A Research On UEFI Security Mechanism Based On Firmware File System

Currently, the computer hardware is developing rapidly, but it is difficult for legacy BIOS to meet the demand of modern computer hardware development owning to the uneasiness for programming & maintenance and extension. Aiming to the shortages of legacy BIOS, Intel and other companies have suggested replacing it by UEFI(Unified Extensible Firmware Interface). UEFI firmware is the first access program of the computer and its security will directly affect the security of the whole computer system. If UEFI firmware encounters attack, the computer will be controlled by the attackers before loading in the operation system, and the attacker will gain the root permission of the computer. The UEFI’s population has already brought the targeted attacks, especially the attacks of strong imperceptibility and high permission through firmware file system. In consideration of more and more potential security threats to UEFI, the study on security mechanism of UEFI firmware is of great urgency.As the substitute of legacy BIOS, UEFI’s standard was added with the trusted start, digital signature and other definitions for security services which are based on the trusted platform standard to execute the integrity verifying and identity authentication of UEFI firmware platform. However, those security mechanisms mainly aimed to the detection program of the third party but cannot stop attackers from attacking UEFI firmware by making use of firmware file system. Because the related UEFI documents are disclosed, the detailed information of firmware file system is easily accessible to attackers. By making use of the information, attackers can make addition or alternation to the files in the firmware and straightly destroy or take advantages of the code of UEFI firmware by skipping the trusted compute chain’s examination to the third party’s drive and application program.The thesis gives the firmware film system based UEFI security idea to combine UEFI start progress and trusted compute thought, or specifically create a trust chain in the UEFI start progress and trusted measurement mechanism of firmware files. The security idea can effectively repel attackers damaging UEFI firmware by using firmware file system.Based on the division of UEFI start process by UEFI Framework, the first two start phases are regarded as the trusted measurement root and other phases as the nodes of trust chain to create a trust chain linking all the phases. In the transferring process of control permission, the trusted measurement must be conducted before, and the control permission can be transferred only when the next phase is trusted. The trusted measurement relationship should be transferred one after the other. The integrity measurement mechanism is taken as the trusted measurement method in UEFI security plan, that is to say, the trustworthiness of each phase is determined via the integrity measurement to the firmware files to guarantee the whole UEFI start process with high trust degree.In accordance with the UEFI security plan, the thesis will design and realize the firmware security module driven by UEFI. The module, composed of main module, Hash algorithm engine, communication cell and memory module, uses UEFI drive program to make virtual TPM(Trusted Platform Module) chip. The security plan function is realized via the firmware security module which is stored in UEFI firmware and can get the execution permission in UEFI start process, and also will protect the start process. In the last part the thesis, the firmware security module will be given with test to verify whether it can protect UEFI firmware files or not, so as to ensure the trustworthiness of UEFI start process.