The boot environment for computers presents significant challenges to innovation within the hardware and software industries. Each new platform capability or hardware innovation requires firmware developers to craft increasingly complex solutions, and often requires Operating System (OS) developers to make changes to their boot code before customers can benefit from the innovation. This can be a time-consuming process requiring a significant investment of resources. The hardware and software industries have attempted to allow the platform and OS to evolve and innovate independently of one another.
To permit such independent innovation and maintain necessary communication between an OS and platform firmware (any software that is included in read-only memory (ROM)), an interface having an additional layer of firmware code provides for the abstraction of the OS and all higher level software from the firmware. The interface operates in what is referred to as a pre-boot environment as well as providing some additional run-time capabilities. Previous attempts to develop such an interface have required the OS to have specific knowledge of the workings of certain hardware devices. Previous attempts at developing the interface were not effective and did not allow for the dynamic management of those devices in the pre-boot environment and in some run-time environments.
In conventional computers that do not use a firmware interface, the file system is naked to rogue or en-ant code in the pre-boot environment. In particular, the firmware interface system partition in conventional computers is subject to errant modifications and malicious out-of-band updates. Hardening of the firmware interface system partition in both the pre-boot and the runtime environments is thus of particular importance.