| UEFI defines the Interface specification between operating system and hardware system, it is a new generation firmware system. UEFI uses the C language to develop the platform, So that it could accelerate the speed of development and innovation of the platform. In addition, UEFI controls hardware and loads the driver in the Driver/protocol way, it can simplify the realization of the support to new hardware. The way of updating UEFI firmware file system is diverse, it can be updated not noly by network, but also by mobile storge tools. In daily production, UEFI file is often saved in mobile storge tools. However, when mobile storge tools are used as the updating media, the data files are often attacked by viruses, worms and so on, so the UEFI file faces a serious threat.To the security issues of UEFI firmware file system, digital abstract, digital signature and digital certificate of cryptography knowledge are introduced into UEFI. And according to the framework of UEFI, the paper also addes a DXE driver to verify the safety of UEFI firmware file.Based on the content above, this paper proposes a security update mechanism about UEFI firmware file system. Firstly, the paper packages a security validation layer to UEFI file. The security validation layer can ensure the applicability and integrity of UEFI file, the major steps contain adding the description information to ensure its applicability and adding the digital signatures to ensure that it can not be tampered with. Thus, before updating UEFI file, DXE driver could ues security validation layer to verify the security of UEFI file. Compared to the procedure of adding validation layer, to verify the safety of UEFI file is its reverse procedure. It should firstly verify the integrity and secondly verify the applicability. Only through the validation of DXE driver, UEFI firmware file system can be updated. |
PDF Full Text Request