Conventional operating systems (OS) typically include at least two modes of operation: a “user” mode of operation and a “kernel” mode of operation.
Operation in “user” mode is generally limited in the scope of their execution permissions. In other words, operations in user mode typically cannot access protected mode hardware, such as the memory management registers of the processor, without causing an exception. This exception is then caught or handled by another piece of code that has higher permission and the ability to evaluate the user code request and accept or reject it.
“Kernel” mode programs, on the other hand, are assumed to be trusted software. Such programs can execute any instruction and reference any memory addresses.
Accordingly, all user mode software must request use of the kernel by means of a system call in order to perform privileged instructions, such as process creation or input/output operations.
Basic input/output system (BIOS) or boot code is a piece of code that is executed when the processor first comes out of reset. The BIOS initializes hardware and prepares for the launch of the operating system (OS). In other words, the BIOS ensures that all other chips, hard drives, ports, central processing units (CPUs) and any other related system hardware function together. If the BIOS is breached, corrupted or otherwise compromised, then potentially the entire system is compromised.
In an effort to make computing platforms more secure, organizations generally implement levels of trust or “trust zones” in the hardware architecture of computing systems. Each zone typically has a set of execution privileges similar to conventional two-ring operating system execution level. Such systems, however, fail to provide security measures related to the BIOS.
There is therefore a need for security measures to validate, protect and otherwise monitor BIOS or boot code.