Pace Enterprise Training | Bridging knowledge gaps
Pace Enterprise Training by 3mdeb helps companies to bridge knowledge gaps and accelerate engineering team readiness, delivered by trainers with years of hands-on experience with collaborative open-source and commercial software development.
Overview
- modern x86 architecture
- firmware design principles by examples
- boot flow from power on to system take off
- Coreboot walk through
- firmware build process based on Coreboot
- coreboot developer workflow
- remote testing environment
- SPI flash theory of operation
- flashing and debugging tools
- writing payloads hands-on workshop
- FSP – from theory to integration
- firmware security basics in Coreboot ecosystem
- MinnowBoard – hands-on workshop using previously
- gained knowledge
Audience
For developers that are:
- familiar with Embedded Linux development and BSP building
- porting and maintaining Coreboot supported mainboards.
Duration
5 days
40 hours (8h/day)
70% lectures
30% hands-on workshop
Materials
All training materials presentations and source code will be available for customer internal usage.Language
EnglishOverview
- Open source development overview
- Brief history of Linux
- Linux kernel introduction
- Using Git for source code management
- Introduction to Embedded Linux
- Getting kernel source code
- Linux kernel configuration and compilation
- Cross development
- Linux kernel modules
- Character device drivers
- Linux kernel debugging
- Device Tree files
- Typical Embedded Linux bootloaders
- Introduction to Build Systems
- Building custom Embedded Linux system for typical hardware target
- Embedded Linux tools
- Embedded Linux application development and debugging
Audience
For engineers who want to get familiar with Embedded Linux development and BSP building. No prior experience in this area is required. Some basic experience with desktop Linux usage (Command Line Interface) is recommended.Duration
4 days
32 hours (8h/day)
50% lectures
50% hands-on workshop
Materials
All training materials presentations and source code will be available for customer internal usage.Language
EnglishOverview
- Based on OST2 Arch4001, Arch4021, TC3001, TC3011 and TC3211
- UEFI introduction
- Modern x86 architecture
- Where is firmware and why blobs
- Intel x86 feature set and boot process
- Intel Root of Trust Technologies
- Other Root of Trust technologies overview
- Intel Management Engines features, vPRO, me_cleaner
- Workshops using Intel Skylake-based COMe module showing the process of enabling Boot Guard and practical examples of its features
Audience
Experienced software and security engineers. Up to 10 participants per session.Duration
4 days
17 hours (8h/day)
100% lectures
Materials
All training materials presentations and source code will be available for the client’s internal usage.Language
EnglishOverview
- Based on OST2 Arch2001, Arch4001 and Arch4021
- x86 assembly
- x86 operating system internals
- x86 boot process
- PCI and PCI Express
- Modern Intel system architecture
- DMA and IOMMU
- ISA and Plug and Play
- Debugging with GDB and core dumps
- System emulation with QEMU
- UEFI introduction
- UEFI Secure Boot
- Introduction to Roots of Trust and Trusted Computing Technologies
Audience
Beginner software and security engineers. Up to 8 participants per session.Duration
9 days
37 hours (4h/day usually, except for once 5h/day)
of lectures with hands-on labs
Materials
All training materials presentations and source code will be available for the client’s internal usage.Language
EnglishOverview
- Overview of an Embedded Linux system architecture
- Overview of the Yocto Project and OpenEmbedded ecosystem
- Using Yocto Project documentation
- Building emulation image
- Building image for the development board
- Board Support Packages and Yocto Project metadata
- Customizing the build with layers
- Image customization
- Extending existing recipes
- Overview of some of the existing build systems (Autotools,
- CMake, Meson)
- Creating a custom recipe
- Creating a custom image
- Creating a custom machine configuration
- Linux Kernel Development in Yocto Project
- Overview of the available system update mechanisms
- Security hardening
- Runtime packages management
- Troubleshooting build failures
- Using the Yocto Project SDK
- Using the Toaster web interface
- Working with licenses
- System image optimization
Audience
Engineers familiar with Embedded Linux development and BSP building. Passing our Building and Development of Embedded Linux Systems training first is recommended.Duration
4 days
28 hours (7h/day)
40% lectures
60% hands-on workshop
Materials
