Platform Trust Beyond BIOS Using the Unified Extensible Firmware Interface
نویسنده
چکیده
The Unified Extensible Firmware Interface (UEFI) provides a consistent set of interfaces designed to support the booting of shrink-wrap operating systems, loading of drivers that replace legacy PC/AT option ROM’s, and support operating-system absent diagnostics and applications. In addition to this, UEFI capabilities are exported by C-callable interfaces, thus allowing for UEFI platforms to span a large class of platform and CPU microarchitecture. These interfaces run in the native machine mode and go beyond today’s 16-bit real-mode BIOS. Inherent in the business deployment and interoperability of “extensibility”, there is also the peril, namely control of system policy. One such policy, such as integrity control of the platform firmware and authorization of module launch, will be discussed in light of these business challenges and the emergent wave of malware in the market.
منابع مشابه
Overcoming BIOS development challenges in embedded systems
One solution within developers’ grasp is Intel’s Platform Innovation Framework for Unified Extensible Firmware Interface (UEFI), aka the Framework (www.intel.com/ technology/framework/). How can the Framework make life easier? How about these perks for starters: faster time to market, less frustration, easier-to-use code, open source drivers, simplified debugging, write once and use many times,...
متن کاملAnalysis and a case study of transparent computing implementation with UEFI
Transparent computing (TC) can be thought as a special kind of cloud computing that regards storage as a service. TC logically splits the software stack from the underlying hardware platform, and separates the computing unit from storage for the purpose of making the same software run on different hardware and different software run on the same hardware. TC requires a unified software-hardware ...
متن کاملSymbolic Execution for BIOS Security
We are building a tool that uses symbolic execution to search for BIOS security vulnerabilities including dangerous memory references (call outs) by SMM interrupt handlers in UEFI-compliant implementations of BIOS. Our tool currently applies only to interrupt handlers for SMM variables. Given a snapshot of SMRAM, the base address of SMRAM, and the address of the variable interrupt handler in SM...
متن کاملTrusted Firmware Services Based on TPM
How to build trusted firmware platform has been a research hot in computer security community. In this paper, a novel entrusted firmware services under UEFI framework are proposed, which exploits the high safety of Trusted Platform Module (TPM) root and uneditability of firmware for building the trusted platform in code modification checking, user identity authenticating, hard disk attestation ...
متن کامل