Yes, thank you Peabo Bryson and Roberta Flack for the title inspiration:
With all due respect to Peabo and Roberta, this is actually an awkward introduction to a UEFI BIOS development you may not have heard of: the Linux UEFI Validation project and its luvOS live Linux image.
luvOS is a customized Yocto Linux distribution designed to foster OS-side testing of the UEFI interfaces. You burn the live Linux image to a flash drive, have your test system boot to it, and it will automatically test the various UEFI interfaces that OSes, particularly Linux, rely on. A “live Linux image” is a ready-to-boot OS that runs from removable media, e.g. SD card or USB flash drive, without having to be installed on a hard disk.
From Intel’s UEFI Community Resource Center:
Currently, the validation of UEFI firmware implementations is mainly based on the UEFI Self-Certification Tests (SCT). This tool is great to test the quality of the firmware implementation in a preboot environment. However, testing only in a preboot environment also means that the firmware is tested in isolation from the OS. Thus, even if all the preboot tests pass, those results may not necessarily predict that the interaction between the OS and the firmware will be smooth and flawless. A testing scheme based only on preboot tests is not enough. After all, in the real world, the firmware will need to work not in isolation but in close interaction with the OS.
The firmware-OS interactions do not stop once the system has booted and the control is handed over to the OS. We still have the UEFI runtime services. It may seem at first that runtime services are about just writing and reading variables and nothing can possibly go wrong with that. Yet, it was discovered recently that a system could be bricked by simply writing too many variables. Low quality (not to mention malicious) software may take advantage of these kinds of scenarios to bring whole systems down. The situation is worrisome if one considers the attacker may target the thousands of systems around the world having the same firmware. No single test suite run in isolation, either at preboot time or runtime, could possibly catch bugs in such scenarios.
The end result is that bugs, either in the firmware or OS implementation, evade detection and are ultimately discovered for the first time by end-users. At this point, it's too late, as usually all the developers has moved on to new projects. The only solution is to fix the bugs in the OS. For Linux, because we aim to run on pretty much any hardware, this has resulted in the kernel adopting a "least common denominator" approach to UEFI support, or if you will a "support the most buggy implementation" mantra.
The luvOS is a new distribution based on the Yocto Project which incorporates existing open source test suites into a single, easy-to-use live image. The virtue of creating a new specialised OS solely for validation is that it becomes possible to validate all phases of OS execution from the moment firmware hands over control. In other words, it's possible to test how each of the bootloader, OS kernel and userland environments interact with UEFI, and then report the results in a consistent way.
I burned the luvOS 1.0 .IMG file to a USB flash drive to perform the testing. I was successful in both Linux and Windows, although Windows was a little more difficult.
For Linux, I used the dd command:
For Windows, originally I tried a utility called Linux Live USB Creator. Unfortunately this pretended to work: I was able to boot to the flash drive, but nothing happened. To be fair, they say .IMG support is still under development.
There are versions of dd for Windows. I tried the one from UnixUtils, but wasn’t sure how to specify a Windows drive letter as a Unix device path, so rather than spend a lot of energy researching that I moved on.
The alternative that worked well was the open-source Win32 Disk Imager utility I found on Sourceforge.
Running the Tests
The tests are run unattended and took around twenty minutes in my experience.
luvOS tests many things:
- SMI latency
- EFI variables
- processor c-states
- … and more
… and also includes running the Intel BITS test suite, as discussed in a previous blog post. Checkout my results (following) to get an idea of the scope of the tests.
The results are generated in their own partition on the removable media. I was never able to get the results from within Windows 8.1. The Disk Manager console detected the drive and partitions, but was unable to assign a drive letter to the partition containing the results. From Linux, I mounted the results partition with the command:
sudo mount /dev/sdb2 /mnt
(your device path may vary)
I’ve placed a .zip of my results at this link.
I think luvOS is a must-have new validation tool, and nicely complements both the SCT as well as Microsoft’s UEFI HCT tests. luvOS has been in development for some time, but only went 1.0 on 30 Sep 2014, and 1.1 on 7 Oct 2014. The source is available on Github. I think Matt and Ricardo would appreciate the community downloading and running luvOS. They welcome issue reports, comments, and suggestions.