Details are to be announced when the event is getting closer.

To be announced

How do small hardware teams avoid death by iteration?
This talk explores how systems engineering tools like Dependency Structure Matrix (DSM), Weighted Decision Matrix, and Tradeoff Studies can help hardware-firmware teams reduce unplanned rework, clarify interdependencies, and make better decisions faster. The talk will explore practical strategies for applying these tools from concept evaluation through firmware release planning.

System software development presents a fundamental challenge that every bare metal project must solve: bridging the gap between the processor's minimal boot state and a fully functional execution environment capable of running high-level code. When a processor first transfers control to system software - whether firmware, kernel, hypervisor, or any bare metal application - it operates in a primitive state with no stack, no memory management, and minimal initialization of the processor. This creates an immediate dependency: before any C, Rust, or other high-level language code can execute, developers must craft assembly routines to establish the required runtime environment for the software component.

The RISC-V architecture's elegant design philosophy amplifies both the opportunity and complexity of this challenge. RISC-V defines two primary base instruction set architectures (ISA) - RV32I (32-bit registers and addresses) and RV64I (64-bit registers and addresses). As articulated in the RISC-V unprivileged specification[1], the ISA represents "the software visible interface to a wide variety of implementations rather than the design of a particular hardware artifact." It also defines RISC-V Execution Environment Interface (EEI), which standardizes critical aspects of program execution: initial processor state, privilege mode behavior (Machine, Supervisor, and User modes), instruction semantics, and interrupt/exception handling. While this standardization creates opportunities for code reuse and shared expertise across RISC-V projects, the reality is that most projects end up implementing similar runtime initialization routines from scratch.

Recognizing this common need, we(Rivos) developed rv-runtime-generator, an open-source Rust-based tool that automates the generation of RISC-V runtime initialization code. Rather than forcing each project to solve the same fundamental problem repeatedly, rv-runtime-generator provides a configurable solution that adapts to diverse system software requirements.

This talk will dive into the architectural design of the rv-runtime-generator tool and provide examples demonstrating its application in the rapid development of runtime environments for RISC-V software components.

dutctl is a command-line utility and service ecosystem for managing test devices in open-source firmware development environments. By providing a unified interface to interact with development boards across different platforms, dutctl eliminates the fragmentation of device management tools that has long plagued firmware development workflows. The project features remote device control, command streaming, multi-architecture testing, and a flexible plugin architecture for extensibility. Designed for firmware developers, QA teams, and CI/CD pipelines, dutctl simplifies complex device interactions through intuitive commands and comprehensive documentation. The platform supports both local and remote device management through its agent-server architecture, enabling efficient collaboration in distributed teams. With per-commit testing capabilities across multiple architectures, dutctl ensures high-quality firmware releases. We invite the open-source firmware community to try dutctl, contribute to its growth, and help shape its future development of advanced features like automated test sequencing and expanded hardware support.

This presentation presents a secure alternative to the IPMI lanplus protocol for remote server management, employing an HTTPS interface with WebSocket technology. This design eliminates the need to store plaintext passwords on the BMC, thus mitigating credential leakage risks, and this presentation will demonstrate how this enables completely password-free access to the BMC. By integrating IPMI command passthrough into the bmcweb Redfish implementation, the design reuses Redfish session authentication and privilege models, enabling advanced authentication methods like mutual TLS and SSO. Performance evaluations show that this binary protocol over HTTPS-WebSocket matches native lanplus speed while improving security. The modifications to ipmitool, bmcweb, and ipmid provide a practical, secure, and scalable remote server management solution.

The design doc and the implementation are open-sourced and submitted to OpenBMC and ipmitool for review.

This talk introduces an open platform and proof-of-concept for developing OpenBMC firmware on Arm servers using the Neoverse Fixed Virtual Platform (FVP). Co-developed by Arm and 9elements, the platform enables early development and validation of BMC features—such as telemetry, RAS logging, and Redfish—before silicon is available. The session highlights system architecture, SBMR-defined interfaces, and key lessons from enabling server manageability in a virtualized Arm environment.

This talk presents a behavior-based fault injection approach for OpenBMC firmware. By injecting faults at the I/O layer and using real-world failure models, we enhance grey-box testing coverage without modifying code or restarting services. Leveraging tools like Frida and eBPF, our method enables efficient, interpretable, and cross-environment validation of BMC robustness.

