System firmware, for example, basic input/output system (BIOS) or core system software code is typically maintained within a non-volatile memory of a corresponding electronic device, for example, a desktop computer, laptop computer, personal digital assistant (PDA), set top boxes, servers, point-of-sale (POS) devices, automated teller machines (ATMs), wireless communication devices, for example, cellular telephones and other suitable devices and combinations thereof. The system firmware is operative to recognize and initialize the hardware subsystems and components of the electronic device and transfer control of the electronic device to an applicable operating system, upon completion of the initialization process. The firmware transfers device control to the operating system by loading the operating system boot loader during the initialization process, sometimes referred to as the power on self test (POST) process. The boot loader is a small program that causes the electronic device to retrieve the operating system from a predetermined location within non-volatile memory and load the same into the device memory, for example, system memory when the electronic device is booted, and also start the operating system.
Typically, the firmware assumes that the operating system boot loader is authorized and thereby executes the boot loader without performing any authorization, validation or verification procedures on the boot loader. A drawback associated with the aforementioned assumption is that the boot loader may have malicious or otherwise unwanted code incorporated therein that may harm one or more of the subsystems of the underlying electronic device; thereby, bypassing any security procedures implemented on the electronic device. Another drawback associated with the aforementioned assumption is that it prevents the underlying electronic device from determining whether the boot loader, or the corresponding operating system, has been modified.
A conventional method used to authorize a boot loader is to rely on the operating system installer and the system firmware vendor agreeing to only provide authorized, up to date boot loaders. A drawback with relying on such a system is that it does not resolve the potential issues of a third party introducing a corrupted boot loader or operating system into the electronic device.