Uefi Secure Boot in Modern Computer Security Solutions

OVERVIEW What is the UEFI Forum? The Unified Extensible Firmware Interface (UEFI) Forum is a world-class non-profit industry standards body that works in partnership to enable the evolution of platform technologies. The UEFI Forum champions firmware innovation through industry collaboration and the advocacy of a standardized interface that simplifies and secures platform initialization and firmware bootstrap operations. Both developed and supported by representatives from more than 200 industry-leading technology companies, UEFI specifications promote business and technological efficiency, improve performance and security, facilitate interoperability between devices, platforms and systems, and comply with next-generation technologies. What is UEFI Secure Boot, and how did it originate? UEFI Secure Boot was created to enhance security in the pre-boot environment. UEFI Forum members developed the UEFI specification, an interface framework that affords firmware, operating system and hardware providers a defense against potential malware attacks. Without UEFI Secure Boot, malware developers can more easily take advantage of several pre-boot attack points, including the system-embedded firmware itself, as well as the interval between the firmware initiation and the loading of the operating system. Malware inserted at this point can provide an environment in which an operating system—no matter how secure—cannot run safely. Secure Boot helps firmware, operating system and hardware providers cooperate to thwart the efforts of malware developers. Additional background on the intent of UEFI Secure Boot can be found in "UEFI Networking and Pre-OS Security," published in the Intel Technology Journal [1]. What are the most common misperceptions about UEFI and UEFI Secure Boot? Several misperceptions about UEFI Secure Boot, its intended uses, requirements and application exist within the technology and end-user community. A few of the most common are outlined below and in greater depth throughout this paper.  False: " UEFI Secure Boot is an attempt to 'lock' platforms to software from specific vendors and block operating systems and software from others. "  False: " UEFI Secure Boot requires a TPM chip, as described by the Trusted Computing Group (TCG), and TCG controls the UEFI specification. "  False: " UEFI Secure Boot requires a specific implementation by computer manufacturers and operating system vendors. " CONTENTS This paper discusses UEFI Secure Boot misperceptions and includes examples of potential malware attacks in the PC and non-PC space. It also provides history and examples of rootkit and bootkit attacks and outlines UEFI Secure Boot solutions. Below is a table of contents. The views and …