4 Replies Latest reply on Oct 15, 2012 3:37 PM by AaLl86

    VMWare Workstation EFI firmware

    AaLl86 Novice

      Hi all!

      I've worked well with VmWare Workstation UEFI firmware and IDA GDB debugger stub. I recently done a Windows 8 UEFI analysis (available here: http://www.itsec.it/2012/09/18/uefi-technology-say-hello-to-the-windows-8-bootkit/).

      Now I would like to investigate on Secureboot. I am able only to use a physical machine (ASUS). I was wondering if someone knows how to insert Secureboot module (SecurityPkg module in EDK specs 2.3.1) in VmWare EFI firmware...


      I've still tried to compile UEDK 2010 "firmware.fv" and to import it in a "vmx" descriptor file adding the following lines:

      efi64.filename = "myEfiFv.rom"


      ...but the VM doesn't start. I figured out that VMWare uefi firmware image is different from standard one (the 2 files compared equals only in EFI_FIRMWARE_VOLUME_HEADER structure).

      Some of you know how to change EFI Firmware with the aim in supporting Ms SecureBoot?


      Thanks very much in advance...



        • 1. Re: VMWare Workstation EFI firmware
          William22 Enthusiast

          Hi  ryall


          Welcome to forum.


          Hope below link will help you as its very informatics.





          "With normal actions you get normal results."http://imagicon.info/cat/5-59/vbsmile.png
          • 2. Re: VMWare Workstation EFI firmware
            AaLl86 Novice

            OK. I know entire Secureboot related stuff... But my question is another: How to enable SecureBoot in VmWare workstation? I know that is needed another UEFI bios (the incorporated one doesn't include SecurityPkg module). How to compile a firmware file with UEDK 2010 compatible with VmWare?

            Thank you!




            • 3. Re: VMWare Workstation EFI firmware
              dariusd Virtuoso
              VMware EmployeesUser Moderators

              Hi Andrea,


              You are always taking on the fun projects! 


              There are no currently-released VMware products that include support for UEFI Secure Boot.  We don't include SecurityPkg, and our Variable Services implementation supports neither EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS nor EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS.  Our release plans are confidential, so I can't say when you'll see a release which does include Secure Boot support.


              It will be a huge task if you want to build your own [U]EFI firmware to run in a VMware virtual machine: Our EFI ROM images contain a quantity of VMware platform-specific code that is not included in the publicly-available EDK/UDK codebases which you'd need to replicate in order to have ROMs that booted at all.


              Sorry, this doesn't help much with your project.





              • 4. Re: VMWare Workstation EFI firmware
                AaLl86 Novice

                Hi Darius!

                I would like to special thank you for right answer, as usual...

                I think that your job in Firmware development is just a bit more fun than mine... Isn't it?

                I've always been curious and attracted to all low-level programming (especially BIOS, EFI, and all related stuff... Did you ever heard something about the BIOS rootkit for example??), but unfortunally with the tools we have here in Italy it would be a bit a mess to let grow this kind of projects...


                Now I know that I can't try to bypass SecureBoot with Workstation, it's a good fact knowing it, at least... I will save some hours in trying it!

                According to eg0n post (available here: http://communities.vmware.com/thread/390128) it would be very great if in version 10 of Workstation there will be implemented SecurityPkg and SourceLevelDebugPkg (both have source code downloadable... I think that they do not require a big development effort, as my personal opinion). The latter one is very usefull in debugging EFI images. I say this, because, at the time of this post, IDA has still some issues with GDB low level EFI debugging (in detail a kind of Symbol lookup problem. I've just signaled this problem to all the good staff @ hex-rays)

                Do you think that maybe I could wait something new about these in future?? :-)


                Thank you!

                Have a nice day! (also if here now it's midnight o'clock).