Windows 8 Secure Boot Technology
How do you protect your operating system from malware while it is being loaded? How do you ensure that only genuine programs get access to the operating system? For years, attackers have been trying various means to load malware into the BIOS and corrupt primary operating system services. In the previous versions of Windows, if the master boot record was corrupted due to malware, there was no way to fix it other than reinstalling the operating system. To overcome this problem, Microsoft has devised Secure Boot technology in conjunction with UEFI in Windows 8.
What is UEFI?
Basic Input Output System (BIOS) was the firmware written in assembly language with software-based interrupts that defined the way hardware and operating system interact with each other. Unified Extensible Firmware Interface (UEFI) can be considered as a successor of BIOS. UEFI is managed by the UEFI forum that maintains specifications that are to be used in different computers and its members mostly include hardware, system, firmware, and operating system vendors.
Figure 1: UEFI protocol stack
UEFI intends to establish a standard for communication between the operating system and firmware during boot. While BIOS is based on software interrupts, UEFI uses an architecture neutral even based mechanism. What is Secure Boot? Secure Boot is a validation process defined in UEFI to validate firmware. Secure Boot defines the protocol between firmware and operating system and deals with management of platform’s security certificates. Any code that wishes to run itself at boot time has to prove its identity using keys. In recent times, attackers have managed to design malicious code that can run at boot time and disable antimalware programs from detecting them. Using secure boot, only known code can run prior to loading the operating system.
The attacker could trick the OS Loader to load malicious code and disrupt operating system services or antimalware services.
UEFI based secure boot process
The applications that wish to run prior to loading the operating system have to present keys and would be allowed to run only if they possess valid keys.
How Windows 8 integrity is ensured using secure boot?
- The computer is started first. It starts execution of code to configure processor, memory and other hardware devices that are attached to the system. This step is common across all architectures of Windows 8 (x86, x64 and ARM).
- Each of the attached hardware peripherals such as network cards, storage devices and video cards are assigned a key known as Option ROM.
- Each module that wishes to execute presents a key during the boot process which is verified against a database of firmware keys. The database is composed of Allowed and Disallowed list to determine what modules have the permission to execute during boot..
- The Allowed list is a set of keys that represent trusted programs. The Disallowed list is a set of malware signatures and hashes. Public Key Infrastructure (PKI) is the underlying model behind Secure Boot.
These security options can be configured at startup by enabling or disabling Secure Boot however; there is a concern among users of Windows 8 regarding privacy and effect of changing hardware components.