Various mechanisms exist for secure booting. The Unified Extensible Firmware Interface (UEFI) specification defines a new model for the interface between operating systems and platform firmware. The interface consists of data tables that contain platform-related information, plus boot and runtime service calls that are available to the operating system and its loader. Together, these provide a standard environment for booting an operating system and running pre-boot applications. More information about UEFI may be found on the public Internet at URL www*uefi*org/home. Please note that periods have been replaced with asterisks in this document to prevent inadvertent hyperlinks. The UEFI standard may be used to assist with secure boot up of a platform.
Chapter 26 of the UEFI Specification 2.1 describes a protocol for secure boot. The defined protocol provides access for generic authentication information with specific device paths. The protocol may be used on any device handle to obtain information associated with the physical or logical device. Public keys and certificates may be kept on the firmware and check digital signatures on third part EFI drivers and Operating System (OS) loaders. Binding public keys to the platform has been a deployment problem. The security is only as good as the platform can securely store the public keys. Revocation at boot time of a public key or certificate is not possible. Counterfeit loaders may be inserted in to the platform to circumvent the security. Thus, this method of secure booting may still be vulnerable to attacks during boot time.