performance overhead of just 1.91% during the UEFI boot phase, making this solution both practical and effective for real-world deployment.