Details are to be announced when the event is getting closer.

Details are to be announced when the event is getting closer.

Intel® FSP (Firmware Support Package) is a critical component in the silicon bring-up processes, traditionally provided by Intel® as a binary to be integrated with a bootloader of customer’s choice (while source is provided for specific purposes).
As the demands of firmware development and enabling evolve, Intel recognizes the need for securing Intel assets like FSP, is more critical than ever. Intel is introducing “Signed FSP and Verified Boot Architecture” to provide integrity protection to Intel® FSP binary. This is the latest addition to the slew of capabilities that are already part of FSP, that will continue to expedite development cycles, enhance co-validation with customers, increase the velocity of deploying fixes in a secure manner and help customers launch products faster into the market.
This strategic shift involves significant architectural changes, such as simplifying bootloader – FSP interactions and implementing a robust signing and verification process through Intel's Root of Trust. These advancements not only harden silicon initialization but also enable standalone Intel® FSP updates in-field, offering a more streamlined approach to firmware development and management.
In this talk, we will explore the motivations behind Intel's Signed FSP approach and the benefits it provides to Intel’s customers. Attendees will gain insights into how these changes transform the boot flow, reduce integration efforts and help to reassign valuable engineering resources from FSP integration and validation to firmware development.

OCP L.O.C.K. (Layered Open-source Cryptographic Key Management) is a multi-pronged effort to strengthen the data confidentiality guarantees of storage devices. The program is centered around the development of an open-source integrated hardware root of trust, built on top of Caliptra, tailored for storage security use-cases. In this talk we present an update on the program, including progress towards a 1.0 release.

Many people are unaware that open-source firmware is being used in embedded systems for the United States Department of Defense (DoD). For obvious reasons, details about this kind of work cannot be discussed publicly, which is why you don't hear much about it.

For the past 8 years SysPro Consulting has been developing boot firmware solutions for Intel-based embedded hardware that has been integrated into various kinds of DoD military equipment, ranging from aircraft to ground vehicles to naval vessels, and more. These boot firmware solutions have been based on open-source projects such as coreboot and Slim Bootloader integrated with Intel's Firmware Support Package (FSP).

Working on boot firmware for DoD programs as a supplier within the U.S. Defense Industrial Base (DIB) comes with many unique challenges and requirements compared to working on boot firmware for commercial products. These firmware solutions commonly include unique / out-of-the-box features and requirements that present complex engineering challenges to implement and support.

This talk will present many of the differences that come with developing boot firmware solutions for embedded military applications, both from an engineering perspective as well as a business perspective.

The European CRA was signed off in December 2024 and will be in full effect in December 2027. The CRA brings in challenges and opportunities for the open-source firmware ecosystem that we want to discuss.

First we will give an overview about the timeline of the European CRA - the CRA itself comes into effect into three phases. Each phase brings certain responsibilities that also open-source projects should follow. The CRA also introduces specific terms i.e. open-source stewards. We will dive into the responsibilities of those.

In the second half of the talk we will look into the opportunities that the CRA brings. CRA could fuel open-source adoption if handled correctly. We will also lay out where the Open-Source Firmware Foundation can support open-source firmware projects to achieve compliance.

Keyboards are more than mere tools—they’re gateways to productivity and creativity for digital denizens. This talk delves into the world of DIY open source keyboards and the open source firmware that brings them to life. Attendees will explore how building a customized keyboard not only improves ergonomics and efficiency but also showcases the power of open source collaboration. Whether you're building your own keyboard or contributing to firmware codebases, this talk will highlight what’s possible when users take control of the firmware behind the keys.

TamaGo is a framework that enables compilation and execution of unencumbered Go applications on bare metal.

This talk covers recent updates of the TamaGo framework which greatly expands its scope and reach, allowing unikernel firmware deployment not only on embedded systems, but also on x86_64 bootloaders and under KVMs.

