Modern computers rely on fundamental system firmware, commonly known as the Basic Input/Output System (BIOS), to facilitate the hardware initialization process and transition control to the hypervisor or operating system. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS’s unique and privileged position within the PC architecture. The guidelines in this document include requirements on servers to mitigate the execution of malicious or corrupt BIOS code. They apply to BIOS firmware stored in the BIOS flash, including the BIOS code, the cryptographic keys that are part of the Root of Trust for Update, and static BIOS data. This guide is intended to provide server platform vendors with recommendations and guidelines for a secure BIOS update process.
[1]
Cliff Changchun Zou,et al.
SMM rootkits: a new breed of OS independent malware
,
2008,
SecureComm.
[2]
Elaine B. Barker,et al.
Recommendation for Obtaining Assurances for Digital Signature Applications
,
2006
.
[3]
A. Kumar.
Active Platform Management Demystified: Unleashing the Power of Intel VPro (TM) Technology
,
2009
.
[4]
William E. Burr,et al.
Recommendation for Key Management, Part 1: General (Revision 3)
,
2006
.
[5]
David Grawrock.
Dynamics of a trusted platform: a building block approach
,
2009
.
[6]
Benjamin Morin,et al.
ACPI and SMI handlers: some limits to trusted computing
,
2010,
Journal in Computer Virology.