All training materials presentations and source code will be available for customer internal usage.Language
EnglishOverview
- modern x86 architecture
- boot flow from power on to system take off
- understanding Intel security features
- attacking Intel security features
- overview most popular UEFI forensics tools
- firmware weakness analysis
- SMM known attacks – theory and practice
- TPM
- Intel TXT and SGX
- UEFI variables and S3 attacks
- Update mechanism exploitation
- Non UEFI attack vectors WiFi/BT/3G/4G and USB
- DMA as an attack vector
- recent Lenovo and Dell vulnerabilities
Audience
Minimal knowledge of Python is required.Duration
5 days
40 hours (8h/day)
70% lectures
30% hands-on workshop
Materials
All training materials presentations and source code will be available for customer internal usage.Language
EnglishOverview
- Memory protection mechanisms in UEFI
- Boot Service and Runtime Services hands-on
- UEFI Authenticated Variables
- Virtualization in firmware and its use cases
- System Management Mode deep dive
- SMI Transfer Monitor design and practical use cases
- ACPI in UEFI
- SecurityPkg and CryptoPkg use cases
Audience
Engineers with very good knowledge of Linux, C and Python. Good knowledge of computer systems architecture is required. Preferred audience after accomplishing 3mdeb UEFI fundamentals training or similar.Duration
5 days
40 hours (8h/day)
50% lectures
50% hands-on workshop
Materials
All training materials presentations and source code will be available for customer internal usage.Language
EnglishOverview
- UEFI and PI specification overview
- UEFI development workflow and hardware interaction
- EDK2 code infrastructure and build process
- Detailed analysis of UEFI and PI boot flow
- Hands on experience with all booting phases
- Debugging methods
- PEIMs and DXE drivers development
- UEFI protocols overview and hands-on experience
- SMM in UEFI theory of operation and practical exercises
- Human interfaces and drivers configuration
- Boot process manipulation
- Legacy BIOS integration through Compatibility Support Module (CSM)
Audience
Engineers with with basic knowledge of Linux, C and Python building. Minimal knowledge of computer systems architecture is required.Duration
5 days
40 hours (8h/day)
50% lectures
50% hands-on workshop
Materials
All training materials presentations and source code will be available for customer internal usage.Language
EnglishOverview
- Tianocore structure and components
- EDK2 build process deep dive
- FSP form basics to advanced concepts
- FSP integration and building procedures
- A new platform enabling and porting procedures
- EDK2 debugging infrastructure
- OVMF as a development environment
- 3mdeb Remote Testing Environment
- UEFI compliance testing
- UEFI security validation
- Image signing
- UEFI Shell usage
Audience
Engineers with very good knowledge of Linux, C and Python. Good knowledge of computer systems architecture is required. Preferred audience after accomplishing 3mdeb UEFI fundamentals training or similar.Duration
5 days
40 hours (8h/day)
30% lectures
70% hands-on workshop
Materials
All training materials presentations and source code will be available for customer internal usage.Language
EnglishFrequently asked questions
The Pace in the PET - Pace Enterprise Training is an accumulation of the following meanings: pace = ‘pacing’, e.g the lion paced back and forth pace = speed pace = pacing, synchronization with something else, e.g. open and closed information streams pace = customized pace of course for each customer/audience
The meaning of PET can also be explained as Privacy Enhancing Technologies.
PET = OST + (theoretically) some proprietary additions which are not in upstream OST. Some could be upstreamed, some could be kept in OET (perhaps for years) based on unique student needs.
Many of the security-related aspects of the Intel/AMD CPUs are confidential and require (C)NDA (Corporate Non-Disclosure Agreement) to access documentation. What is more, it is not enough if both parties have necessary documents and agreements to discuss about them. To freely share information about these, more provisions (such as the MPNDA) are needed. Dasharo Silicon Vendor Onboarding is a Supplier’s product, which ensures an effective and standardized process for onboarding of the given business relationship with the Silicon Vendor, so all of the necessary information can be directly shared between the parties. In order to share the detailed results of the checks and propose a ways of improvements, it is necessary to proceed with the Dasharo Silicon Vendor Onboarding with each vendor participating in the certification program.