The present disclosure relates generally to information handling systems, and more particularly to a secure live media boot system for booting information handling systems.
As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
Information handling systems such as, for example, desktop computing devices, laptop/notebook computing devices, and/or a variety of other computing devices known in the art, are sometimes used to perform high-vulnerability tasks such as Internet banking and other tasks that require relatively high levels of security so that sensitive information communicated using the computing device is not compromised and/or unauthorized access to secure systems achieved. Conventionally, such levels of high security are achieved by ensuring the operating system on the computing device includes up-to-date “patches” for any known vulnerabilities, providing virus scanning software on the computing device to determine whether the computing device may be compromised by any computer viruses, using conventional secure booting methods to boot the computing devices, and hoping that the computing device is not under attack from a new security threat that is able to circumvent the high-security procedures discussed above. In one example, users may utilize conventional live media such as, for example, Linux LiveCD or Read-only LiveUSB, to perform the secure booting discussed above. Such conventional live media booting systems provide external media such as a compact disc (CD) or Universal Serial Bus (USB) drive that stores a complete bootable computer installation (e.g., in an .iso file) that includes an operating system for the computing device. In order to boot, the computing device copies the computer installation from the external media to the computing device memory (rather than being loaded from a hard drive or other mass storage device), which allows the user to run the operating system for any purpose without installing it or making changes to the computing device configuration.
However, such conventional live media booting systems require that the user have access to the live media whenever a secure environment is desired. Furthermore, computer viruses have been developed that are very successful in hiding from virus scanners, while also being very difficult to remove from the computing device. Users may inadvertently install such computer viruses when installing seemingly harmless readers or games on the computing device, resulting in malicious rootkits that are resident in the kernel of the computing device and that enable access to the computing device (or areas of its software) that would otherwise not be allowed to an unauthorized user, while at the same time masking the existence of the rootkit or maliciously modified software. Stolen or guessed passwords can result in the installation of such rootkits on the computing device as well. Conventional systems such as secure booting systems available from MICROSOFT® Corporation of Redmond, Wash., United States, (e.g., MICROSOFT® Secure Boot) were expected to reduce the use of such rootkits, but vulnerabilities in the Unified Extensible Firmware Interface (UEFI) have been exploited to install rootkits despite the new security. Furthermore, computer viruses resident in the operating system can exist in the secure boot operating system because the user of the computing device has allowed malicious software to run.
Accordingly, it would be desirable to provide an improved secure live media boot system.