Building on our previous discourse on CSP server firmware requirements at OSFC 2024 in Bochum, Germany, this talk presents a transformative vision for cloud system firmware frameworks and efficiency. With cloud servers functioning as specialized embedded systems in controlled data center environments, we're witnessing a paradigm shift in firmware architecture priorities – where security and operational efficiency supersede traditional expandability concerns.
The successful deployment of an open source firmware solution in a major CSP environment in 2024 has validated the possibility of pursuing a smaller and simpler codebase for CSP servers. Combined with technologies like Intel FSP and AMD OpenSIL, we're entering an era of unprecedented flexibility in firmware framework choices. Drawing from AWS's extensive experience, we are exploring an architecture that effectively segregates silicon vendor, ODM, and CSP components while maintaining robust security boundaries.
We'll present a novel vision to creating a hardware-agnostic firmware stack that enhances security, maintainability, and enables differentiated cloud services. Additionally, we'll examine the emerging role of AI in accelerating firmware development and validation – a potential game-changer for the industry.
This forward-looking session will conclude by setting the stage for next year's deeper exploration of AI-driven firmware innovation, inviting the community to collaborate in shaping the future of cloud infrastructure firmware.

Debugging is a crucial aspect of firmware development, particularly when bringing up a new platform or when developing a new feature. However, debugging firmware is challenging because of lack of rich debugging environments typically found in operating system-based systems. Effective debugging not only aids in identifying and rectifying errors but also enhances the overall quality, reliability, and performance of the system.

Slim Bootloader supports various debugging techniques and this presentation will delve into a suite of advanced debugging methodologies tailored for SBL, providing developers with a comprehensive toolkit to address and resolve issues during the development phase.

We will explore the following techniques:
1. Tracing/Debug Logging: Enabling detailed logging mechanisms to capture and analyze system behavior, facilitating the identification of anomalies and errors.
2. Post Code via Port 80 LED Display: Utilizing hardware indicators to convey system status and error codes, offering a straightforward method for real-time monitoring and diagnostics.
3. Bootloader Shell Interface Utilization: Leveraging command-line interfaces to interact with the system, enabling direct manipulation and examination of system registers, memory and configurations.
4. Source-Level Debugging with Hardware and Software Tools: Employing sophisticated debugging tools to inspect and modify source code, providing deep insights into system operations and facilitating precise error correction.
5. Python-Based Automated Debugging and Triage Tool: Introducing a Python-driven solution designed to automatically diagnose and identify the location in code causing specific issues, streamlining the debugging process and enhancing efficiency.

Depending on the complexity and nature of the encountered issue, developers can opt for one or a combination of these methods to effectively debug and resolve problems. This presentation aims to equip participants with the knowledge and skills necessary to leverage these techniques, ultimately fostering a more robust and reliable Slim Bootloader development environment.

Details are to be announced when the event is getting closer.

Details are to be announced when the event is getting closer.

This hands-on workshop guides attendees through running OpenBMC on a virtual Arm server using the Neoverse FVP. Participants will explore server manageability workflows—including telemetry, RAS logging, Redfish, and IPMI—via side-band, in-band, and out-of-band interfaces. Live demonstrations include sending telemetry over MCTP/PLDM and transferring binary logs using PLDM File I/O. The session also features execution of the SBMR Architecture Compliance Suite (SBMR-ACS) to validate manageability conformance in both virtual and hybrid environments.

In a world where trust is built byte by byte, measured boot is fast becoming the foundation of trust in modern systems. But realizing it across a layered, multi-vendor firmware stack is anything but trivial.
We’ll take a tour through how Arm is enabling a new level of transparency and integrity weaving together diverse open-source boot-stage components, Trusted Firmware-A (TF-A), EDK2, and Linux, into a cohesive measured boot pipeline. At the heart of this effort is the Firmware Handoff specification, acting as the stitching thread, passing cryptographic measurements, metadata, and control between stages.
We’ll trace the flow of measurements from secure world to UEFI to kernel, and explore how Arm’s platform architecture, tooling, and upstream contributions are making this not just possible, but practical. Along the way, we’ll connect the dots to TPM-backed attestation, event logging, and remote verification. Whether you're a firmware developer, security architect, or just a fan of elegant handoffs, join us to see how open firmware is chatting.

Presenter: Felix Polyudov, AMI

UEFI is successfully standardizing OS to firmware interfaces. However, the ever-increasing complexity and diversity of modern platforms introduces new challenges in the firmware space. One of the efforts aimed at addressing some of these issues is spearheaded by the OCP Open Platform Firmware project. The presentation will cover Open Silicon Initialization Interface and Unified Platform Configuration Interface OPF efforts and discuss their effect on the UEFI ecosystem.

