Dhaval Sharma, Guo Dong; Lightning Talk
The Universal Payload Specification (UPL) defines a standardized interface between the Platform Initialization (bootloader) phase—which sets up system hardware—and the Payload phase. In the context of boot firmware, the Payload is the component responsible for initializing the boot media and launching the operating system. The Universal Payload is designed to be both platform-independent and bootloader-independent, enabling a single payload implementation to work across diverse hardware and firmware environments.
UPL specifies how to format and pass parameters to the Payload, ensuring interoperability between spec-compliant bootloader and Payload stages. This approach allows Payloads to be distributed independently of board firmware, and by formalizing these interfaces, UPL aims to accelerate board bring-up and simplify the integration of open-source firmware components.
This paper will:
- Highlight the need for a universal contract, illustrated with real-world examples from ARM, x86, and RISC-V devices.
- Detail UPL’s table-driven boot flow and its compatibility with existing device tree and FIT tooling.
- Present implementation experience reports for RISC-V platforms using Tianocore as a payload, as well as x86 platforms with SBL and Tianocore.
We conclude that:
The Universal Payload Specification has the potential to become a foundational element for a fully open, reusable, and verifiable firmware ecosystem, and we outline the remaining challenges and future milestones on this path.
Link to the spec:
https://universalpayload.github.io/spec/
Upstreamed patches for reference:
https://github.com/tianocore/edk2/tree/master/UefiPayloadPkg
Jens Drenhaus; Talk
dutctl is a command-line utility and service ecosystem for managing test devices in open-source firmware development environments. By providing a unified interface to interact with development boards across different platforms, dutctl eliminates the fragmentation of device management tools that has long plagued firmware development workflows. The project features remote device control, command streaming, multi-architecture testing, and a flexible plugin architecture for extensibility. Designed for firmware developers, QA teams, and CI/CD pipelines, dutctl simplifies complex device interactions through intuitive commands and comprehensive documentation. The platform supports both local and remote device management through its agent-server architecture, enabling efficient collaboration in distributed teams. With per-commit testing capabilities across multiple architectures, dutctl ensures high-quality firmware releases. We invite the open-source firmware community to try dutctl, contribute to its growth, and help shape its future development of advanced features like automated test sequencing and expanded hardware support.
Sunny Wang; Workshop
Arm SystemReady band compliance is a foundation for enabling the installation and boot of generic off-the-shelf operating systems. This hands-on workshop guides participants through the process of validating Arm-based platforms for SystemReady Band compliance. Attendees will learn how to set up test environments, run open-source compliance test suites (ACS), and interpret results aligned with standards such as BSA, SBSA, and SBBR. The session will use an open platform (RPi4 or Radxa Orion O6) and open-source firmware to demonstrate real-world scenarios, common issues, and best practices. Participants will gain practical knowledge to integrate compliance testing into their development workflows and prepare their platforms for SystemReady band compliance.
Furquan Shaikh; Talk
System software development presents a fundamental challenge that every bare metal project must solve: bridging the gap between the processor's minimal boot state and a fully functional execution environment capable of running high-level code. When a processor first transfers control to system software - whether firmware, kernel, hypervisor, or any bare metal application - it operates in a primitive state with no stack, no memory management, and minimal initialization of the processor. This creates an immediate dependency: before any C, Rust, or other high-level language code can execute, developers must craft assembly routines to establish the required runtime environment for the software component.
The RISC-V architecture's elegant design philosophy amplifies both the opportunity and complexity of this challenge. RISC-V defines two primary base instruction set architectures (ISA) - RV32I (32-bit registers and addresses) and RV64I (64-bit registers and addresses). As articulated in the RISC-V unprivileged specification[1], the ISA represents "the software visible interface to a wide variety of implementations rather than the design of a particular hardware artifact." It also defines RISC-V Execution Environment Interface (EEI), which standardizes critical aspects of program execution: initial processor state, privilege mode behavior (Machine, Supervisor, and User modes), instruction semantics, and interrupt/exception handling. While this standardization creates opportunities for code reuse and shared expertise across RISC-V projects, the reality is that most projects end up implementing similar runtime initialization routines from scratch.
