Research On Safety Technology Of Firmware Update Under OS Environment

With the development of information technology, not only the computer network s and software are rapidly evolving, but also the computer hardware and firmware are rapidly developing.Hardware initialization before the traditional computer operating system to start and guide the control of the operating system which is BIOS(Basic Input / output System) to complete. With the development of computer science for BIOS drawbacks, INTEL has developed a next-generation BIOS technology EFI, which is the latest generation of UEFI BIOS technology. But because UEFI boot mode of its components, high-level language and software framework features, most programs are written in C language, which means that many people can easily decipher UEFI, we need to pay more attention to its security. General requirements for security is to prevent acts of malicious code and attacks, internal / external access control and data protection. Because of its unique and special place in the PC UEFI architecture makes unauthorized changes by malicious software UEFI, it may cause a significant threat to the computer. Malicious UEFI change could be part of a sophisticated attacks aimed at causing permanent denial of service or a continuing malware. UEFI is not static content, in order to solve the BUG, patches, support for new hardware and so on, we need to UEFI update. Security issues arises, malicious code may harm UEFI and system security, so we need to develop a BIOS update process and update security research method specifications.In this paper, the traditional first major study of the defective BIOS UEFI BIOS of the basic principles and techniques, as well as the technical principles UEFI BIOS updates, the update process analysis of possible threats, followed by the development of a proposed upgrade according to the industry about the security update BIOS specification documents The general process, the process is roughly divided into three parts, BIOS signature, BIOS validation, upgrade BIOS. Finally OPENSSL library design and implement an enhanced signature algorithm UEFI BIOS updates, BIOS authentication for UEFI BIOS updates to enhance security.