Field of the Disclosure
This disclosure relates generally to information handling systems and more particularly to preventing execution of unauthorized firmware, for example, during basic input/output system (BIOS) initialization or a boot process.
Description of the Related Art
As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
In certain information handling systems, a basic input/output system (BIOS) may include BIOS firmware. Some BIOS firmware designers or providers may designate certain portions of the BIOS firmware for code and other portions for data. Generally, during initialization or a boot process executable code is executed or ran from one or more files in a volume associated with code (or a code volume) of a firmware volume. However, during operation of the information handling system, firmware file system (FFS) files of a volume associated with data (or a data volume) of the firmware volume may be altered or changed to include an entry point or code (for example, executable instructions) for execution. On the next boot, these FFS files associated with a data volume may be executed. These FFS files volume may contain malicious or unauthorized content. It may be desirable to prevent the execution of such FFS files to protect the integrity and operation of the information handling system.