These sessions are exclusive for UEFI members.

The Universal Payload Specification (UPL) defines a standardized interface between the Platform Initialization (bootloader) phase—which sets up system hardware—and the Payload phase. In the context of boot firmware, the Payload is the component responsible for initializing the boot media and launching the operating system. The Universal Payload is designed to be both platform-independent and bootloader-independent, enabling a single payload implementation to work across diverse hardware and firmware environments.
UPL specifies how to format and pass parameters to the Payload, ensuring interoperability between spec-compliant bootloader and Payload stages. This approach allows Payloads to be distributed independently of board firmware, and by formalizing these interfaces, UPL aims to accelerate board bring-up and simplify the integration of open-source firmware components.

This paper will:
- Highlight the need for a universal contract, illustrated with real-world examples from ARM, x86, and RISC-V devices.
- Detail UPL’s table-driven boot flow and its compatibility with existing device tree and FIT tooling.
- Present implementation experience reports for RISC-V platforms using Tianocore as a payload, as well as x86 platforms with SBL and Tianocore.

We conclude that:
The Universal Payload Specification has the potential to become a foundational element for a fully open, reusable, and verifiable firmware ecosystem, and we outline the remaining challenges and future milestones on this path.

Link to the spec:
https://universalpayload.github.io/spec/

Upstreamed patches for reference:
https://github.com/tianocore/edk2/tree/master/UefiPayloadPkg

Presenter: Nnamdi Ajah, Cloudflare

At web-scale, managing UEFI configurations across thousands of globally distributed servers from multiple vendors is operationally complex. Inconsistent interfaces, undocumented settings, and different tooling from different vendors lead to inefficiencies and toil. Additionally, Redfish support is often inconsistent across many UEFI firmware implementations. To address these issues, a vendor-neutral tool was developed that can run in either EFI or iPXE shells and integrates with existing configuration management systems like Salt, thus enabling standardized, seamless, large-scale UEFI configuration. This approach improves fleet-wide consistency, reduces human error, removes the need for vendor turnaround to implement settings, and eliminates the need for vendor-specific knowledge—allowing teams to manage firmware settings reliably and efficiently across diverse hardware, from a single interface.

Provides insights into complex server setups and discusses solutions for managing them within OpenBMC.

Presenter: Aaron Rossetto, Cirrus Logic

What can you do when a customer requirement calls for a DXE driver, but you lack the ability to build a custom platform BIOS to test your driver? You could test the driver from the UEFI Shell, but that doesn’t represent a realistic customer deployment scenario, thus leaving a significant gap in your testing coverage. Using virtualization techniques such as PCI passthrough in conjunction with open source technologies like QEMU (Quick Emulator) and OVMF (the Open Virtual Machine Framework) can facilitate the testing and deployment of a DXE driver in a platform that mimics a customer's system, providing valuable insight into the driver deployment process and a high level of confidence in the quality and stability of the solution.

Firmware are everywhere into modern servers, we can easily count hundreds of them, including ROM, BMC, PCIe Endpoints, VRM. Maintaining them is a critical task to ensure security. Unfortunately update process is pretty slow, and finding supported and qualified combinations might be a tough task. We will propose during that talk an approach where firmware are automatically downloaded every time a server starts. We will explore various options and will run some demos based on HPE Proliant systems, and envision future of firmware and impact on such technologies on systems optimization for HPC applications.

Presenter: Alex Matrosov, Binarly & Fabio Pagani, Binarly

Several key management failures have impacted UEFI vendors in recent years. During this talk, we’ll discuss data breaches that exposed private keys — including Boot Guard keys — and explore both the immediate and ongoing consequences these incidents have had on the ecosystem. Additionally, we’ll discuss how products were shipped with expired, debug, or non-production certificates, which have further increased security risks. Using the latest data from the UEFI ecosystem, we’ll provide fresh insights into these persistent, long-standing issues and their current impact.

u-Root's versatility enables us to deploy memory-safe Go code to small places we need firmware in. But some places are tinier than others, and Go binaries are not generally known for their compactness.
The solution for that might be to change your go compiler, from upstream go to tinygo: "a compiler for small places".
In this talk, we will show the efforts, achievements, and pitfalls we encountered while enabling u-root builds using tinygo. Furthermore, we will provide an outlook on the near future of tinygo enablement and offer an overview of the remaining roadblocks.

