Firmware is code that provides an interface between hardware and an upstream program such as an operating system (OS), a device driver or an application program. The firmware can be classified into device firmware, which is dedicated to control a peripheral device, and system firmware, which relates to the operation of a system as a whole (also called platform firmware).
The system firmware is stored in a non-volatile memory (NVRAM) that is typically attached to a motherboard. The most well-known system firmware is the BIOS, which performs a Power-On Self-Test (POST) and processes a password or provides a service to access hardware after activating a power supply of a computer and before starting of load of the OS. The BIOS supports a 16-bit processor and a 1 MB memory space, and it is becoming difficult for the BIOS to deal with recent advancements in hardware.
Under such a circumstance, as shown in Non Patent Document 1, the UEFI (Unified Extensible Firmware Interface) forum developed the specifications on a new system firmware (hereinafter called UEFI firmware) to be used instead of the BIOS or in addition to the BIOS. In a system equipped with the UEFI firmware, only an OS and a device driver supporting the UEFI can run. In most cases, however, the UEFI firmware is provided to emulate the BIOS, and therefore both of a UEFI supported OS and a UEFI not-supported OS supporting only the BIOS can run in the system equipped with the UEFI firmware.
Meanwhile, a startup disk stores a program called a boot loader to load the OS. At the time of startup, the UEFI firmware firstly performs a handoff to the boot loader to pass the control. The boot loader requests the UEFI firmware to load a main memory of the OS image. If the boot loader is attacked and falsified by malware, an anti-malware program will not be loaded or, alternatively, malware embedded in the disk drive will be loaded. Therefore a countermeasure to protect the boot loader is required.
Patent Document 1 discloses the invention to protect a computer against malware attacking a boot loader. Further, as shown in Non Patent Document 2 and Non Patent Document 3, the UEFI specifications define secure boot in section 27.5. The secure boot is a technique to improve the security of a computer by permitting the execution of only a code or a boot loader that is validated for maintained integrity. Patent Document 2 discloses, as another technique of improving the security of a computer, physical presence to validate that a user physically possessing a platform is operating the platform. Patent Document 3 discloses the invention to start up a system while changing a startup device without a troublesome operation by entering a specific key at the time of activation of the power supply. Patent Document 4 discloses the invention to starting up an OS corresponding to the ID of the hot key and depressing a hot key immediately after turning the power on.    Patent Document 1—Published Japanese Translation of PCT application No. 2008-537224.    Patent Document 2—Japanese Patent Application Publication No. 2010-146048.    Patent Document 3—Japanese Patent Application Publication No. 2003-280915.    Patent Document 4—Japanese Patent Application Publication No. 2003-280915.    Non Patent Document 1—Unified Extensible Firmware Interface Specification, Version 2.3.1, Sep. 7, 2011, Internet search on Dec. 19, 2011, http://www.uefi.org/specs/download/?item_key=aea8a9a9173c42dc477aea293160b62816049d9a.    Non Patent Document 2—Making UEFI Secure Boot work with Open Platforms, October 2011, James Bottomley, Jonathan Corbet, The Linux Foundation, Internet search on Dec. 19, 2011, http://www.linuxfoundation.jp/publications/making-uefi-secure-boot-work-with-open-platforms.    Non Patent Document 3—Protecting the pre-OS environment with UEFI, Steven Sinofsky, Sep. 27, 2011, Internet search on Dec. 19, 2011, http://blogs.msdn.com/b/b8_ja/archive/2011/09/27/uefi-os.aspx.