Recognizing this common need, we(Rivos) developed rv-runtime-generator, an open-source Rust-based tool that automates the generation of RISC-V runtime initialization code. Rather than forcing each project to solve the same fundamental problem repeatedly, rv-runtime-generator provides a configurable solution that adapts to diverse system software requirements.
This talk will dive into the architectural design of the rv-runtime-generator tool and provide examples demonstrating its application in the rapid development of runtime environments for RISC-V software components.
Emmanuel Odunlade; Talk
How do small hardware teams avoid death by iteration?
This talk explores how systems engineering tools like Dependency Structure Matrix (DSM), Weighted Decision Matrix, and Tradeoff Studies can help hardware-firmware teams reduce unplanned rework, clarify interdependencies, and make better decisions faster. The talk will explore practical strategies for applying these tools from concept evaluation through firmware release planning.
Sachin Kamat, Ravi Rangarajan; Talk
Debugging is a crucial aspect of firmware development, particularly when bringing up a new platform or when developing a new feature. However, debugging firmware is challenging because of lack of rich debugging environments typically found in operating system-based systems. Effective debugging not only aids in identifying and rectifying errors but also enhances the overall quality, reliability, and performance of the system.
Slim Bootloader supports various debugging techniques and this presentation will delve into a suite of advanced debugging methodologies tailored for SBL, providing developers with a comprehensive toolkit to address and resolve issues during the development phase.
We will explore the following techniques:
1. Tracing/Debug Logging: Enabling detailed logging mechanisms to capture and analyze system behavior, facilitating the identification of anomalies and errors.
2. Post Code via Port 80 LED Display: Utilizing hardware indicators to convey system status and error codes, offering a straightforward method for real-time monitoring and diagnostics.
3. Bootloader Shell Interface Utilization: Leveraging command-line interfaces to interact with the system, enabling direct manipulation and examination of system registers, memory and configurations.
4. Source-Level Debugging with Hardware and Software Tools: Employing sophisticated debugging tools to inspect and modify source code, providing deep insights into system operations and facilitating precise error correction.
5. Python-Based Automated Debugging and Triage Tool: Introducing a Python-driven solution designed to automatically diagnose and identify the location in code causing specific issues, streamlining the debugging process and enhancing efficiency.
Depending on the complexity and nature of the encountered issue, developers can opt for one or a combination of these methods to effectively debug and resolve problems. This presentation aims to equip participants with the knowledge and skills necessary to leverage these techniques, ultimately fostering a more robust and reliable Slim Bootloader development environment.
Jiming Sun, Nandagopal Sathyanarayanan; Talk
Building on our previous discourse on CSP server firmware requirements at OSFC 2024 in Bochum, Germany, this talk presents a transformative vision for cloud system firmware frameworks and efficiency. With cloud servers functioning as specialized embedded systems in controlled data center environments, we're witnessing a paradigm shift in firmware architecture priorities – where security and operational efficiency supersede traditional expandability concerns.
The successful deployment of an open source firmware solution in a major CSP environment in 2024 has validated the possibility of pursuing a smaller and simpler codebase for CSP servers. Combined with technologies like Intel FSP and AMD OpenSIL, we're entering an era of unprecedented flexibility in firmware framework choices. Drawing from AWS's extensive experience, we are exploring an architecture that effectively segregates silicon vendor, ODM, and CSP components while maintaining robust security boundaries.
We'll present a novel vision to creating a hardware-agnostic firmware stack that enhances security, maintainability, and enables differentiated cloud services. Additionally, we'll examine the emerging role of AI in accelerating firmware development and validation – a potential game-changer for the industry.
This forward-looking session will conclude by setting the stage for next year's deeper exploration of AI-driven firmware innovation, inviting the community to collaborate in shaping the future of cloud infrastructure firmware.
Samer El-Haj-Mahmoud; Talk
This talk introduces an open platform and proof-of-concept for developing OpenBMC firmware on Arm servers using the Neoverse Fixed Virtual Platform (FVP). Co-developed by Arm and 9elements, the platform enables early development and validation of BMC features—such as telemetry, RAS logging, and Redfish—before silicon is available. The session highlights system architecture, SBMR-defined interfaces, and key lessons from enabling server manageability in a virtualized Arm environment.
