Recently Intel presented the development of a new firmware architecture Universal Scalable Firmware (USF) which is destined to simplify development of all components of the firmware software stack for a variety of device categories, from servers to systems on a chip (SoC).
USF provides layers of abstraction to separate initialization logic from low-level hardware of the platform components responsible for configuring, update firmware, protect and boot the operating system.
USF has a modular structure that is not tied to specific solutions y allows to use multiple existing projects They implement hardware initialization and boot stages, such as the TianoCore EDK2 UEFI stack, the minimalist Slim Bootloader firmware, the U-Boot bootloader, and the CoreBoot platform.
UEFI interface, LinuxBoot layer (for direct Linux kernel loading), VaultBoot (verified boot), and ACRN hypervisor can be used as payload environments to find the bootloader and transfer control to the operating system, in addition typical interfaces such as ACPI, UEFI, Kexec and Multi-boot are provided for operating systems.
Intel's USF specifications consist of two parts: an internal Intel specification that covers the construction of the SOC and its internal interfaces (IP HW and IP FW); and an external industry specification covering interfaces for SOCs, platforms, and OS payloads, as well as building and managing complete firmware products and solutions (i.e. how to initialize, configure, integrate, boot, upgrade, and maintain ). The external specification is open to active feedback and collaboration from industry and technology partners. The external specification version at the initial release is intentionally beginning in a preliminary review so that technology partners have the opportunity to help improve its content and direction before the finalization of v1.0.
USF define a firmware support package layer A separate FSP that interfaces with the generic and custom Platform Orchestration Layer (POL) through a common API. FSP abstracts operations such as CPU restart, hardware initialization, SMM (system management mode), authentication and verification at the SoC level.
The orchestration layer simplifies the creation of ACPI interfaces, it also supports generic payload libraries and allows the use of the Rust language to create secure firmware components and also allows you to define the configuration using the YAML markup language. POL also performs attestation (confirmation of authenticity), authentication and organization of the secure installation of updates.
With USF, we hope to help address industry weaknesses in firmware development, reduce complexity, accelerate innovation, improve firmware quality and security, and enable future firmware flexibility and scalability on CPUs and XPUs.
The new architecture is expected to allow:
- Reduce the complexity and cost of developing firmware for new devices by reusing standard out-of-the-box component code, a modular architecture that is not tied to specific loaders, and the ability to use a universal API to configure modules.
- Improve firmware quality and security by using verifiable modules for interaction with equipment and a more secure infrastructure for firmware verification and authentication.
- Use different chargers and payload components, depending on the tasks to be solved.
- Accelerate the advancement of new technologies and shorten the development cycle - Developers can focus only on adding specific functionality, otherwise use proven, out-of-the-box components.
- Scale firmware development for various Mixed Computing Architectures (XPUs), for example including, in addition to the CPU, an integrated discrete graphics accelerator (dGPU) and programmable network devices to accelerate network operations in data centers that provide cloud systems (IPU), Infrastructure Processing Unit).
Finally for those interested in knowing more about it, they should know that a draft specification and implementation of the typical elements of the USF architecture is already available are posted on GitHub.