UNCLASSIFIED
National Security Agency | Cybersecurity Technical Report
UEFI Secure Boot Customization
U/OO/168873-20 | PP-20-0652 | Sep 2020 Ver. 1.1
1
UNCLASSIFIED
1 Unified Extensible Firmware Interface (UEFI)
Unified Extensible Firmware Interface (UEFI) is an interface that exists between platform
hardware and software. UEFI is defined and updated via specifications maintained by the UEFI
Forum industry body. Support for UEFI is a requirement for some newer software and hardware.
Legacy boot solutions, such as Basic Input/Output System (BIOS), are being phased out in 2020
(Shilov 2017).
UEFI defines a consistent Application Programming Interface (API) and a set of environment
variables common to all UEFI platforms. Uniformity enables OS, driver, and application
developers to build for UEFI regardless of platform, architecture, vendor, or assortment of system
components. Manufacturers and developers can take advantage of UEFI’s extensibility to create
additional features, add new product support, and create protocols to support emerging solutions.
Legacy BIOS involves a wide variety of unique implementations, update solutions, and
interpretations of platform services (e.g. Advanced Configuration and Power Interface (ACPI)).
UEFI establishes a standard that separates portions of code into modules, defines mechanisms
for module interaction, and empowers component vendors to reuse modules across product lines.
Modules also enable vendors to swap out content via updates that can be delivered remotely over
commercial infrastructure management and update solutions (Golden 2017).
UEFI boot occurs in standards-defined phases (UEFI Forum 2017). Figure 1 shows an overview
of the phases. The SEC, PEI, DXE, and BDS phases are handled by platform firmware. The
Bootloader and OS Kernel phases are handled by software.
UEFI Boot Phases
Legacy BIOS has been part of the computing ecosystem since 1975. UEFI entered the standards
and commercial world in 2005 after having existed as an internal Intel Corporation project for
many years prior (referred to as Extensible Firmware Interface – EFI). The UEFI Forum and
vendor partners recognized the potential for disruption migrating from BIOS to UEFI would cause
on the computing industry and established products. Therefore, UEFI implementations historically
have offered the following operating modes to meet customer needs:
UEFI Native Mode
is UEFI without any accommodation for legacy devices. UEFI makes
changes to the way devices and components execute their firmware and access system
Security Phase
(SEC)
• Initialize Static
Root of Trust for
Measurement
(SRTM)
• Perform firmware
integrity checks
Pre-EFI Init
Phase (PEI)
• Initialize Core
Root of Trust for
Measurement
(CRTM), CPU,
chipset, RAM,
protocols,
handlers, built-in
devices
• Begin firmware-
controlled Secure
Boot
Driver eXecution
Environment
(DXE)
• Discover I/O
buses, expansion
components (e.g.
RAID, NIC,
USB), and device
firmware
• Execute firmware
modules
• Parallel
execution for
speed
Boot Device
Select (BDS)
• Initialize UEFI
system table,
boot manager,
apps (e.g. UEFI
shell, UEFI
config), network
connections,
remote
management
• Read bootable
EFI partitions
Bootloader
• SHIM, GRUB,
SysLinux, Boot
Manager for
Windows,
rEFInd, and other
bootable binaries
• Can directly boot
kernels
• Begin software-
controlled Secure
Boot
OS Kernel
• Set up initial
filesystem,
system modules,
policies, drivers,
and apps
• Init OS runtime
environment and
user experience
layer
• Kernel enforces
Secure Boot for
driver signing
Boot Process
Figure 1 - An enumeration of UEFI firmware and software boot phases.
剩余38页未读,继续阅读
shengbucun
- 粉丝: 1
- 资源: 10
我的内容管理
展开
最新资源
- JDK 17 Linux版本压缩包解压与安装指南
- C++/Qt飞行模拟器教员控制台系统源码发布
- TensorFlow深度学习实践:CNN在MNIST数据集上的应用
- 鸿蒙驱动HCIA资料整理-培训教材与开发者指南
- 凯撒Java版SaaS OA协同办公软件v2.0特性解析
- AutoCAD二次开发中文指南下载 - C#编程深入解析
- C语言冒泡排序算法实现详解
- Pointofix截屏:轻松实现高效截图体验
- Matlab实现SVM数据分类与预测教程
- 基于JSP+SQL的网站流量统计管理系统设计与实现
- C语言实现删除字符中重复项的方法与技巧
- e-sqlcipher.dll动态链接库的作用与应用
- 浙江工业大学自考网站开发与继续教育官网模板设计
- STM32 103C8T6 OLED 显示程序实现指南
- 高效压缩技术:删除重复字符压缩包
- JSP+SQL智能交通管理系统:违章处理与交通效率提升
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
