WHY?
Malicious boot firmware is a potentially serious problem for critical information systems. Boot firmware runs in a fully privileged mode on
bare hardware, prior to the operating system and thus prior to most security mechanisms. It is responsible for loading the operating system
and detecting, initializing, and configuring the hardware where necessary. Most security mechanisms that are used today depend on the
integrity of the host operating system, and make extensive use of operating system services. Thus, malicious boot firmware (residing in
the devices such as keyboards, PCI devices etc.), running before the OS itself could cause serious harm by operating various devices and by
simply corrupting the system.
|
|
HOW?
Our BootSafe verifier will be able to detect potentially harmful
firmware with static checks on the compiled code. This process will be very inexpensive, allowing the verification to occur in every boot
cycle. Untrusted firmware will be verified as and allowed to load, since the verification occurs before loading and execution. The
verification process depends on firmware being compiled with a certifying compiler, which produces particularly well-structured and
annotated code. End users only need to trust the verifier in order to be confident in the safety of the compiled code. They do not need to
trust the compiler, nor do they need access to the firmware source code. Thus having the BootSafe verifier on a machine would guarantee
the users that the firmware not harmful.
|