As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option is an Information Handling System (IHS). An IHS generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes. Because technology and information handling needs and requirements may vary between different applications, IHSs may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. Variations in IHSs allow for IHSs to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, global communications, etc. In addition, IHSs may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and/or networking systems.
A Basic Input/Output System (BIOS) is a type of firmware used during the booting process (reset or startup) of an IHS that contains the first software that is executed when the IHS is powered on. In operation, the BIOS is configured to initialize and test the IHS's hardware components, and also to load a boot loader or an Operating System (OS) from a memory. Originally, BIOS firmware was stored in a read-only memory (ROM) chip in the IHS; in modern systems, however, the BIOS' instructions are stored on flash memory so they can be rewritten without having to physically remove the chip from the IHS.
The Unified Extensible Firmware Interface (UEFI) was designed as a successor to BIOS, aiming to address certain of its technical shortcomings. In UEFI based-systems, actions performed upon the UEFI file system may use the UEFI Device Path Protocol. Particularly, UEFI file systems use the UEFI Device Path Protocol internally to install UEFI applications, to access hardware using UEFI drivers, and/or to determine the programmatic path to a device.
Despite technological advances provided by UEFI firmware, the inventors hereof have identified a number of shortcomings that are characteristic of conventional UEFI systems. For example, the UEFI Device Path Protocol does not protect an IHS against malicious access from users. Any malicious UEFI application, shell, driver, or OS Loader can potentially corrupt the system hardware once they gain access to it. Accordingly, to address these and other problems, the inventors hereof have developed systems and methods for UEFI credential-based access of hardware resources.