As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option is an information handling system (IHS). An IHS generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes. Because technology and information handling needs and requirements may vary between different applications, IHSs may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in IHSs allow for IHSs to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, global communications, etc. In addition, IHSs may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
In most IHSs, low-level code is used as an intermediary between hardware components and the Operating System (OS), as well as other high-level software. In some IHSs, this low-level code is known as the Basic Input/Output System (“BIOS”). The BIOS provides a set of software routines that allow high-level software to interact with hardware components using standard calls. Because of certain limitations of the original BIOS, a new specification for creating code that is responsible for booting the IHS has been developed that is called the Extensible Firmware Interface (“EFI”) Specification, and which has been extended by the Unified Extensible Firmware Interface Forum (“UEFI”).
The EFI Specification describes an interface between the OS and the system firmware. In particular, the EFI Specification defines the interface that platform firmware must implement and the interface that the OS may use in booting. The EFI Specification also specifies that protocols should be provided for EFI drivers to communicate with each other. An EFI protocol is an interface definition provided by an EFI driver. The EFI core provides protocols for allocation of memory, creating events, setting the clock, etc.
As the inventors hereof have recognized, there has recently been an increased threat of malware infiltration with respect to the BIOS. To attempt to identify such malware, conventional IHSs may implement a “safe boot” process whereby the IHS examines the BIOS during boot and compares its present state with known good code used in a prior successful boot. If any changes have been made to the code, the user may be alerted and/or the process may be halted. As the inventors hereof have also determined, however, not all changes to the boot code are malicious. Moreover, conventional safe boot processes may still fail to identify certain types of malware.