As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option is an information handling system (IHS). An IHS generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes. Because technology and information handling needs and requirements may vary between different applications, IHSs may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in IHSs allow for IHSs to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, global communications, etc. In addition, IHSs may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
IHSs are typically built from a variety of components that cooperate to process information. For example, a Central Processing Unit (CPU) runs applications to perform desired operations, such as word processing, multimedia content presentation, web browsing and e-mail. End users interact with applications through a variety of auxiliary subsystems built from the components. Auxiliary subsystems input information for use by the applications and present information processed by the applications. Some examples of auxiliary subsystems include a video subsystem that processes information to generate visual image information for presentation at a display, storage subsystems that support communications with storage devices such as hard disk drives and optical drives, and network subsystems that support communications with various different types of networks.
IHSs typically coordinate the various interactions among applications running on a CPU and physical components with an Operating System (OS) that also runs on the CPU. In addition, IHSs generally have a system boot and initialization firmware architecture that provides the OS with access to physical components, such as a Basic Input/Output System (BIOS).
The BIOS is a set of firmware instructions that runs on a physical component generally referred to as a chipset. During initialization of an IHS, the BIOS coordinates a boot of the OS from persistent storage, such as a hard disk drive, to an operational state running on the CPU and also typically stored in Random Access Memory (RAM) interfaced with the CPU. In addition to the BIOS, other firmware instructions are typically included to support operation of auxiliary subsystems.
For example, Option Read-Only Memories (OPROMs) are autonomous pieces of firmware which control the boot and configuration of auxiliary subsystems within a platform and in some instances also serve as runtime code for some types of subsystems. A video OPROM is typically loaded early in boot to coordinate operations of the video subsystem with the main BIOS and OS so that information can be presented on a display. Other examples include storage OPROMs that make storage devices visible to other components during boot, and network boot OPROMs that support boot of the IHS from a network interface.
A problem with conventional IHSs is that malign code executing on a physical component can compromise information stored on an IHS and can even lead to failure of the IHS. Although malicious code is most commonly targeted at applications and OSs running on an IHS, successful attacks by malicious code on an IHS's firmware present a high risk because firmware runs at a more privileged level than most anti-malware tools available today. In many cases, once additional malign code is attached to a firmware device (e.g., by a remote user), that firmware vector may be used to gain access to server and client systems.