In the server host firmware ecosystem, a unified platform configuration format and a host firmware-agnostic configuration change method are essential for ensuring server platform interoperability. This approach aims to reduce redundant efforts required to support various configuration formats and change methods across all open-source host firmware solutions. By eliminating dependencies on traditional platform configuration tools, such as legacy BIOS setup during system boot, we can provide a consistent experience for configuring or deploying server platform configurations across different host firmware solutions."

Presenter: Michael Kubacki, Microsoft

A new open-source project called Patina is transforming UEFI firmware from the core up! This session will present how Patina is enhancing firmware safety and reliability starting with a DXE Core written in Pure Rust for ARM64 and X64. We’ll explore Patina's architecture, legacy debt solutions, and status. Looking forward, we’ll examine the roadmap and platform integration details. We aim to inspire you to use Rust and modern tools so we can build the next generation of firmware together.

Presenter: Mohamad Saleh, Insyde & Sean Loe, Insyde

As firmware becomes an increasingly targeted layer in modern systems, Firmware Capsule Updates are emerging as a critical mechanism for maintaining platform integrity. Firmware Capsule Updates provide a secure, standardized mechanism for delivering critical updates across diverse platform components—from BIOS/UEFI and CPU Microcode to TPMs, storage devices, and advanced security technologies like Intel TDX and AMD SEV.
The presentation will highlight how capsule updates provide secure, authenticated, and rollback-protected delivery of firmware updates across diverse hardware, as well as how it is an essential firmware-level component for new technologies such as DMR (Dynamic Microcode Replacement). Attendees will gain insight into how capsule-based delivery simplifies platform maintenance and lifecycle management, enhances security posture, and integrates seamlessly with OS-level interfaces to support scalable and resilient infrastructure.

In the first 30-45 minutes, we will provide an overview of the evolution and current status of the Arm UEFI/ACPI firmware ecosystem and the Arm SystemReady compliance program (a foundation for enabling the installation and boot of generic off-the-shelf operating systems on Arm systems). We will focus on the adoption of Arm system architecture specifications such as BSA, SBSA, and SBBR (UEFI, ACPI, SMBIOS), and examine their roles in enabling the installation and boot of generic operating systems. We will also highlight open platforms and firmware implementations available for development or reference, including support through open-source repositories from Arm and its partners.

Following the overview, we will move to a hands-on workshop session that guides participants through the process of validating Arm-based platforms for SystemReady Band compliance. Attendees will learn how to set up test environments, run open-source compliance test suites (ACS), and interpret results aligned with standards such as BSA, SBSA, and SBBR. The session will use an open platform (RPi4, Radxa Orion O6, or Arm Infrastructure FVP) and open-source firmware to demonstrate real-world scenarios, common issues, and best practices. Participants will gain practical knowledge to integrate compliance testing into their development workflows and prepare their platforms for SystemReady band compliance.

Equipment (Choose one of the following setups for hands-on activities)
1. An Arm device, a USB stick, a USB serial cable, and a laptop
- Participants can bring their own Arm device that uses ACPI/UEFI firmware to follow along with the hands-on activities led by the speaker.
- Recommended devices are SystemReady SR/ES certified devices, such as Radxa Orion O6, RPi4, and so on. For a full list, see https://www.arm.com/architecture/system-architectures/systemready-compliance-program/systemready-past-certifications.
- The laptop USB port must be unblocked, so we can write the test suite image to the USB stick.
2. A laptop that can run FVP locally or remotely
- Participants who prefer to use Infrastructure FVP (emulator) can follow the setup instructions https://developer.arm.com/documentation/102677/0500/Set-up-the-RD-N2-FVP/Set-up-the-host-machine-and-download-the-software-stack?lang=en to set up the FVP on a Linux-based system that can be accessed during the workshop.

OpenMic 2025 - The stage is yours! Hand-in a talk spontaneously on site!
Submit your idea here: (Will be announced during the event)

Details are to be announced when the event is getting closer.

This is the part of the UEFI DevCon, that is exclusive for UEFI members.

These sessions are exclusive for UEFI members.