1. Field of the Invention
The present invention relates to the field of operating systems; more particularly, the present invention relates to a method and apparatus for operating system bootstrap security.
2. Description of Related Art
Computers systems are used for numerous purposes. Some of these purposes include the storage and retrieval of confidential information. Others, such as internet commerce, involve monetary transactions. Some mission critical applications must be consistently and accurately operating on a continuous basis.
Computer systems often include hardware and software security mechanisms to prevent unauthorized access to programs and information. For example, passwords may be used to limit access. However, computer systems are often susceptible to malicious programs that circumvent the security mechanisms to perform malicious acts such as corrupting programs and information or allowing unauthorized access to confidential information. In the past, these viruses typically gained initial access to a computer system via a corrupted program stored on a diskette. Now, the viruses are often embedded in programs or data downloaded through the internet.
As more business is transacted by computers connected to the internet, the potential losses due to an insecure computer system become larger. Thus, it is desirable to provide a more secure computer system.
One type of virus that gains access to computer systems is a boot virus. Typically, a boot virus will modify or replace certain startup modules (boot components), such as the master boot record, to gain control as the system firmware attempts to invoke an operating system. What is needed is a method and apparatus to prevent unauthorized modification or replacement of startup modules.
The startup modules may also be corrupted due to computer system malfunctions. Such corruption may cause the operating system to boot up incorrectly. This may cause programs and information to be corrupted or may leave the computer system in an insecure state. What is needed is a method and apparatus to prevent the booting of an operating system using corrupted startup modules.