The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware. UEFI defines two types of services: boot services and runtime services. Boot services include text and graphical consoles on various devices, and bus, block and file services. Runtime services are still accessible while the operating system is running, and include services such as date, time and NVRAM access.
In addition, UEFI provides a way to store data, in particular non-volatile data that is shared between platform firmware and operating systems or UEFI applications. Variable namespaces are identified by Globally Unique Identifiers (GUIDs), and variables may be implemented as key/value pairs.
Furthermore, UEFI can run standalone UEFI applications, which can be developed and installed independently of a system manufacturer. UEFI applications reside as files on an EFI System Partition (ESP) and can be started directly by the UEFI firmware's boot manager, or by other UEFI applications. Examples of UEFI applications include operating system loaders (e.g., boot loaders), such as the Microsoft® Windows® Boot Manager. A boot loader starts a specific operating system and may provide a user interface for the selection of another UEFI application to run. Another example of a UEFI application is the UEFI shell.
However, while UEFI provides flexibility in allowing various different types of EFI applications to run, this flexibility also presents a vulnerability to a computer system. In particular, a malicious user may attempt to infiltrate a target computer system by replacing or modifying portions of a UEFI firmware, which would then allow the malicious user access to the target computer system at its lowest (e.g., hardware) levels.