The Extensible Firmware Interface (EFI) specification (version 1.10 published December 2002) describes an interface between the operating system (OS) and platform firmware, such as the basic input output system (BIOS). The interface is in the form of data tables that include platform-related information, and boot and runtime service calls that are available to the OS loader and the OS. Together, these provide a standard environment for booting an OS.
The EFI specification defines a way for the OS and platform firmware to communicate information necessary to support the OS boot process. This is accomplished through a formal and complete abstract specification of the software-visible interface presented to the OS by the platform and firmware. An EFI compliant OS is able to boot on a variety of EFI compliant system designs without further platform or OS customization.
The EFI specification describes a boot manager that can be configured by modifying a parameter associated with an architecturally defined variable such as a non-volatile random access memory (NVRAM) variable. The boot manager loads EFI drivers and EFI applications in an order defined by NVRAM variables. The platform firmware uses the boot order specified in the NVRAM variables for normal boot. The platform firmware may add extra boot options and remove invalid boot options from the boot order list, and grant access privileges to users as defined by the NVRAM variables.
The NVRAM variables utilized by the EFI specification, however, are stored in a non-volatile storage that is accessible through application program interfaces (APIs). This makes the NVRAM variables and the platform utilizing them vulnerable to improper alterations. For example, an NVRAM variable may be modified such that an OS kernel upon reboot might change its default user access to Root giving any user unlimited access to the platform.
Thus, what is needed is a method and apparatus for enabling non-volatile content filtering to protect parameters associated with variables stored in a non-volatile storage unit from being improperly altered.