Research Of UEFI BIOS Security Enhancement Mechanism And Integrity Measurement

Trusted Computing (Trusted Computing, TC) is a new technology of informationsecurity. One of its main goals is to ensure safe and reliable computer system. In orderto achieve this goal, it has taken the appropriate security measures in the computerfirmware, hardware, and operating systems. Trusted Computing Platform based ontrusted computing technology is a new security architecture. It is built on thegeneral purpose computer platform. BIOS is the first stage of the computer startsexecution, whether the security protection can be directly related to the security ofTCP, Therefore, it is very meaningful to study the safety of BIOS. Unified ExtensibleFirmware Interface UEFI is an open industry standard interfaces. It defines an abstractprogramming interface specification between platform firmware and the operatingsystem.It has become the industry standard of the next generation BIOS technology.BIOS password is an effective way to protect BIOS settings and preventmalicious to tamper. The BIOS setup password is usually not encrypted, passwordsettings are easily obtained, BIOS setup program can easily be modified. So how tomake sure the BIOS setup program is not being modified. It is also an importantmeasure to ensure the safety of the UEFI BIOS. BIOS password is hashed, effectivelyto prevent illegal user to enter BIOS Setup, to tamper BIOS setup information. And toa certain extent, it improves the BIOS security.Through to analysis and research trusted computing, Trusted Platform ControlModule, Integrity measurement mechanisms and UEFI BIOS, presenting a based onTPCM multi agent measurement model and realizing the integrity measurement ofBIOS. The model is based on trusted Platform Control Module, Root of Trust ofMeasurement, Root of Trust of Storage and Root of Trust of Reporting are built inTPCM. Using active measure mechanism to control the measure process andintroducing TEMM in the measurement module. Follow up measure work is achievedby TEMM. Meanwhile designing and implementing driver module, service moduleand message module to provide support for the measure work.This paper also proposes measure experimental verification scheme and indicatesthat the program complete integrity measurement of start up phase of UEFI BIOS andensure the gradual transfer of trust chain. Then making a summary for the full text andprospecting the research and application of credible BIOS platform.