Platform firmware includes the first set of instructions that are executed by a computer system. To protect this important set of instructions from attacks, current solutions guard the firmware image by making it part of the root of trust. The root of trust that originates from the platform hardware passes from the hardware to the software through the firmware of the platform. And thus the firmware becomes a critical part of the chain of trust.
Methods of compromising platform firmware are continually being developed. Compromising platform firmware enables an arsenal of very useful tools to attack a system. Unlike software attacks, compromised firmware is both hard to detect and difficult for a system to recover from. Compromised firmware is mostly invisible to the software layer of a system, including most anti-virus and spyware tools. The invisible nature of firmware makes it ideal for rootkits. Rootkits are compact and dormant malicious hooks in the platform that attain highest possible privilege and lowest visibility to running software. Their primary function is to provide an API to other viruses and worms on an infected system.
Furthermore, the potential damage from a malicious firmware attack is far worse than a software attack due to the persistent nature of the firmware. For example, a denial of service (DOS) attack on the system software stack may result in a corrupted OS stack that would need to be reinstalled. In contrast, a compromised firmware DOS attack may result in a completely unbootable and unusable platform. Current technologies have very poor mechanisms for recovery of platform firmware.
Descriptions of certain details and implementations follow, including a description of the figures, which may depict some or all of the embodiments described below, as well as discussing other potential embodiments or implementations of the inventive concepts presented herein. An overview of embodiments of the invention is provided below, followed by a more detailed description with reference to the drawings.