Computing devices are initialized by firmware included within the device and this firmware provides a range of software services which facilitate the boot of the operating system (OS) as well as providing a smaller subset of these services that continue to be available after the operating system has booted. Firmware is software that has been written onto Read-Only Memory (ROM) modules including, but not limited to, ROM, PROM, EPROM, EEPROM, and Flash memory (collectively referred to hereafter as “ROM”). Among other services, the firmware is responsible for operation of the computing device until a boot process can be run which loads an operating system for the computing device into memory. Once loaded, the operating system is in charge of normal operation of the computing device although the provision of certain services after loading of the operating system may require a transition of control from the operating system back to the firmware for security and other reasons.
Unified Extensible Firmware Interface (UEFI) is a specification created by a non-profit industry body detailing a programming interface between the Operating System and the included firmware of a computing device such as, but not limited to, a Personal Computer (PC). UEFI specifications describe a set of tools by which a computing device can move in an organized fashion from the power-applied state to fully operational. The UEFI specification tells the desired result but deliberately does not specify the internal tactic of implementation. The UEFI firmware specification replaces earlier operating system (OS)/firmware interfaces previously used by the industry and commonly known as legacy BIOS (Basic Input Output System).
The UEFI specification provides a facility called driver signature checking by which software from other parties can be ‘signed’ using public/private key cryptographic techniques at its origin and this signature is validated by the platform firmware prior to allowing this software to operate. The signature checking concentrates on software added to configure optional components (such as plug-in boards) and software supplied by the Operating System for early boot steps (such as OS boot loaders.) The signature checking is accomplished with a library of approved keys. The platform must take care to not allow unauthorized software elements any ability to modify the library of approved keys as this would allow rogue software elements to defeat the signature checking.
When implemented in a computing device, the machine codes for UEFI firmware and all permanent data used by the firmware reside in Read Only Memory (ROM). In many cases the ROM is an Electrically Erasable silicon device known as a flash ROM. Flash ROM has the characteristic that it can be erased by electrical command and individual elements may then be written and the device will retain the data indefinitely. When power is first applied to the computing device, the system executes a process called reset which clears the state to a known condition and begins execution of the firmware. The firmware is read from the ROM. A ROM for a computing device is partitioned into several functional divisions or regions. One such region is called the Authenticated Variable Region or Store that stores Authenticated Variables defined in the UEFI specification. The Authenticated Variable Store is used to hold UEFI-defined security information (the system security database) used to perform signature checking. Because it contains security data and potentially sensitive user data, the UEFI specification provides that the Authenticated Variable Region/Store must be protected from alteration by any entity except those authorized by the presence of identifying key data within the security database.