In many computer systems, a booting of the system occurs through a series of steps in which initialization is performed, self-testing occurs, a basic input/output system (BIOS) is loaded and executed, and finally control may be passed off to an operating system (OS). In many systems, a pre-boot environment enabled via code present in a non-volatile storage of the system can perform those operations. Accordingly, there is a risk that untrusted or errant third party code can corrupt the system, particularly in the pre-boot environment.
As one example, the Unified Extensible Firmware Interface (UEFI) specification, e.g., the UEFI Specification version 2.3.1 (dated Apr. 8, 2011), calls for the separation of pre-boot and boot environments into a variety of phases. However, in these phases both original equipment manufacturer (OEM) trusted code and third party untrusted/errant code can execute in the same privilege level, which can lead to an attack on the system.
As more compute devices provide for mobility and ready access to the Internet a challenge is posed in the plague of software viruses that primarily attack the compute node personality (such as a registry) and file system. In these common scenarios, virus attacks can render the compute node non-functional and hence useless, and can further lead to loss of vital user data. A user may attempt unsafe actions to recover the data, which may lead to infections of other systems with the same virus.
An additional problem is that antivirus (AV) software is usually installed on the same read-writeable media that contains the OS image as well as user data. This too poses a problem as in extreme scenarios of virus attacks, it is the AV software that is attacked and disabled from functioning.