Field of the Invention
The present invention relates in general to the field of information handling system security, and more particularly to information handling system boot pre-validation.
Description of the Related Art
As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
One concern that attaches to the use of all kinds of information handling systems is the vulnerability of information handling systems to malware or hacking attacks. Generally, malware is code snuck onto an information handling system that performs functions unauthorized by the end user. In some instances, malware creates a nuisance by interrupting an end user with advertisements or sending unauthorized “spam” from a user's email account. In other instances, malware has a more sinister intent, including capturing personal information of an end user, such as passwords and financial accounts. Malware can sit quietly monitoring an information handling system for extended periods of time, thus placing sensitive government classified information and enterprise trade secrets at risk. Undetected malware that exposes even minor personal information can create major risks for a government or enterprise if unauthorized users are able to leverage the personal information to access sensitive information, such as by guessing passwords.
To identify and remove malware, end users typically run anti-malware applications that search for and delete malicious code. Although conventional anti-malware applications have considerable success against known malicious code, sophisticated malware attacks are generally difficult to detect and defend against. In particular, malware that attaches to privileged administrator access of an information handling system's operating system often includes code that hides the malware from detection. Such malware, known as rootkit malware, uses administrator privileged access to modify anti-malware applications so that the rootkit malware escapes detection. Other types of malware attack code that is not normally monitored by anti-malware applications. For example, malware embedded in firmware, such as option ROM firmware, is not typically monitored or detected by anti-malware applications and often has direct access to sensitive hardware elements. Often, anti-malware applications that run over an operating system do not have access to firmware code and therefore cannot search for malware installed in firmware of embedded hardware devices. Generally, malware that runs in firmware or on embedded hardware devices has to be detected before installation of the malware on an information handling system.
One technique for preventing malware in firmware of embedded devices is to search firmware upgrades for malicious code before the firmware upgrades are installed. Although this technique detects known malicious code, unknown code may sneak past and remain installed even after the malicious code is identified as such. Another technique recently adopted for WINDOWS, known as Secure Boot, is to require that firmware code bootloaders have a signed key recognized by the operating system before the bootloaders are allowed to execute. A difficulty with the requirement for signed bootloaders is that unsigned or unrecognized firmware will not load at boot, thus leaving hardware devices inoperative, whether or not the firmware includes malicious code.