Computing systems include hardware, such as a processor, on which software or firmware is executed. When a processor is powered-up or receives a reset signal, the processor executes a boot sequence during which numerous instructions in firmware are executed in a pre-boot environment (i.e., an environment in which no operating system (OS) has been loaded).
As computing systems have evolved, the pre-boot environment has progressed from a crude interface having limited services to a standards-based interface in which firmware components are modular. One example of such a firmware arrangement is the extensible firmware interface (EFI), which provides a rich, heterogeneous set of services that are callable by various system entities to request execution, to invoke services, etc. For example, the EFI includes a set of core services that are made available through a system table that publishes the address at which various services reside so that the services may be called. Additionally, the EFI includes the ability to install interfaces, such as protocols, via a global unique identifier (GUID)/pointer pair.
The extensibility of modern firmware, such as EFI, which allows the addition of interfaces, along with the fact that most firmware systems leave variable stores and file systems unprotected, leaves modern firmware open to security attacks from viruses and the like. For example, the exposure of the flat namespace of callable interfaces that are listed in a system table creates new issues for establishing trust relationships among various executable entities. In particular, known pre-boot firmware environments do not perform authentication (i.e., confirming the identity of the entity requesting services) or authorization (i.e., determining the rights of the service requester).