How do you protect your operating system from malware while it is being loaded? How do you ensure that only genuine programs get access to the operating system? For years, attackers have been trying various means to load malware into the BIOS and corrupt primary operating system services. In the previous versions of Windows, if the master boot record was corrupted due to malware, there was no way to fix it other than reinstalling the operating system. To overcome this problem, Microsoft has devised Secure Boot technology in conjunction with UEFI in Windows 8.
Basic Input Output System (BIOS) was the firmware written in assembly language with software-based interrupts that defined the way hardware and operating system interact with each other. Unified Extensible Firmware Interface (UEFI) can be considered as a successor of BIOS. UEFI is managed by the UEFI forum that maintains specifications that are to be used in different computers and its members mostly include hardware, system, firmware, and operating system vendors.
UEFI intends to establish a standard for communication between the operating system and firmware during boot. While BIOS is based on software interrupts, UEFI uses an architecture neutral even based mechanism. What is Secure Boot? Secure Boot is a validation process defined in UEFI to validate firmware. Secure Boot defines the protocol between firmware and operating system and deals with management of platform’s security certificates. Any code that wishes to run itself at boot time has to prove its identity using keys. In recent times, attackers have managed to design malicious code that can run at boot time and disable antimalware programs from detecting them. Using secure boot, only known code can run prior to loading the operating system.
These security options can be configured at startup by enabling or disabling Secure Boot however; there is a concern among users of Windows 8 regarding privacy and effect of changing hardware components.