Jean-Marie Verdun; Lightning Talk
Firmware are everywhere into modern servers, we can easily count hundreds of them, including ROM, BMC, PCIe Endpoints, VRM. Maintaining them is a critical task to ensure security. Unfortunately update process is pretty slow, and finding supported and qualified combinations might be a tough task. We will propose during that talk an approach where firmware are automatically downloaded every time a server starts. We will explore various options and will run some demos based on HPE Proliant systems, and envision future of firmware and impact on such technologies on systems optimization for HPC applications.
Samer El-Haj-Mahmoud, John Chung; Workshop
This hands-on workshop guides attendees through running OpenBMC on a virtual Arm server using the Neoverse FVP. Participants will explore server manageability workflows—including telemetry, RAS logging, Redfish, and IPMI—via side-band, in-band, and out-of-band interfaces. Live demonstrations include sending telemetry over MCTP/PLDM and transferring binary logs using PLDM File I/O. The session also features execution of the SBMR Architecture Compliance Suite (SBMR-ACS) to validate manageability conformance in both virtual and hybrid environments.
Sai Chaganty, Ravi Rangarajan; Talk
Intel® FSP (Firmware Support Package) is a critical component in the silicon bring-up processes, traditionally provided by Intel® as a binary to be integrated with a bootloader of customer’s choice (while source is provided for specific purposes).
As the demands of firmware development and enabling evolve, Intel recognizes the need for securing Intel assets like FSP, is more critical than ever. Intel is introducing “Signed FSP and Verified Boot Architecture” to provide integrity protection to Intel® FSP binary. This is the latest addition to the slew of capabilities that are already part of FSP, that will continue to expedite development cycles, enhance co-validation with customers, increase the velocity of deploying fixes in a secure manner and help customers launch products faster into the market.
This strategic shift involves significant architectural changes, such as simplifying bootloader – FSP interactions and implementing a robust signing and verification process through Intel's Root of Trust. These advancements not only harden silicon initialization but also enable standalone Intel® FSP updates in-field, offering a more streamlined approach to firmware development and management.
In this talk, we will explore the motivations behind Intel's Signed FSP approach and the benefits it provides to Intel’s customers. Attendees will gain insights into how these changes transform the boot flow, reduce integration efforts and help to reassign valuable engineering resources from FSP integration and validation to firmware development.
Lei Yu; Talk
This presentation presents a secure alternative to the IPMI lanplus protocol for remote server management, employing an HTTPS interface with WebSocket technology. This design eliminates the need to store plaintext passwords on the BMC, thus mitigating credential leakage risks, and this presentation will demonstrate how this enables completely password-free access to the BMC. By integrating IPMI command passthrough into the bmcweb Redfish implementation, the design reuses Redfish session authentication and privilege models, enabling advanced authentication methods like mutual TLS and SSO. Performance evaluations show that this binary protocol over HTTPS-WebSocket matches native lanplus speed while improving security. The modifications to ipmitool, bmcweb, and ipmid provide a practical, secure, and scalable remote server management solution.
The design doc and the implementation are open-sourced and submitted to OpenBMC and ipmitool for review.
Jeff Andersen, Zachary Halvorsen; Talk
OCP L.O.C.K. (Layered Open-source Cryptographic Key Management) is a multi-pronged effort to strengthen the data confidentiality guarantees of storage devices. The program is centered around the development of an open-source integrated hardware root of trust, built on top of Caliptra, tailored for storage security use-cases. In this talk we present an update on the program, including progress towards a 1.0 release.
Jia, Chunhui; Talk
This talk presents a behavior-based fault injection approach for OpenBMC firmware. By injecting faults at the I/O layer and using real-world failure models, we enhance grey-box testing coverage without modifying code or restarting services. Leveraging tools like Frida and eBPF, our method enables efficient, interpretable, and cross-environment validation of BMC robustness.
Oliver Brewka; Lightning Talk
Provides insights into complex server setups and discusses solutions for managing them within OpenBMC.
Christian Walter; Talk
The European CRA was signed off in December 2024 and will be in full effect in December 2027. The CRA brings in challenges and opportunities for the open-source firmware ecosystem that we want to discuss.
