During a normal boot process, such as, a boot process from mechanical power on (S5 state), unified extensible firmware interface (UEFI) is made available to third party vendors. In the driver execution environment (DXE) phase during a normal boot process, DXE drivers from various vendors collectively build a preboot environment for a computer system.
When resuming from a sleep state, a computer system restores the preboot environment. An S3 state (also known as suspend to RAM) is a sleep state corresponds to a standby mode in operating systems such as, for example, Windows XP and some variants of Linux-based operating systems. In the S3 state, main memory (RAM) is still powered. The contents of main memory when a computer system awake from the S3 state is the same as when the computer system was put into the S3 state. Since states of an operating system, all applications, opened documents, etc. are stored in main memory, users can resume work from where they left off.
FIG. 1 shows an example of the S3 resume boot path. Referring to FIG. 1, BIOS (Basic Input/Output system) restores chipset and processor configurations in the PEI phase (process block 101-102). Typically, operations for restoring to a preboot state are saved as a boot script in non-volatile storage during a previous S5 normal boot (process blocks 103, 110). By executing the boot script, the DXE phase is bypassed in the S3 resume boot path.
UEFI interfaces, especially with respect to the DXE phase, are not exposed to third parties in the S3 resume boot path. The DXE phase is not available in the S3 resume boot path because of the following reasons: (1) the DXE phase hosts numerous services, which makes the firmware modules rather large; and (2) loading DXE from a flash memory is very time consuming and complicated.
Often BIOS replays the authentication information collected during S5 normal boot. A laptop, stolen while in the S3 state, might be used without any authentication by whoever obtained the laptop. The system is therefore compromised and becomes vulnerable to a security attack.