First we will give an overview about the timeline of the European CRA - the CRA itself comes into effect into three phases. Each phase brings certain responsibilities that also open-source projects should follow. The CRA also introduces specific terms i.e. open-source stewards. We will dive into the responsibilities of those.
In the second half of the talk we will look into the opportunities that the CRA brings. CRA could fuel open-source adoption if handled correctly. We will also lay out where the Open-Source Firmware Foundation can support open-source firmware projects to achieve compliance.
Henry Lie; Talk
Keyboards are more than mere tools—they’re gateways to productivity and creativity for digital denizens. This talk delves into the world of DIY open source keyboards and the open source firmware that brings them to life. Attendees will explore how building a customized keyboard not only improves ergonomics and efficiency but also showcases the power of open source collaboration. Whether you're building your own keyboard or contributing to firmware codebases, this talk will highlight what’s possible when users take control of the firmware behind the keys.
Paul Grimes, Abner Chang; Lightning Talk
In the server host firmware ecosystem, a unified platform configuration format and a host firmware-agnostic configuration change method are essential for ensuring server platform interoperability. This approach aims to reduce redundant efforts required to support various configuration formats and change methods across all open-source host firmware solutions. By eliminating dependencies on traditional platform configuration tools, such as legacy BIOS setup during system boot, we can provide a consistent experience for configuring or deploying server platform configurations across different host firmware solutions."
Leon Gross; Lightning Talk
u-Root's versatility enables us to deploy memory-safe Go code to small places we need firmware in. But some places are tinier than others, and Go binaries are not generally known for their compactness.
The solution for that might be to change your go compiler, from upstream go to tinygo: "a compiler for small places".
In this talk, we will show the efforts, achievements, and pitfalls we encountered while enabling u-root builds using tinygo. Furthermore, we will provide an outlook on the near future of tinygo enablement and offer an overview of the remaining roadblocks.
Prachotan Reddy Bathi; Lightning Talk
In a world where trust is built byte by byte, measured boot is fast becoming the foundation of trust in modern systems. But realizing it across a layered, multi-vendor firmware stack is anything but trivial.
We’ll take a tour through how Arm is enabling a new level of transparency and integrity weaving together diverse open-source boot-stage components, Trusted Firmware-A (TF-A), EDK2, and Linux, into a cohesive measured boot pipeline. At the heart of this effort is the Firmware Handoff specification, acting as the stitching thread, passing cryptographic measurements, metadata, and control between stages.
We’ll trace the flow of measurements from secure world to UEFI to kernel, and explore how Arm’s platform architecture, tooling, and upstream contributions are making this not just possible, but practical. Along the way, we’ll connect the dots to TPM-backed attestation, event logging, and remote verification. Whether you're a firmware developer, security architect, or just a fan of elegant handoffs, join us to see how open firmware is chatting.
Andrea Barisani; Talk
TamaGo is a framework that enables compilation and execution of unencumbered Go applications on bare metal.
This talk covers recent updates of the TamaGo framework which greatly expands its scope and reach, allowing unikernel firmware deployment not only on embedded systems, but also on x86_64 bootloaders and under KVMs.
Jay Talbott; Talk
Many people are unaware that open-source firmware is being used in embedded systems for the United States Department of Defense (DoD). For obvious reasons, details about this kind of work cannot be discussed publicly, which is why you don't hear much about it.
For the past 8 years SysPro Consulting has been developing boot firmware solutions for Intel-based embedded hardware that has been integrated into various kinds of DoD military equipment, ranging from aircraft to ground vehicles to naval vessels, and more. These boot firmware solutions have been based on open-source projects such as coreboot and Slim Bootloader integrated with Intel's Firmware Support Package (FSP).
Working on boot firmware for DoD programs as a supplier within the U.S. Defense Industrial Base (DIB) comes with many unique challenges and requirements compared to working on boot firmware for commercial products. These firmware solutions commonly include unique / out-of-the-box features and requirements that present complex engineering challenges to implement and support.
This talk will present many of the differences that come with developing boot firmware solutions for embedded military applications, both from an engineering perspective as well as a business perspective.